-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69917/
-----------------------------------------------------------
Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni,
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja
Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-2334
https://issues.apache.org/jira/browse/RANGER-2334
Repository: ranger
Description
-------
This feature of excluding service users from ranger access audits is provided
because there are too many system audits generated by service users.
additional filter is added in ranger UI - access audits page i.e. Exclude
service user : true/false
setting above filter as true & after setting below properties, ranger admin
will filter out service users from access audit logs.
additionally,In order to remove additional user logs from access audits, one
can set another property for exclusion of audit logs for those users.
1)In order to use this feature, user should set component service users in
ranger-admin-site.xml whose logs are needed to be filtered out.
eg. say ranger user wants to filter out atlas and hbase service user.
<property>
<name>ranger.plugins.atlas.serviceuser</name>
<value>atlas</value>
</property>
<property>
<name>ranger.plugins.hbase.serviceuser</name>
<value>hbase</value>
</property>
2)In addition to service users new property
"ranger.accesslogs.exclude.users.list" is introduced, in which user can specify
list of additional users(other than service users)whose logs needs be excluded
from ranger access audits.
<property>
<name>ranger.accesslogs.exclude.users.list</name>
<value>yarn-ats,testUser</value>
</property>
after setting above properties, logs from above users will not show up in
ranger access audits.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
110f763
security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 8a0ca95
security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
f64c0db
security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 4894480
security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
40e680a
Diff: https://reviews.apache.org/r/69917/diff/1/
Testing
-------
1.Tested that after setting properties & sending UI flag(Exclude service user)
as true ,ranger access audit logs is not showing audits for
serviceusers(serviceusers are set in property
ranger.plugins.<component-name>.serviceuser).
2.checked if additional user logs are also getting filtered out after setting
those users list in property(ranger.accesslogs.exclude.users.list) and sending
UI flag(Exclude service user) as true on access audits page.
Thanks,
Nikhil P
