How to set audit filters in Ranger Admin Web UI
You can set specific audit filter conditions for each service, using Create/Edit Service
Creating audit filters for a service using the Ranger Admin Web UI will prevent audit log records from appearing in the Audit Access tab of the Ranger Admibn Web UI. Audit filters do not prevent audit log collection and storage in Solr.
- In the Add New Service or Edit (existing service). , click
On Create/Edit Service, scroll down to Audit
Verify that Audit Filter is checked.
Optionally, define any of the following to include in the filter definition:
- Is Audited
- Defines whether to audit or not
- Access Results
Denied, Allowed, or Not Determined
select to filter access=denied, access=allowed or all by selecting access=Not determined.
- use Resource Details to include or exclude specific resources such as databases, tables, or columns.
- select specific operations to filter
- select specific permissions
- Users, Groups, Roles
- select specific users, groups, and roles
- Click Save.
- Verify that Audit Filter is checked.
- Test your filters to verify that defined audit filters perform as expected.
Defining specific filtering properties prevents audit logs from service users from appearing on, but does not prevent access logs for service users from being generated in Solr.