Skip to main content

Privacera Documentation

PostgreSQL connector for PolicySync on Privacera Platform

This topic covers how you can configure PostgreSQL PolicySync access control using Privacera Manager. Privacera supports the following PostgreSQL implementations:

  • Amazon RDS PostgreSQL

  • Amazon Aurora in PostgreSQL mode

  • Google Cloud PostgreSQL

  • PostgreSQL

Generalized approach for implementing PolicySync

To help you reach compliance, Privacera PolicySync distributes your defined access management policies to the third-party datasources you connect to Privacera.

Use this generalized approach for implementing PolicySync.

  1. Understand how PolicySync works and how it is configured. See PolicySync design and configuration on Privacera Platform.PolicySync design and configuration on Privacera Platform

  2. Decide which PolicySync topology best suits your needs:

  3. Create the required, basic PolicySync configuration. See PolicySync design and configuration on Privacera PlatformPolicySync design and configuration on Privacera Platform

  4. Examine the BASIC and ADVANCED properties, decide which features you want to implement, and set the necessary values in the YAML property file.

Connector name: postgres

When you create the connector as detailed in PolicySync design and configuration on Privacera Platform, use the following reserved word for the name of the connector:PolicySync design and configuration on Privacera Platform

postgres

In formal syntax shown in PolicySync design and configuration on Privacera Platform replace <ConnectorName> with the above.PolicySync design and configuration on Privacera Platform

Prerequisites

If you choose to enable audits for PolicySync, ensure the following prerequisites are met:

Optional Basic Authentication for PolicySync

To optionally enable basic authenticate for PolicySync to Google Cloud PostgreSQL you can create a JSON file in your connector instance subdirectory.

The name of the file must be XXX.json.

An example of the contents of XXX.json.:

 {
  "type": "service_account",
  "project_id": "your_project_id",
  "private_key_id": "autogenerated_value",
  "private_key": "-----BEGIN PRIVATE KEY-----autogenerated_value-----END PRIVATE KEY-----\n",
  "client_email": "autogenerated_value",
  "client_id": "autogenerated_value",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/autogenerated_value"
}