You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Duong (Jira)" <ji...@apache.org> on 2023/05/24 01:11:00 UTC
[jira] [Created] (RANGER-4252) Introduce audit handler for Ozone
Duong created RANGER-4252:
-----------------------------
Summary: Introduce audit handler for Ozone
Key: RANGER-4252
URL: https://issues.apache.org/jira/browse/RANGER-4252
Project: Ranger
Issue Type: Sub-task
Components: plugins
Reporter: Duong
RangerOzoneAuthorizer now uses RangerDefaultAuditHandler that audits every check, including trivial accepted reads. This is very expensive considering a busy environment with hundreds of reads per second.
We should introduce a custom audit handler for Ozone to filter out which requests need auditing. This should be similar to other custom audit handlers like RangerHdfsAuditHandler, RangerHiveAuditHandler, or RangerKafkaAuditHandler.
Ref: [RangerOzoneAuthorizer|https://github.com/duongkame/ranger/blob/b6650fc8c81fd339052bb2999f4653460549fdb2/plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java#L66-L66]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)