question Re: Ranger doesn't stop logging audit events when I disable Audit Logging in the policy in Support Questions https://community.cloudera.com/t5/Support-Questions/Ranger-doesn-t-stop-logging-audit-events-when-I-disable/m-p/332935#M231303 <P>Hi&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/89946">@arturbrandys1</a>,</P><P>&nbsp;</P><P>The Audit decision taken by Ranger (whether to audit or not) are based on matching resource. That is, if there is a policy which allows audit for a certain resource, then audit will be performed irrespective of whether that policy is governing access policy or not.</P><P><BR />And in your case, suppose if there is another policy with audit enabled on a higher level - like the root directory "/" for hdfs - then lower level policy can override the access rights but can’t limit the audit logging.</P><P>&nbsp;</P><P>Thanks,<BR />Prashanth Vishnu</P> Tue, 28 Dec 2021 10:31:37 GMT pvishnu 2021-12-28T10:31:37Z Ranger doesn't stop logging audit events when I disable Audit Logging in the policy https://community.cloudera.com/t5/Support-Questions/Ranger-doesn-t-stop-logging-audit-events-when-I-disable/m-p/332873#M231288 <P>Hello.</P><P>I want to disable logging for some of the policies in Ranger (Ranger 1.2.0, HDP-3.1.4.0-315) I edit the policies to switch off the Audit Logging button and when I save this configuration in Ranger Audit I see that nothing changes (all the logs from the policies that I disabled logging are visible).</P><P>Why can this be so?</P> Mon, 27 Dec 2021 09:41:03 GMT https://community.cloudera.com/t5/Support-Questions/Ranger-doesn-t-stop-logging-audit-events-when-I-disable/m-p/332873#M231288 arturbrandys1 2021-12-27T09:41:03Z Re: Ranger doesn't stop logging audit events when I disable Audit Logging in the policy https://community.cloudera.com/t5/Support-Questions/Ranger-doesn-t-stop-logging-audit-events-when-I-disable/m-p/332935#M231303 <P>Hi&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/89946">@arturbrandys1</a>,</P><P>&nbsp;</P><P>The Audit decision taken by Ranger (whether to audit or not) are based on matching resource. That is, if there is a policy which allows audit for a certain resource, then audit will be performed irrespective of whether that policy is governing access policy or not.</P><P><BR />And in your case, suppose if there is another policy with audit enabled on a higher level - like the root directory "/" for hdfs - then lower level policy can override the access rights but can’t limit the audit logging.</P><P>&nbsp;</P><P>Thanks,<BR />Prashanth Vishnu</P> Tue, 28 Dec 2021 10:31:37 GMT https://community.cloudera.com/t5/Support-Questions/Ranger-doesn-t-stop-logging-audit-events-when-I-disable/m-p/332935#M231303 pvishnu 2021-12-28T10:31:37Z