Skip to main content

Privacera Documentation

Properties for Vertica connector

These Vertica connector properties can be set for PolicySync in Privacera.

The properties are grouped by general function, such as Vertica Connection Configuration, properties for user, group, and role management, and other functions.

The properties are also categorized as BASIC or ADVANCED:

  • BASIC pertains to the most fundamental aspects of the connector, such as authentication.

  • ADVANCED indicates additional features beyond the BASICs, such as row-filtering or group member handling.

Start by setting the BASIC fields described here and then examine the ADVANCED fields to determine which of these features you might want to enable.

Table 66. Properties for Vertica connector

PrivaceraCloud property field name

PM connector property name

Mandatory (to set by user)

Property variable name

Property Type

Description

Vertica Connection Configuration

Vertica JDBC URL

CONNECTOR_VERTICA_JDBC_URL

TRUE

jdbc.url

BASIC

The JDBC URL used to create a direct connection to Vertica. It should follow the format jdbc:vertica://<VERTICA_HOST>:5433.

Vertica database to connect

CONNECTOR_VERTICA_JDBC_DB

TRUE

jdbc.db

BASIC

The JDBC database where the connection will be established within Vertica.

Vertica JDBC username

CONNECTOR_VERTICA_JDBC_USERNAME

TRUE

jdbc.username

BASIC

The JDBC username used for the connection to Vertica. It is recommended to use a user with admin privileges.

Vertica JDBC password

CONNECTOR_VERTICA_JDBC_PASSWORD

TRUE

jdbc.password

BASIC

The password of the JDBC user utilized for connecting to Vertica.

Default password for new vertica user

CONNECTOR_VERTICA_DEFAULT_USER_PASSWORD

TRUE

new.user.password

BASIC

The default password assigned to new users created by Privacera in Vertica. If SSO is used for Vertica, set this value to none.

Vertica resource owner

CONNECTOR_VERTICA_OWNER_ROLE

FALSE

switch.ownership.role

BASIC

User to be set as owner for all the Vertica resources managed by privacera. Generally value of this should be same as Vertica JDBC username.

Resource Management

Schemas to set access control policies

CONNECTOR_VERTICA_MANAGE_SCHEMA_LIST

FALSE

manage.schema.list

ADVANCE

This attribute is employed to define a comma-separated fully qualified domain name (FQDN) of schemas. These schemas' access control will be regulated by policysync. If your intention is to oversee all schemas, you can omit specifying this attribute. It also accommodates the use of wildcards. Keep in mind that the list of schemas to ignore takes precedence over the list of schemas to manage. For instance: testdb1.schema1, testdb1.schema2, testdb1.sales*

Note

The values for this property are sensitive to letter case.

Tables to set access control policies

CONNECTOR_VERTICA_MANAGE_TABLE_LIST

FALSE

manage.table.list

ADVANCE

This property is used to set comma separated table/view Fqdn which access control should be managed by policysync. If you want to manage all tables/views then you can skip specifying this property. This supports wildcards as well. The ignore table list has precedance over manage table list. For example, testdb1.schema1.table1,testdb1.schema2.view2,testdb1.sales*.*

Note

The values for this property are sensitive to letter case.

Functions to set access control policies

CONNECTOR_VERTICA_MANAGE_FUNCTION_LIST

FALSE

manage.function.list

ADVANCE

This property is used to set comma separated function Fqdn which access control should be managed by policysync. If you want to manage all functions then you can skip specifying this property. This supports wildcards as well. The ignore function list has precedance over manage function list. For example, testdb1.schema1.function1,testdb1.schema2.function2,testdb1.sales*.*

Note

The values for this property are sensitive to letter case.

Locations to set access control policies

CONNECTOR_VERTICA_MANAGE_LOCATION_LIST

FALSE

manage.location.list

ADVANCE

This property is used to set comma separated schema Fqdn which access control you don't want to be managed by policysync. If you don't want to ignore any schema then you can skip specifying this property. This supports wildcards as well. This has precedance over manage schema list. For example, testdb1./tmp/sales_data,testdb1./tmp/cust*

Note

The values for this property are sensitive to letter case.

Schemas to ignore while setting access control policies

CONNECTOR_VERTICA_IGNORE_SCHEMA_LIST

FALSE

ignore.schema.list

ADVANCE

This property is used to set comma separated schema Fqdn which access control you don't want to be managed by policysync. If you don't want to ignore any schema then you can skip specifying this property. This supports wildcards as well. This has precedance over manage schema list. For example, testdb1.schema1,testdb1.schema2,testdb1.sales*

Note

The values for this property are sensitive to letter case.

