[RANGER-3258] Update default hbase audit filters to filter out unwanted audits - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.2.0
Fix Version/s: 3.0.0, 2.2.0
Component/s: audit
Labels:
None

Description

Can we update the default HBase audit filters as follows:

This will filter out HBase audits related to default, hbase, atlas_janus, ATLAS_ENTITY_AUDIT_EVENTS table access by hbase service user.

[
  {
    "accessResult":"DENIED",
    "isAudited":true
  },
  {
    "resources":{
      "table":{
        "values":[
          "*-ROOT-*",
          "*.META.*",
          "*_acl_*",
          "hbase:meta",
          "hbase:acl",
          "default",
          "hbase"
        ]
      }
    },
    "users":[
      "hbase"
    ],
    "isAudited":false
  },
  {
    "resources":{
      "table":{
        "values":[
          "atlas_janus",
          "ATLAS_ENTITY_AUDIT_EVENTS"
        ]
      },
      "column-family":{
        "values":[
          "*"
        ]
      },
      "column":{
        "values":[
          "*"
        ]
      }
    },
    "users":[
      "atlas",
      "hbase"
    ],
    "isAudited":false
  },
  {
    "users":[
      "hbase"
    ],
    "actions":[
      "balance"
    ],
    "isAudited":false
  }
]