Excluding audits for specific users, groups, and roles

You can exclude audit records for specific users, groups, and roles from each service from appearing in the Ranger UI.

Ranger default log functionality creates audit log records for access and authorization requests, specifically around service accounts such as hbase, atlas and solr. Writing so much data to solr can limit the availability of Solr for further usage. This topic describes how to exclude audit records for specific users, groups, and roles from each service from appearing in the Ranger UI. Excluding specific users, groups or roles is also known as creating a blacklist for Ranger audits.

In the Ranger Admin Web UI > Service Manager, click Add New Service or Edit (existing service).
On Create/Edit Service, scroll down to Config Properties > Add New Configurations.
Remove all audit filters from the existing service.
Click +, then type one of the following property names:
- ranger.plugin.audit.exclude.users
- ranger.plugin.audit.exclude.groups
- ranger.plugin.audit.exclude.roles
  followed by one or more values.
  
  note
  You can include multiple values for each exclude property using a comma-separated list.
Figure 1. Adding an exclude users property to the HadoopSQL service

After adding the above configuration; if testuser2 user performs any actions for HadoopSQL service, Audit > Access logs will not appear in the Ranger UI, but are still sent to Solr.

Similarly, you can exclude (or blacklist) users belonging to a particular group or role by adding a user-specific or role-specific configuration.