You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ranger.apache.org by Sai Sandeep Rangisetti <sa...@flipkart.com> on 2021/06/25 14:28:06 UTC

Disable audit logging for some users

Hi,

We have a requirement where we have to disable audit logging for some of
the users. Currently it is not possible because audit logging is at policy
level instead of user level.

Is there any way we can achieve the same?

Thanks,
Sai Sandeep

-- 


*-----------------------------------------------------------------------------------------*

*This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed. If you have received this email in error, please notify the 
system manager. This message contains confidential information and is 
intended only for the individual named. If you are not the named addressee, 
you should not disseminate, distribute or copy this email. Please notify 
the sender immediately by email if you have received this email by mistake 
and delete this email from your system. If you are not the intended 
recipient, you are notified that disclosing, copying, distributing or 
taking any action in reliance on the contents of this information is 
strictly prohibited.*****

 ****

*Any views or opinions presented in this 
email are solely those of the author and do not necessarily represent those 
of the organization. Any information on shares, debentures or similar 
instruments, recommended product pricing, valuations and the like are for 
information purposes only. It is not meant to be an instruction or 
recommendation, as the case may be, to buy or to sell securities, products, 
services nor an offer to buy or sell securities, products or services 
unless specifically stated to be so on behalf of the Flipkart group. 
Employees of the Flipkart group of companies are expressly required not to 
make defamatory statements and not to infringe or authorise any 
infringement of copyright or any other legal right by email communications. 
Any such communication is contrary to organizational policy and outside the 
scope of the employment of the individual concerned. The organization will 
not accept any liability in respect of such communication, and the employee 
responsible will be personally liable for any damages or other liability 
arising.*****

 ****

*Our organization accepts no liability for the 
content of this email, or for the consequences of any actions taken on the 
basis of the information *provided,* unless that information is 
subsequently confirmed in writing. If you are not the intended recipient, 
you are notified that disclosing, copying, distributing or taking any 
action in reliance on the contents of this information is strictly 
prohibited.*

_-----------------------------------------------------------------------------------------_

Re: Disable audit logging for some users

Posted by Jessie K <ga...@gmail.com>.

Hi Ranger user group admin,

Could you please help exclude me from the mail list?  Thanks you!

Regards,
Jessie

On Fri, Jun 25, 2021, 7:28 AM Sai Sandeep Rangisetti <
sandeep.sai@flipkart.com> wrote:

> Hi,
>
> We have a requirement where we have to disable audit logging for some of
> the users. Currently it is not possible because audit logging is at policy
> level instead of user level.
>
> Is there any way we can achieve the same?
>
> Thanks,
> Sai Sandeep
>
>
> *-----------------------------------------------------------------------------------------*
>
> *This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they are
> addressed. If you have received this email in error, please notify the
> system manager. This message contains confidential information and is
> intended only for the individual named. If you are not the named addressee,
> you should not disseminate, distribute or copy this email. Please notify
> the sender immediately by email if you have received this email by mistake
> and delete this email from your system. If you are not the intended
> recipient, you are notified that disclosing, copying, distributing or
> taking any action in reliance on the contents of this information is
> strictly prohibited.*
>
>
>
> *Any views or opinions presented in this email are solely those of the
> author and do not necessarily represent those of the organization. Any
> information on shares, debentures or similar instruments, recommended
> product pricing, valuations and the like are for information purposes only.
> It is not meant to be an instruction or recommendation, as the case may be,
> to buy or to sell securities, products, services nor an offer to buy or
> sell securities, products or services unless specifically stated to be so
> on behalf of the Flipkart group. Employees of the Flipkart group of
> companies are expressly required not to make defamatory statements and not
> to infringe or authorise any infringement of copyright or any other legal
> right by email communications. Any such communication is contrary to
> organizational policy and outside the scope of the employment of the
> individual concerned. The organization will not accept any liability in
> respect of such communication, and the employee responsible will be
> personally liable for any damages or other liability arising.*
>
>
>
> *Our organization accepts no liability for the content of this email, or
> for the consequences of any actions taken on the basis of the information *
> provided,* unless that information is subsequently confirmed in writing.
> If you are not the intended recipient, you are notified that disclosing,
> copying, distributing or taking any action in reliance on the contents of
> this information is strictly prohibited.*
>
>
> *-----------------------------------------------------------------------------------------*
>
>

Re: Disable audit logging for some users

Posted by Madhan Neethiraj <ma...@apache.org>.

Sai Sandeep,

Audit-filter feature implemented in RANGER-3000/RANGER-3191 allows an administrator to setup more fine grained controls on what accesses get audited/skipped. For example, an administrator can setup following rules:
 1. audit all denied accesses
 2. exclude audit for access to paths under /hbase by user hbase
 3. audit all delete operations
 4. exclude audit for metadata-read operations

This feature will be part of upcoming Apache Ranger 2.2 release.

Hope this helps.

