Skip to main content

Privacera Documentation

Connect Power BI to PrivaceraCloud

This topic describes how to connect a Power BIapplication to PrivaceraCloud.

  1. Go to Settings -> Applications.

  2. On the Applications screen, select Power BI.

  3. Enter the application Name and Description, and then click SAVE.

  4. Click the toggle button to enable Access Management for Power BI.

  5. In the BASIC tab, enter the values in the required(*) fields and click SAVE.

  6. In the ADVANCED tab, you can add custom properties.

    Caution

    Advanced properties should be modified in consultation with Privacera.

  7. Click the IMPORT PROPERTIES link to browse and import application properties.

Power BI connector properties

Basic fields

Table 25. Basic fields

Field name

Type

Default

Required

Description

Power BI authenticated user

string

Yes

Specifies the authentication username. If you do not specify this value, you must specify a secret for Power BI application client secret.

Power BI authenticated user's password

string

Yes

Specifies the authentication password. If you do not specify this value, you must specify a secret for Power BI application client secret.

Power BI application tenant id

string

Yes

Specifies the tenant ID associated with your Microsoft Azure account.

Power BI application client id

string

Yes

Specifies the principal ID for authentication.

Power BI application client secret

string

Yes

Specifies a client secret for authentication.

If you do not specify this value, you must specify both Power BI authenticated user and Power BI authenticated user's password.

Workspaces to set access control policies

string

No

Specifies a comma-separated list of workspace names for which PolicySync manages access control. If unset, access control is managed for all workspaces. If specified, use the following format. You can use wildcards. Names are case-sensitive.

An example list of workspaces might resemble the following: demo1,demo2,sales*.

If specified, Workspaces to ignore while setting access control policies takes precedence over this setting.

Enable policy enforcements and user/group/role management

boolean

true

No

Specifies whether PolicySync performs grants and revokes for access control and creates, updates, and deletes queries for users, groups, and roles. The default value is true.

Enable access audits

boolean

false

Yes

Specifies whether Privacera fetches access audit data from the data source.



Advanced fields

Table 26. Advanced fields

Field name

Type

Default

Required

Description

Workspaces to ignore while setting access control policies

string

No

Specifies a comma-separated list of workspace names that PolicySync does not provide access control for. You can specify wildcards. Names are case-sensitive. If not specified, all workspaces are subject to access control.

This setting supersedes any values specified by Workspaces to set access control policies.

Regex to find special characters in user names

string

[~`$&+:;=?@#|'<>.^*()_%\\\\[\\\\]!\\\\-\\\\/\\\\\\\\{}]

No

Specifies a regular expression to apply to a username and replaces each matching character with the value specified by the String to replace with the special characters found in user names setting.

If not specified, no find and replace operation is performed.

String to replace with the special characters found in user names

string

_

No

Specifies a string to replace the characters matched by the regex specified by the Regex to find special characters in user names setting.

If not specified, no find and replace operation is performed.

Regex to find special characters in group names

string

[~`$&+:;=?@#|'<>.^*()_%\\\\[\\\\]!\\\\-\\\\/\\\\\\\\{}]

No

Specifies a regular expression to apply to a group and replaces each matching character with the value specified by the String to replace with the special characters found in group names setting.

If not specified, no find and replace operation is performed.

String to replace with the special characters found in group names

string

_

No

Specifies a string to replace the characters matched by the regex specified by the Regex to find special characters in group names setting.

If not specified, no find and replace operation is performed.

Persist case sensitivity of user names

boolean

false

No

Specifies whether PolicySync converts user names to lowercase when creating local users. If set to true, case sensitivity is preserved.

Persist case sensitivity of group names

boolean

false

No

Specifies whether PolicySync converts group names to lowercase when creating local groups. If set to true, case sensitivity is preserved.

Users to set access control policies

string

No

Specifies a comma-separated list of user names for which PolicySync manages access control. You can use wildcards. Names are case-sensitive.

If not specified, PolicySync manages access control for all users.

If specified, Users to be ignored by access control policies takes precedence over this setting.

An example user list might resemble the following: user1,user2,dev_user*.

Groups to set access control policies

string

No

Specifies a comma-separated list of group names for which PolicySync manages access control. If unset, access control is managed for all groups. If specified, use the following format. You can use wildcards. Names are case-sensitive.

An example list of projects might resemble the following: group1,group2,dev_group*.

If specified, Groups be ignored by access control policies takes precedence over this setting.

Users to be ignored by access control policies

string

No

Specifies a comma-separated list of user names that PolicySync does not provide access control for. You can specify wildcards. Names are case-sensitive. If not specified, all users are subject to access control.

This setting supersedes any values specified by Users to set access control policies.

Groups be ignored by access control policies

string

No

Specifies a comma-separated list of group names that PolicySync does not provide access control for. You can specify wildcards. Names are case-sensitive. If not specified, all groups are subject to access control.

This setting supersedes any values specified by Groups to set access control policies.

Set access control policies only on the users from managed groups

boolean

false

No

Specifies whether to manage only the users that are members of groups specified by Groups to set access control policies. The default value is false.



Custom fields

Table 27. Custom fields

Canonical name

Type

Default

Description

sync.interval.sec

integer

60

Specifies the interval in seconds for PolicySync to wait before checking for new resources or changes to existing resources.

sync.serviceuser.interval.sec

integer

420

Specifies the interval in seconds for PolicySync to wait before reconciling principals with those in the data source, such as users, groups, and roles. When differences are detected, PolicySync updates the principals in the data source accordingly.

sync.servicepolicy.interval.sec

integer

540

Specifies the interval in seconds for PolicySync to wait before reconciling Apache Ranger access control policies with those in the data source. When differences are detected, PolicySync updates the access control permissions on data source accordingly.

audit.interval.sec

integer

30

Specifies the interval in seconds to elapse before PolicySync retrieves access audits and saves the data in Privacera.

user.filter.with.email

boolean

false

Set this property to true if you only want to manage users who have an email address associated with them in the portal.

audit.initial.pull.min

integer

30

Specifies the initial delay, in minutes, before PolicySync retrieves access audits from Microsoft Power BI.