Skip to main content

Privacera Documentation

About secure database views

Many connected applications do not have the native ability to enforce some kinds of resource policies directly in the associated tables. For example, Databricks SQL does not have the native capability to create column masks or row filters.

For this reason, Privacera creates a secure view of the original database and applies policy to that secure view. The name of a secure view is:

originalDatabaseName_secure

In Privacera, the access policy itself must always specify the name of the original database, not the secure view.

In the access policy, make sure you remove the Data Admin permission for the user. Otherwise, the user can see the original, unprotected database.

Note

You should tell users the name of the secure view for their queries and that access to the original database is no longer allowed.