Hello all, We are using HDP 2.2 and setup Apache Ranger along with it in Ubuntu 12.04. We are not able to fulfill our audit related requirement through Ranger. At present we have the following items which we were not able to get through Ranger. Please let us know whether we are missing something or ways to improve.
1. As part of our audit requirements we are required to capture PermissionDenied type of exceptions (or any exceptions for that matter) in HDFS and GRANT related issues in Hive. At present we are not able to capture these in Ranger. But HDFS audit logs and hiverserver logs have some relevant information on this. As a single point of information on audit related stuff we would like to have these in Ranger than looking around in those logs. How Can we do this with Ranger? 2. Both HDFS and Hive plugins for Ranger actually captures multiple audit entries for the same event and this is bit an overhead from auditing perspective. Is it possible to have a single and clear audit entry in Ranger for a particular auditable event? Is there some configuration available for this to work? 3. If we have an HDFS read, write or delete operation we get multiple entries in Ranger audit. But we are not able to figure about the exact nature of change happened in HDFS by looking through the Ranger Audit trail records. Similar is the case for Hive related operations. The resource name that Ranger captures is sometimes vague and point to /tmp folder and all 4. If there is a change in HDFS or Hive (grants, data delete/update), as a requirement we need to store the old value and new value along with who made the change, when the change was made and whether it was successful or not. But this is not happening now. How can we achieve this with Ranger? Thanks & Regards, Sethukumar Ramachandran
