----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69917/#review212799 -----------------------------------------------------------
Ship it! Ship It! - Velmurugan Periasamy On Feb. 11, 2019, 11:30 a.m., Nikhil P wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69917/ > ----------------------------------------------------------- > > (Updated Feb. 11, 2019, 11:30 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2334 > https://issues.apache.org/jira/browse/RANGER-2334 > > > Repository: ranger > > > Description > ------- > > This feature of excluding service users from ranger access audits is provided > because there are too many system audits generated by service users. > > additional filter is added in ranger UI - access audits page i.e. Exclude > service user : true/false > > setting above filter as true & after setting below properties, ranger admin > will filter out service users from access audit logs. > > additionally,In order to remove additional user logs from access audits, one > can set another property for exclusion of audit logs for those users. > > 1)In order to use this feature, user should set component service users in > ranger-admin-site.xml whose logs are needed to be filtered out. > eg. say ranger user wants to filter out atlas and hbase service user. > <property> > <name>ranger.plugins.atlas.serviceuser</name> > <value>atlas</value> > </property> > > <property> > <name>ranger.plugins.hbase.serviceuser</name> > <value>hbase</value> > </property> > > 2)In addition to service users new property > "ranger.accesslogs.exclude.users.list" is introduced, in which user can > specify list of additional users(other than service users)whose logs needs be > excluded from ranger access audits. > <property> > <name>ranger.accesslogs.exclude.users.list</name> > <value>yarn-ats,testUser</value> > </property> > > after setting above properties, logs from above users will not show up in > ranger access audits. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java > 110f763 > security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 8a0ca95 > > security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java > f64c0db > security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 4894480 > security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java > 40e680a > > > Diff: https://reviews.apache.org/r/69917/diff/1/ > > > Testing > ------- > > 1.Tested that after setting properties & sending UI flag(Exclude service > user) as true ,ranger access audit logs is not showing audits for > serviceusers(serviceusers are set in property > ranger.plugins.<component-name>.serviceuser). > 2.checked if additional user logs are also getting filtered out after setting > those users list in property(ranger.accesslogs.exclude.users.list) and > sending UI flag(Exclude service user) as true on access audits page. > > > Thanks, > > Nikhil P > >
