Hi @sbx hadoop, Ranger provides an excellent auditing functionality that can be accessed easily through Ranger UI.
After logging into ranger UI, click on Audit link from top global menu and then click on access tab.
The resource access related logs are found here. Pls note the access logs will be generated only if the Ranger plugin for that component is enabled and working fine.
This page shows you the following:
Date and time at which the resource access was attempted, user which tried to access the resource, service to which the resource belongs and whose policies come into play, Resource name and type (Ex: type = column-family if the operation was related to hbase col family ), Access Type [Eg: get for hbase], Result - Allowed/ Denied, Access Enforcer=ranger-acl/ hadoop-acl, and the policy which granted access.
In case of Access Enforcer=ranger-acl and result=denied, the policy-id field will show a '--' which means that the user didn't have any Ranger policy for that resource and so the access was denied.
In case of Access Enforcer=ranger-acl and result=allowed, the policy-id field will show the policy-id link, which means that the user had access to the resource through that particular policy. Clicking on the link will show you the policy details.
Also the search feature helps you in streamlining your search by entering various search inputs.
Hope this helps.
