Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Welcome to the upgraded Community! Read this blog to see What’s New!
Solved Go to solution

Ranger doesn't stop logging audit events when I disable Audit Logging in the policy

Labels:
avatar
author-rank arturbrandys1
Explorer

Created ‎12-27-2021 01:41 AM

Hello.

I want to disable logging for some of the policies in Ranger (Ranger 1.2.0, HDP-3.1.4.0-315) I edit the policies to switch off the Audit Logging button and when I save this configuration in Ranger Audit I see that nothing changes (all the logs from the policies that I disabled logging are visible).

Why can this be so?

366 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
pvishnu author-rank
Cloudera Employee

Created ‎12-28-2021 02:31 AM

Hi @arturbrandys1,

 

The Audit decision taken by Ranger (whether to audit or not) are based on matching resource. That is, if there is a policy which allows audit for a certain resource, then audit will be performed irrespective of whether that policy is governing access policy or not.


And in your case, suppose if there is another policy with audit enabled on a higher level - like the root directory "/" for hdfs - then lower level policy can override the access rights but can’t limit the audit logging.

 

Thanks,
Prashanth Vishnu

View solution in original post

365 Views
1
1 REPLY 1

avatar
pvishnu author-rank
Cloudera Employee

Created ‎12-28-2021 02:31 AM

Hi @arturbrandys1,

 

The Audit decision taken by Ranger (whether to audit or not) are based on matching resource. That is, if there is a policy which allows audit for a certain resource, then audit will be performed irrespective of whether that policy is governing access policy or not.


And in your case, suppose if there is another policy with audit enabled on a higher level - like the root directory "/" for hdfs - then lower level policy can override the access rights but can’t limit the audit logging.

 

Thanks,
Prashanth Vishnu

366 Views
1
Announcements
What's New @ Cloudera
Cloudera Streaming Analytics (CSA) 1.11 with support for Ice...
What's New @ Cloudera
Cloudera Operational Database (COD) supports creating an ope...
What's New @ Cloudera
Cloudera Operational Database (COD) is available as a Techni...
What's New @ Cloudera
Cloudera Operational Database (COD) has removed the COD_ON_G...
Community Announcements
Introducing the new and improved Community!
View More Announcements
Labels