How to set audit filters in Ranger Admin Web UI

You can set specific audit filter conditions for each service, using Create/Edit Service

Creating audit filters for a service using the Ranger Admin Web UI will prevent audit log records from appearing in the Audit Access tab of the Ranger Admibn Web UI. Audit filters do not prevent audit log collection and storage in Solr.

  1. In the Ranger Admin Web UI > Service Manager, click Add New Service or Edit (existing service).
  2. On Create/Edit Service, scroll down to Audit Filters.
    1. Verify that Audit Filter is checked.
      Optionally, define any of the following to include in the filter definition:
      Is Audited
      Defines whether to audit or not
      Access Results

      Denied, Allowed, or Not Determined

      select to filter access=denied, access=allowed or all by selecting access=Not determined.

      use Resource Details to include or exclude specific resources such as databases, tables, or columns.
      select specific operations to filter
      select specific permissions
      Users, Groups, Roles
      select specific users, groups, and roles
    2. Click Save.
    Figure 1. Adding an audit filter that excludes user systest, access=Allowed logs for Hive service
    Adding an audit filter that excludes user systest access=Allowed logs for Hive service
  3. Test your filters to verify that defined audit filters perform as expected.

Defining specific filtering properties prevents audit logs from service users from appearing on Ranger Admin Web UI > Audit > Access, but does not prevent access logs for service users from being generated in Solr.