Madhan

On 2021/07/21 15:04:06, Sai Sandeep Rangisetti <sa...@flipkart.com> wrote: 
> I found
> https://cwiki.apache.org/confluence/display/RANGER/Blacklist+for+Ranger+Audits
> which is exactly what we wanted. I think this feature is available since
> ranger 2.1.0.
> 
> On Fri, 25 Jun 2021 at 19:58, Sai Sandeep Rangisetti <
> sandeep.sai@flipkart.com> wrote:
> 
> > Hi,
> >
> > We have a requirement where we have to disable audit logging for some of
> > the users. Currently it is not possible because audit logging is at policy
> > level instead of user level.
> >
> > Is there any way we can achieve the same?
> >
> > Thanks,
> > Sai Sandeep
> >
> 
> -- 
> 
> 
> *-----------------------------------------------------------------------------------------*
> 
> *This email and any files transmitted with it are confidential and 
> intended solely for the use of the individual or entity to whom they are 
> addressed. If you have received this email in error, please notify the 
> system manager. This message contains confidential information and is 
> intended only for the individual named. If you are not the named addressee, 
> you should not disseminate, distribute or copy this email. Please notify 
> the sender immediately by email if you have received this email by mistake 
> and delete this email from your system. If you are not the intended 
> recipient, you are notified that disclosing, copying, distributing or 
> taking any action in reliance on the contents of this information is 
> strictly prohibited.*****
> 
>  ****
> 
> *Any views or opinions presented in this 
> email are solely those of the author and do not necessarily represent those 
> of the organization. Any information on shares, debentures or similar 
> instruments, recommended product pricing, valuations and the like are for 
> information purposes only. It is not meant to be an instruction or 
> recommendation, as the case may be, to buy or to sell securities, products, 
> services nor an offer to buy or sell securities, products or services 
> unless specifically stated to be so on behalf of the Flipkart group. 
> Employees of the Flipkart group of companies are expressly required not to 
> make defamatory statements and not to infringe or authorise any 
> infringement of copyright or any other legal right by email communications. 
> Any such communication is contrary to organizational policy and outside the 
> scope of the employment of the individual concerned. The organization will 
> not accept any liability in respect of such communication, and the employee 
> responsible will be personally liable for any damages or other liability 
> arising.*****
> 
>  ****
> 
> *Our organization accepts no liability for the 
> content of this email, or for the consequences of any actions taken on the 
> basis of the information *provided,* unless that information is 
> subsequently confirmed in writing. If you are not the intended recipient, 
> you are notified that disclosing, copying, distributing or taking any 
> action in reliance on the contents of this information is strictly 
> prohibited.*
> 
> _-----------------------------------------------------------------------------------------_
>

Re: Disable audit logging for some users

Posted by Sai Sandeep Rangisetti <sa...@flipkart.com>.

I found
https://cwiki.apache.org/confluence/display/RANGER/Blacklist+for+Ranger+Audits
which is exactly what we wanted. I think this feature is available since
ranger 2.1.0.

On Fri, 25 Jun 2021 at 19:58, Sai Sandeep Rangisetti <
sandeep.sai@flipkart.com> wrote:

> Hi,
>
> We have a requirement where we have to disable audit logging for some of
> the users. Currently it is not possible because audit logging is at policy
> level instead of user level.
>
> Is there any way we can achieve the same?
>
> Thanks,
> Sai Sandeep
>

-- 

*-----------------------------------------------------------------------------------------*

*This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed. If you have received this email in error, please notify the 
system manager. This message contains confidential information and is 
intended only for the individual named. If you are not the named addressee, 
you should not disseminate, distribute or copy this email. Please notify 
the sender immediately by email if you have received this email by mistake 
and delete this email from your system. If you are not the intended 
recipient, you are notified that disclosing, copying, distributing or 
taking any action in reliance on the contents of this information is 
strictly prohibited.*****

 ****

*Any views or opinions presented in this 
email are solely those of the author and do not necessarily represent those 
of the organization. Any information on shares, debentures or similar 
instruments, recommended product pricing, valuations and the like are for 
information purposes only. It is not meant to be an instruction or 
recommendation, as the case may be, to buy or to sell securities, products, 
services nor an offer to buy or sell securities, products or services 
unless specifically stated to be so on behalf of the Flipkart group. 
Employees of the Flipkart group of companies are expressly required not to 
make defamatory statements and not to infringe or authorise any 
infringement of copyright or any other legal right by email communications. 
Any such communication is contrary to organizational policy and outside the 
scope of the employment of the individual concerned. The organization will 
not accept any liability in respect of such communication, and the employee 
responsible will be personally liable for any damages or other liability 
arising.*****

 ****

*Our organization accepts no liability for the 
content of this email, or for the consequences of any actions taken on the 
basis of the information *provided,* unless that information is 
subsequently confirmed in writing. If you are not the intended recipient, 
you are notified that disclosing, copying, distributing or taking any 
action in reliance on the contents of this information is strictly 
prohibited.*

_-----------------------------------------------------------------------------------------_