Cloudera Docs

Filter service access logs from Ranger UI

You can limit display of system access/audit log records generated by service users in each service.

This topic describes how to limit the display of access log records on the Access tab in the Ranger Admin Web UI.

  1. Go to Ranger Admin Web UI > Audit > Access.
  2. Check the Exclude Service Users box, as shown in:
    Figure 1. Setting the Exclude Service Users flag to true
    Setting the Exclude Service Users flag to true
  3. Define specific component services and users for access logs to filter out, in ranger-admin-site.xml.
    1. Go to Cloudera Manager > Ranger > Configuration
    2. In Search, type ranger-admin-site.
    3. Define the following properties:
      Name
      ranger.plugins.<service_name>.serviceuser
      Value
      <service_name>
      Name
      ranger.accesslogs.exclude.users.list
      Value
      user1, user2
    Figure 2. Filtering out service and user logs for Hive service
    Filtering out service and user logs for Hive service
  4. Click Save Changes (CTRL+S).
  5. Restart the Ranger service.

Setting Exclude Service Users to true and defining specific filtering properties prevents audit logs from service users from appearing on Ranger Admin Web UI > Audit > Access, but does NOT prevent access logs for service users from being generated in Solr.