You can set specific audit filter conditions for each service, using
Create/Edit Service .
Creating audit filters for a service using the Ranger Admin Web UI can prevent audit
logs from being sent to destinations like SOLR and HDFS.
In the Ranger Admin Web UI > Service Manager, click Add New Service or
Edit (existing service).
On Create/Edit Service, scroll down to Audit
Filters.
Verify that Audit Filter is checked.
Optionally, define any of the following to include in the filter
definition:
Is Audited
Defines whether audit logs are stored or not.
Is Audited=Yes: stores audit records in the defined audit
destination.
Is Audited=No: do not store audit records.
Access Results
Denied, Allowed, or Not Determined
select to filter access=denied, access=allowed or all by
selecting access=Not determined.
Resource
use Resource Details to include or exclude specific
resources such as databases, tables, or columns.
Operations
select specific operations to filter
Permissions
select specific permissions
Users, Groups, Roles
select specific users, groups, and roles
Click Save.
Figure 1. Adding an audit filter that stores user systest, access=Allowed logs
for Hive service
Test your filters to verify that defined audit filters perform as
expected.
Defining specific filtering properties can prevent access logs for service users from
being stored in the configured audit destination, if Is
Audited = No.
