Skip to main content

Privacera Documentation

Configure Databricks SQL PolicySync on PrivaceraCloud

One purpose of connecting Databricks SQL is to limit users access to your entire Databricks data source or portions thereof, such as Delta external tables, views, entire tables, or only certain columns or rows.

Prerequisites

These prerequisites deal only with the most basic connection set-up to Databricks SQL.

  1. In Databricks SQL, create a Databricks SQL endpoint for connecting from PrivaceraCloud.

  2. Make note of or copy the following values for entering into the fields in PrivaceraCloud as detailed in Connect Databricks SQL application to PrivaceraCloud:

    • The email address of the user defined in the endpoint. This is the value of the Databricks SQL JDBC username in PrivaceraCloud.

    • The Databricks-generated personal access token. This is the value of the Databricks SQL JDBC password for the defined JDBC username in PrivaceraCloud.

      This is a Databricks personal access token. The access token must belong to a Databricks SQL workspace administrator, but it doesn’t matter if it’s a user or service principal. That is, the user or service principal must be a workspace administrator.

    • In Databricks SQL, create the users with proper permissions to access the data you want to manage via Privacera.

    • The Databricks JDBC URL defined for the endpoint.

  3. Start by setting the BASIC fields described here and then examine the ADVANCED fields to determine which of these features you might want to enable.

    The fields in PrivaceraCloud are grouped by general function, such as JDBC URL, fields for user, group, and role management, and other functions. They are are categorized as BASIC or ADVANCED:

    • BASIC pertains to the most fundamental aspects of the connection, such as authentication.

    • ADVANCED indicates additional features beyond the BASICs, such as row-filtering or group member handling.

    For more information on the fields and their values, see Databricks SQL fields on PrivaceraCloud.

  4. After connecting and before you can create policies, make sure you have added your users to PrivaceraCloud as described in Connect users to PrivaceraCloud.

Connect Databricks SQL application to PrivaceraCloud

With the values for the basic fields you noted in Prerequisites, follow these steps to connect the Databricks SQL application to the PrivaceraCloud:

  1. Go to Setting > Applications.

  2. In the Applications screen, select Databricks SQL.

  3. Select the platform type (AWS or Azure) on which you want to configure the Databricks application.

  4. Enter the application Name and Description, and then click Save.

  5. In the BASIC tab, enter values in the fields detailed in Prerequisites:

    • Databricks SQL JDBC username

    • Databricks SQL JDBC password with the Databricks SQL personal access token

    • Databricks JDBC URL

  6. For the field Enable policy enforcements and user/group/role management, click Enable. This setting is required.

  7. Click Save.

Create resource policies on PrivaceraCloud

After you have established the basic connection, you can start to create access management policies. For more information, see the following: