Skip to main content
Print
PrivaceraCloud Documentation
Table of Contents
Table of Contents
PrivaceraCloud Documentation
PrivaceraCloud Release 7.4
Enhancements and updates in PrivaceraCloud release 7.4
Enhancements and updates in Privacera Access Management 7.4 release
What’s new
Enhancements
Enhancements and updates in Privacera Discovery 7.4 release
Enhancements
Enhancements and updates in PrivaceraCloud UI 7.4 release
What's new
Supported versions of third-party systems
Browser compatibility matrix
Documentation changelog
Known Issues in PrivaceraCloud 7.4
PrivaceraCloud User Guide
Overview of PrivaceraCloud
Core concepts
PrivaceraCloud SLA
Create PrivaceraCloud account
First steps in a new account
Data access methods
Data access server
PolicySync
Plug-in connections
Connect applications with the setup wizard
Prerequisites
Connect application
Connect applications
About applications
Terminology
Connect an application
View connection status
Edit application name and description
Delete application
Connect Azure Data Lake Storage Gen 2 (ADLS) to PrivaceraCloud
Prerequisites
Connect Azure Data Lake Storage Gen 2 (ADLS)
Connect Amazon Textract to PrivaceraCloud
Prerequisites in AWS console
Connect Textract application
Enable Privacera Access Management for Textract
Athena
Prerequisites in AWS console
Connect Athena with IAM role and trust relationship
Privacera Discovery with Cassandra
Prerequisites
Connect Cassandra application
Define scan targets
Connect Databricks to PrivaceraCloud
Databricks Spark Fine-Grained Access Control plug-in [FGAC]
Prerequisites
Obtain Init Script for Databricks FGAC
Validate installation
Databricks Spark Object-Level Access Control plug-in [OLAC]
Prerequisites
Steps
Databricks cluster deployment matrix with Privacera plugin
Access AWS S3 using Boto3 from Databricks
Access Azure file using Azure SDK from Databricks
Databricks SQL
Databricks SQL Overview and Configuration
Planning and general process
Prerequisites
Enable PrivaceraCloud tag service
Create endpoint in Databricks SQL
Databricks SQL with Privacera Hive
Connect Databricks SQL application
Grant Databricks SQL permissions to PrivaceraCloud users
Ensure all PrivaceraCloud users have an email address
Grant Databricks SQL access
Grant Databricks SQL endpoint access
Define a resource policy
Test the policy
Databricks SQL PolicySync fields
Configuring column-level access control
View-based masking functions and row-level filtering
Create an endpoint in Databricks SQL
Databricks SQL Fields
Databricks SQL Hive Service Definition
Hive-to-Databricks SQL Permission Mapping
Databricks SQL Masking Functions
Databricks SQL Encryption
Prerequisites
Grant permission in encryption scheme policy
Configure Databricks
Configure Privacera resource policies
How to use UDFs in SQL to encrypt and decrypt
Use a custom policy repository with Databricks
Connect Databricks SQL to Hive policy repository on PrivaceraCloud
Hive-to-Databricks SQL Permission Mapping
Connect Databricks Unity Catalog to PrivaceraCloud
Field descriptions for Databricks Unity Catalog
Connect S3 to PrivaceraCloud
Prerequisites in AWS console
Connect S3 application to PrivaceraCloud
Enable Privacera Access Management for S3
Enable Data Discovery for S3
S3 AWS Commands - Ranger Permission Mapping
S3
Prerequisites in AWS console
Connect S3 application
Enable Privacera Access Management for S3
Enable Data Discovery for S3
S3 AWS Commands - Ranger Permission Mapping
AWS Access with IAM
Access AWS S3 buckets from multiple AWS accounts
Add UserInfo in S3 Requests sent via Dataserver
Steps
Control access to S3 buckets with AWS Lambda function on PrivaceraCloud
Prerequisites
Get your access key, secret key, and value of PRIVACERA_DS_ENDPOINT_URL
Create Python Lambda function in AWS
Example Python Lambda for PrivaceraCloud
Dremio Plugin
Connect Dremio application
Configure Privacera plugin
RPM
Kubernetes
DynamoDB
Prerequisites in AWS console
Connect DynamoDB application
Enable Privacera Access Management for DynamoDB
Enable Data Discovery for DynamoBD
Connect Elastic MapReduce from Amazon application to PrivaceraCloud
Connect EMR application
EMR Spark access control types
EMR Spark OLAC
EMR Spark FGAC
PrivaceraCloud configuration
Obtain shared key
Obtain EMR script download URL
AWS IAM roles using CloudFormation setup
Sample CloudFormation Template Roles:
Create a security configuration
Create a security configuration using CloudFormation setup (Recommended)
Sample EMR security configuration template:
Manually create a security configuration using AWS EMR console
Create EMR cluster
Create EMR cluster using CloudFormation setup (Recommended)
Create EMR cluster using CloudFormation EMR templates
Spark OLAC, Hive, Trino EMR Template
Spark OLAC, Hive, PrestoSQL EMR Template
Spark OLAC, Hive, PrestoDB Template
Spark FGAC, Hive, Trino EMR Template
Spark FGAC, Hive, PrestoSQL EMR Template
Spark FGAC, Hive, PrestoDB EMR Template
Hive, Trino EMR Template
Create EMR cluster using CloudFormation AWS CLI
Create EMR cluster using CloudFormation AWS console
Manually create EMR cluster using AWS EMR console
Configure applications for AWS EMR cluster
Spark configuration array
Hive configuration array
Trino/Presto SQL configuration array
Presto configuration array
Bootstrap actions
EMR OLAC (Object Level Access Control)
EMR FGAC (Fine Grained Access Control)
Configure security options in EMR cluster
How to configure multiple JSON Web Tokens (JWTs) for EMR
Validations with JSON Web Tokens (JWTs)
EMR Native Ranger Integration with PrivaceraCloud
Objectives of EMR Native Ranger Integration with PrivaceraCloud
Prerequisite
Configure EMR Native Ranger Integration
Certificate setup in Secrets Manager
IAM roles setup
Recommended CloudFormation setup: IAM roles
Manually setup IAM roles
Create security configurations
Manually Setup Security Configurations
Create EMR cluster
Sample CloudFormation template
Manually setup EMR cluster
Application usage
Spark
Hive
AWS documentation references
Connect EMRFS S3 to PrivaceraCloud
Connect EMRFS S3 application
Files
Connect Files application
GBQ
Connect GBQ application
Enable Privacera Access Management for GBQ
Enable Data Discovery for GBQ
Add and scan resources
Google Cloud Storage
Connect GCS application
Enable Privacera Access Management for GCS
Using File Explorer with GCS
Enable Data Discovery for GCS
Add and scan resources
Connect Glue to PrivaceraCloud
Prerequisites
Connect Glue application to PrivaceraCloud
Enable Privacera Access Management for Glue
Google BigQuery for PolicySync
Connect BigQuery Application
Connector Properties
Connect Kinesis to PrivaceraCloud
Prerequisites
Connect application Kinesis to PrivaceraCloud
Enable Privacera Access Management for Kinesis
Connect Lambda to PrivaceraCloud
Prerequisites in AWS console
Connect Lambda application to PrivaceraCloud
Enable Privacera Access Management for Lambda
Microsoft SQL Server
Connect MS SQL application
Enable Access Management for MS SQL
Enable Data Discovery for MS SQL
Add data source
MySQL for Discovery
Prerequisites
Connect MySQL application
Add data source
Open Source Apache Spark
Obtain installation script
Configure Privacera Plugin on local/virtual machine
FGAC with multiple JWT configurations
Configure Privacera Plugin in an Existing Docker File
FGAC with Multiple JWT Configuration in an Existing Docker File
Configure Privacera Plugin using Privacera Scripts
Deploy Spark on EKS Cluster
Oracle for Discovery
Prerequisites
Connect Oracle application
Add data source
PostgreSQL
Prerequisites
Connect application
Accessing PostgreSQL Audits in GCP
Configure AWS RDS PostgreSQL instance for access audits
Update the AWS RDS parameter group for the database
Create an AWS SQS queue
Specify an AWS Lambda function
Create an IAM role for an EC2 instance
Access cross-account SQS queue for PostgreSQL audits
PostgreSQL
Prerequisites
Connect PostgreSQL application
Enable Access Management for PostgreSQL
Enable Data Discovery for PostgreSQL
Add data source
Connect Power BI to PrivaceraCloud
Connect Power BI application to PrivaceraCloud
Power BI connector properties
Presto
Connect Presto application
Enable Access Management for Presto
Enable Data Discovery for Presto
Connect Presto on Qubole cluster PrivaceraCloud
PrivaceraCloud Steps
Presto Qubole console steps
Redshift
Connect Redshift application
Enable Privacera Access Management for Redshift
Enable Data Discovery for Redshift
Add Data Source
Snowflake
Prerequisites
Connect Snowflake application
Enable Privacera Access Management for Snowflake
Object permission mapping
Enable Data Discovery for Snowflake
Add Data Source
Starburst Enterprise with PrivaceraCloud
Prerequisites
Configure Privacera plug-in with Starburst Enterprise
Connect Starburst Enterprise application
Starburst Enterprise Presto
Create a SEP service user
Get the account specific API URL
Connect Starburst Enterprise Presto application
Configure Starburst Enterprise (SEP) to use your Account PrivaceraCloud Ranger
Trino
Connect Trino application
Enable Access Management for Trino
Enable Data Discovery for Trino
Deploy Privacera plug-In in Trino
Obtain installation script
Configure plug-In
Validate Installation
Trino supported SQL operations
Connect users
Data access Users, Groups, and Roles
UserSync
Portal user LDAP/AD
Datasource
UserSync in PrivaceraCloud
UserSync: Data Access Users
Connect application
Azure Active Directory fields for UserSync
LDAP/AD fields for UserSync
Okta fields for UserSync
SCIM fields for UserSync
SCIM Server fields for UserSync on PrivaceraCloud
Okta Setup for SAML-SSO
Generate an Okta Identity Provider Metadata File and URL
IdP provider metadata
Idp initiated SSO
Azure AD setup
Create Azure AD application
Configuring SAML in Azure AD
SCIM Server User-Provisioning
Enable SCIM Server in PrivaceraCloud
Okta Identity Provider Integration
Prerequisites
Integration Steps
Step 1. Enable SCIM API Integration in Okta
Step 2: Activate application features
Step 3. Verify Email Addresses
Step 4. Push Groups
Step 5. Assign Users to the PrivaceraCloud Application in Okta
Step 6. Write a Policy for Provisioned Users or Groups
Supported Okta SCIM Client Operations
User Operations
Group Operations
Okta SCIM Server - Configure custom user attributes
SCIM Server API
Supported SCIM REST API Requests
User Management
Add users
Edit or delete user
Edit user profiles
Identity
LDAP/AD
Configuration
Enable Single Sign On on PrivaceraCloud
Effects of enabling SSO
Connect IdP (Okta and Azure AD)
Prerequisites
Steps to connect IdPs
Activate SSO via Okta
Activate SSO via Azure AD
Enable only SSO login
Prerequisites
Steps to enable SSO login
SSO URL without login screen
Access Manager
Access Manager
Policies
Data access users
Options in Access Manager
Resource Policies
Service/Service group global actions
Service actions
Policy definition
Configure Hive resource policy
Resource Policies
Service/Service group global actions
Service actions
Policy definition
Configure Hive resource policy
Configure Policy with Attribute-Based Access Control (ABAC) on PrivaceraCloud
Overview
ABAC in row filter expressions
ABAC in resource definitions
ABAC in policy conditions in Resource based access policies
Prerequisites
Setup User/Group Attributes
Add/Edit Attributes in the PrivaceraCloud Portal
Example policy with ABAC
Control access to S3 buckets with AWS Lambda function on PrivaceraCloud
Prerequisites
Get your access key, secret key, and value of PRIVACERA_DS_ENDPOINT_URL
Create Python Lambda function in AWS
Example Python Lambda for PrivaceraCloud
Tag Policies
Example: Tag Assignment via Apache Ranger API
Add the privacera_tag Service
Tag Policies UI
Example
Scheme Policies
Service Explorer
Reports
Search/Filter Options
View/Edit Reports
Export Policy Reports
Audit
PEG API Accesses
Examples of audit search
Find policies deleted by an administrator
Find statistics of a UserSync from LDAP
About data access users, groups, and roles resource policies
Users
Groups
User/Group Attributes
Roles
Security zones
Create a security zone
Edit or view a security zone
Delete security zone
Discovery
Classifications via random sampling
Supported JDBC applications for random sampling
Prerequisites for random sampling
Define datasource (application) and configure random sampling
Effects of random sampling
Performance impact
Variations in classifications
Privacera Discovery scan targets
Disable or reenable Privacera Discovery
Connect Applications
Discovery scan targets
Start a scan
View a scan
Propagate Privacera Discovery Tags to Ranger
Propagate Discovery Tags to Ranger
General process for configuring an application
Validate the configuration
Create user
Get Ranger Admin URL
Enable offline scanning on Azure Data Lake Storage Gen 2 (ADLS)
Get Azure Storage account name, account key, and URL prefix
Connect ADLS Gen2 Application for Data Discovery
Enable Real-time Scanning of S3 Buckets
Enable Real-time Scanning on Azure Data Lake Storage Gen 2 (ADLS)
Prerequisites
Create a Storage Account and Event Subscription for Scanning
Connect ADLS Gen2 Application for Data Discovery
Connect ADLS Gen2 Application for Data Discovery
Enable Discovery Realtime Scanning Using IAM Role
Create an IAM role with AWS S3 permissions
Configure AWS S3 access using IAM role
Enable Data Discovery
Encryption
Overview of Privacera Encryption
About schemes
View of encryption processes
Encryption architecture and UDF flow
Types of encryption keys
About the Master Key
About the Key Encryption Key (KEK)
About the Data Encryption Key (DEK)
About the Encrypted Data Encryption Key (EDEK)
Key security
Encryption schemes
Privacera-supplied encryption schemes
View encryption schemes
Formats, algorithms, and scopes
Formats
Algorithms
About LITERAL
Scopes
Presentation schemes
View presentation schemes
Privacera-supplied presentation schemes
Create custom presentation schemes
Masking schemes
Masking techniques
Masking with the Encryption REST API
Create custom masking schemes
Create scheme policies
Create scheme policies
Create scheme policies on PrivaceraCloud
Privacera-supplied encryption schemes for the Privacera API
Format: Alphanumeric
Format: ASCII
Format: CC
Formats: DATE and Date_DD_MM
Format: Driver License
Format: Email
Format: FPE_ALPHA_NUMERIC
Format: HASHING
Format: Host/Domain
Format: IP
Format: LITERAL
Format: Numeric
Format: SSN
Format: Text
Privacera-supplied encryption schemes for the Bouncy Castle API
API date input formats
Supported day-first date input formats
Supported month-first date input formats
Supported year-first date input formats
Examples of supported date input formats
Supported date ranges
Deprecated encryption formats, algorithms, and scopes
Deprecated: Alphanumeric
Deprecated: Driver License
Deprecated: Host/Domain
Deprecated: IP
Deprecated: LITERAL
Deprecated: Text
Privacera Encryption REST API
PEG API endpoint
PEG REST API encryption endpoints
Prerequisites
API Key
Scheme policy required for protect and unprotect API endpoints
Common PEG REST API fields
Construct the datalist for the /protect endpoint
Deconstruct the response from the /unprotect endpoint
Example data transformation with the /unprotect endpoint and presentation scheme
Example PEG API endpoints
/protect with encryption scheme
/protect with masking scheme
/protect with both encryption and masking schemes
/unprotect without presentation scheme
/unprotect with presentation scheme
/unprotect with masking scheme
Audit details for PEG REST API accesses
Make encryption API calls on behalf of another user
Privacera Encryption UDF for masking in Databricks on PrivaceraCloud
Syntax of Databricks UDF for masking
Prerequisites for Databricks masking UDF
Define the mask UDF in Databricks
Example query to verify Privacera-supplied mask UDF
Privacera Encryption UDFs for Trino on PrivaceraCloud
Syntax of Privacera Encryption UDFs for Trino
Prerequisites for installing Privacera Crypto plug-in for Trino
Download and install Privacera Crypto jar
Set variables in Trino etc/crypto.properties
Restart Trino to register the Privacera encryption and masking UDFs for Trino
Example queries to verify Privacera-supplied UDFs
Privacera Encryption UDF for masking in Trino on PrivaceraCloud
Syntax of Trino UDF for masking
Prerequisites for Trino masking UDF
Mask UDF pre-defined in Trino
Example query to verify Privacera-supplied mask UDF
Encryption UDFs for Apache Spark on PrivaceraCloud
Syntax of Privacera Encryption UDFs for Apache Spark
Download and install Privacera Crypto jar
Set up in Apache Spark
Set variables in Apache Spark conf/crypto.properties
Add envar to spark-env.sh
Restart Apache Spark
Create Privacera protect and unprotect UDFs
Example queries to verify UDFs
Launch Pad
Scripts for AWS CLI or Azure CLI for managing connected applications
Prerequisites
Generate security token
Download security token and Linux shell script
AWS
Azure
Settings
General functions in PrivaceraCloud settings
API Key
Manage API keys
Generate new API keys
Actions on the Key:
Manage certificates for AWS EMR native Ranger plug-Ins
About Account
Activity
Manage this account
Allowed IP address
Discovery
AWS
Azure ADLS
Privacera Encryption
Authentication settings
Enable Privacera audit access
Statistics
Dashboard
Usage statistics
Operational status of PrivaceraCloud and RSS feed
How to Get Support
Set up a Privacera Support Portal Account
Create Tickets
View Your Tickets
Support Ticket Lifecycle
PrivaceraCloud Support
Permitted Remote Access
Coordinated Vulnerability Disclosure (CVD) Program of Privacera
Security researcher responsibilities
Privacera responsibilities
Shared Security Model
Objective of shared security model
Privacera Responsibility
Access, Authentication, and Authorization
Secure development
Information Technology systems
Customer Responsibility
Governance and security teams
Account Administrators and Data Owners
All users
Privacera (SaaS) or Customer (Self-hosted) Responsibility
IaaS Provider Responsibility
PrivaceraCloud Previews
Preview: File Explorer for S3
Prerequisites
Connect S3 Application
Modify Resource Policy
File Explorer
Example
Preview: File Explorer for Azure
Prerequisites and Setup
General Process
Connect ADLS Gen2 application
Modify Resource Policy
File Explorer
Example of Allowing/Deny Access
Preview: File Explorer for GCS
Prerequisites and Setup
General Process
Connect GCS application
Modify Resource Policy
File Explorer
Example of Allowing/Deny Access
Preview: Scan Generic Records with NER Model
Supported tags
Tags
Preview: Scan Electronic Health Records with NER Model
Supported tags
Tags
Preview: OneLogin setup for SAML-SSO
Configure SAML in OneLogin
Configure SAML in PrivaceraPortal
Preview: Azure Active Directory SCIM Server UserSync
Prerequisites
Privacera UserSync Configuration
Azure AD Configuration
Preview: OneLogin UserSync
Prerequisites
Privacera UserSync Configuration
OneLogin Configuration
Preview: PingFederate UserSync
Prerequisites
Privacera Usersync - SCIM Server integration
PingFederate configuration steps
Privacera Usersync configuration steps
Privacera Usersync - SCIM integration
PingFederate configuration steps
Privacera Usersync configuration steps
Quickstart for Databricks Unity Catalog on PrivaceraCloud
What do I need to do in my Databricks Workspace?
Where is the sample dataset in my Databricks Workspace?
What should I do in the PrivaceraCloud web portal?
Access use-case - How do I give a user access to a table or restrict from running a SQL select query?
Access use-case - How do I restrict a user from seeing contents of a column in the result of a SQL select query?
Column masking use-case - How do I restrict a user from seeing contents of a column by masking the values in the result of a SQL select query?
Access use-case - How do I disallow a user from seeing certain rows of a table?
PrivaceraCloud documentation changelog
2022.12.13
2022.11.25
2022.11.11
2022.09.22
2022.07.25
2022.05.24
Next
PrivaceraCloud Documentation
Your source of documentation for cloud services & more.
Copyright ©
: