How to set audit filters in Ranger Admin Web UI

You can set specific audit filter conditions for each service, using Create/Edit Service .

Creating audit filters for a service using the Ranger Admin Web UI can prevent audit logs from being sent to destinations like SOLR and HDFS.

  1. In the Ranger Admin Web UI > Service Manager, click Add New Service or Edit (existing service).
  2. On Create/Edit Service, scroll down to Audit Filters.
    1. Verify that Audit Filter is checked.
      Optionally, define any of the following to include in the filter definition:
      Is Audited
      Defines whether audit logs are stored or not.
      Is Audited=Yes: stores audit records in the defined audit destination.
      Is Audited=No: do not store audit records.
      Access Results

      Denied, Allowed, or Not Determined

      select to filter access=denied, access=allowed or access=Not determined

      Resource
      use Resource Details to include or exclude specific resources such as databases, tables, or columns.
      Operations
      select specific operations to filter
      Permissions
      select specific permissions
      Users, Groups, Roles
      select specific users, groups, and roles
    2. Click Save.
    Figure 1. Adding an audit filter that stores user systest, access=Allowed logs for Hive service
    Adding an audit filter that stores user systest access=Allowed logs for Hive service
  3. Test your filters to verify that defined audit filters perform as expected.

Defining specific filtering properties can prevent access logs for service users from being stored in the configured audit destination, if Is Audited = No.