In my work place, HDFS plugin for Ranger has been enabled. I created a policy for the source in hdfs /tmp/ranger_test(which has access permission 400 in HDFS). I can see that the policy has been synced in ranger Plugins tab. But, It is not showing up any audit logs and it does not enforce the ranger policy while accessing the directory in hdfs.
For your information, the audit log is enabled.
Don't know the reason why it does not work in the way i expected.
No audit logs are displayed in ranger Audit tab. But audit are enable for hdfs to solr.
Please let me know what would be the reason and how to troubleshoot it.
Thank you very much for your reply. We are using HDP 2.5.3.
I am not seeing any error. The interesting thing is,
jkris03 is the owner of the directory with permission 400 in HDFS. But, when i tried to copy a file to the directory, it gave error like permission denied. But, the user rkurumb(my colleague) could able to copy file to the directory and i checked with other user(ftam) and he also got permission denied error. Since, there is no audit log, i could not see whether the ranger acl or hadoop acl is being enforced. We use Active Directory and it is synced with Apache Ranger. The group name i have used here is of Active Directory.
Now, it behaves differently. I updated the same policy. But still getting error while accessing the directory in hdfs. I think, the policy is not enforced. In the updated policy, there is no exclude condition, only the user jkris03 is allowed for the permission. Also, please look at the audits for the same service but the source is different. However, for the source datameer also, the ranger policy is not working, but we can see the audits. But, for my source, It is not displaying the audits too.
The logs are already displayed in the audits tab. The reason why i could not see is because of the"EventTime". The EventTime and Updated Time are not synced. That's why it is not showing the correct screen(i.e., latest logs). Then,i filtered logs based on source type and i could see my logs. However, I am getting different issue.