You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Duong (Jira)" <ji...@apache.org> on 2023/05/24 01:11:00 UTC

[jira] [Created] (RANGER-4252) Introduce audit handler for Ozone

Duong created RANGER-4252:
-----------------------------

             Summary: Introduce audit handler for Ozone
                 Key: RANGER-4252
                 URL: https://issues.apache.org/jira/browse/RANGER-4252
             Project: Ranger
          Issue Type: Sub-task
          Components: plugins
            Reporter: Duong


RangerOzoneAuthorizer now uses RangerDefaultAuditHandler that audits every check, including trivial accepted reads. This is very expensive considering a busy environment with hundreds of reads per second. 

We should introduce a custom audit handler for Ozone to filter out which requests need auditing. This should be similar to other custom audit handlers like RangerHdfsAuditHandler, RangerHiveAuditHandler, or RangerKafkaAuditHandler.

 

Ref: [RangerOzoneAuthorizer|https://github.com/duongkame/ranger/blob/b6650fc8c81fd339052bb2999f4653460549fdb2/plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java#L66-L66]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)