Support Questions

Find answers, ask questions, and share your expertise

Who agreed with this solution

avatar
Expert Contributor

Hi @arturbrandys1,

 

The Audit decision taken by Ranger (whether to audit or not) are based on matching resource. That is, if there is a policy which allows audit for a certain resource, then audit will be performed irrespective of whether that policy is governing access policy or not.


And in your case, suppose if there is another policy with audit enabled on a higher level - like the root directory "/" for hdfs - then lower level policy can override the access rights but can’t limit the audit logging.

 

Thanks,
Prashanth Vishnu

View solution in original post

Who agreed with this solution