Excluding audits for specific users, groups, and roles
You can exclude specific users, groups, and roles from auditing in each service.
Ranger default log functionality creates audit log records for access and authorization requests, specifically around service accounts such as hbase, atlas and solr. Writing so much data to solr can limit the availability of Solr for further usage. This topic describes how to exclude specific users, groups, and roles from Ranger audits in a service. Excluding specific users, groups or roles is also known as creating a blacklist for Ranger audits.
- In the Add New Service or Edit (existing service). , click
- On Create/Edit Service, scroll down to .
- Remove all audit filters from the existing service.
Click +, then type one of the following property
followed by one or more values.
After adding the above configuration; if testuser2 user performs any actions for HadoopSQL service,logs will not be created.
Similarly, you can exclude (or blacklist) users belonging to a particular group or role by adding a user-specific or role-specific configuration.