How to set audit filters in Ranger Admin Web UI

You can set specific audit filter conditions for each service, using Create/Edit Service

Creating audit filters for a service using the Ranger Admin Web UI will prevent audit log records from appearing in the Audit Access tab of the Ranger Admibn Web UI. Audit filters do not prevent audit log collection and storage in Solr.

In the Ranger Admin Web UI > Service Manager, click Add New Service or Edit (existing service).
On Create/Edit Service, scroll down to Audit Filters.
1. Verify that Audit Filter is checked.
  Optionally, define any of the following to include in the filter definition:
  
  Is Audited
  
  Defines whether to audit or not
  
  Access Results
  
  Denied, Allowed, or Not Determined
  
  select to filter access=denied, access=allowed or all by selecting access=Not determined.
  
  Resource
  
  use Resource Details to include or exclude specific resources such as databases, tables, or columns.
  
  Operations
  
  select specific operations to filter
  
  Permissions
  
  select specific permissions
  
  Users, Groups, Roles
  
  select specific users, groups, and roles
2. Click Save.
Figure 1. Adding an audit filter that excludes user systest, access=Allowed logs for Hive service
Test your filters to verify that defined audit filters perform as expected.

Defining specific filtering properties prevents audit logs from service users from appearing on Ranger Admin Web UI > Audit > Access, but does not prevent access logs for service users from being generated in Solr.