Locations to ignore while setting access control policies

CONNECTOR_VERTICA_IGNORE_LOCATION_LIST

FALSE

ignore.location.list

ADVANCE

This property is used to set comma separated location Fqdn which access control you don't want to be managed by policysync. If you don't want to ignore any locations then you can skip specifying this property. This supports wildcards as well. This has precedance over manage location list. For example, testdb1./tmp/sales_data,testdb1./tmp/cust*

Note

The values for this property are sensitive to letter case.

Users/Groups/Roles management

Regex to find special characters in user names

CONNECTOR_VERTICA_USER_NAME_REPLACE_FROM_REGEX

FALSE

user.name.replace.from.regex

ADVANCE

This accepts a regular expression as input and identifies the corresponding characters within a username. It then substitutes these identified characters with the characters specified in the property. If left empty, no find and replace operation will be executed.

String to replace with the special characters found in user names

CONNECTOR_VERTICA_USER_NAME_REPLACE_TO_STRING

FALSE

user.name.replace.to.string

ADVANCE

The value provided in this property is utilized to substitute the characters discovered by the regular expression specified in the user name regex property. If left empty, no find and replace operation will be carried out.

Regex to find special characters in group names

CONNECTOR_VERTICA_GROUP_NAME_REPLACE_FROM_REGEX

FALSE

group.name.replace.from.regex

ADVANCE

This feature accepts a regular expression as input, scans for matching characters within a group name, and then substitutes these identified characters with the characters specified in the property. If left blank, no find and replace operation is executed.

String to replace with the special characters found in group names

CONNECTOR_VERTICA_GROUP_NAME_REPLACE_TO_STRING

FALSE

group.name.replace.to.string

ADVANCE

The value specified in this property is used to replace the characters found by the regex specified group name regex property. If kept blank, no find and replace operation is performed.

Regex to find special characters in role names

CONNECTOR_VERTICA_ROLE_NAME_REPLACE_FROM_REGEX

FALSE

role.name.replace.from.regex

ADVANCE

This takes the regular expression as input and finds the matching characters in a role name and replaces them with the characters specified in property. If kept blank, no find and replace operation is performed.

String to replace with the special characters found in role names

CONNECTOR_VERTICA_ROLE_NAME_REPLACE_TO_STRING

FALSE

role.name.replace.to.string

ADVANCE

The value specified in this property is used to replace the characters found by the regex specified role name regex property. If kept blank, no find and replace operation is performed.

Persist case sensitivity of user names

CONNECTOR_VERTICA_USER_NAME_PERSIST_CASE_SENSITIVITY

FALSE

user.name.persist.case.sensitivity

ADVANCE

After loading user from Ranger API's all are converted into lowercase, but in some cases, you would need to have the users in the same case as they are in Ranger. When setting this value to true, it will maintain the case sensitivity of names as they are in Ranger.

Persist case sensitivity of group names

CONNECTOR_VERTICA_GROUP_NAME_PERSIST_CASE_SENSITIVITY

FALSE

group.name.persist.case.sensitivity

ADVANCE

After loading group from Ranger API's all are converted into lowercase, but in some cases, you would need to have the users in the same case as they are in Ranger. When setting this value to true, it will maintain the case sensitivity of names as they are in Ranger.

Persist case sensitivity of role names

CONNECTOR_VERTICA_ROLE_NAME_PERSIST_CASE_SENSITIVITY

FALSE

role.name.persist.case.sensitivity

ADVANCE

After loading role from Ranger API's all are converted into lowercase, but in some cases, you would need to have the users in the same case as they are in Ranger. When setting this value to true, it will maintain the case sensitivity of names as they are in Ranger.

Create users in Vertica by privacera

CONNECTOR_VERTICA_CREATE_USER

FALSE

create.service.user

ADVANCE

This property determines whether users fetched from Ranger should be created in Vertica.

Create user roles in Vertica by privacera

CONNECTOR_VERTICA_CREATE_USER_ROLE

FALSE

create.service.user.role

ADVANCE

This property governs whether a role should be created above the end user in Vertica for users fetched from Ranger.

Manage users from portal

CONNECTOR_VERTICA_MANAGE_USERS

FALSE

manage.service.user

ADVANCE

This property controls whether policysync should manage the users fetched from ranger.

Manage groups from portal

CONNECTOR_VERTICA_MANAGE_GROUPS

FALSE

manage.service.group

ADVANCE

This property manages whether roles should be generated in Vertica for groups fetched from Ranger.

Manage roles from portal

CONNECTOR_VERTICA_MANAGE_ROLES

FALSE

manage.service.role

ADVANCE

This property governs whether roles fetched from Ranger should be created as roles in Vertica.

Users to set access control policies

CONNECTOR_VERTICA_MANAGE_USER_LIST

FALSE

manage.user.list

ADVANCE

This property is used to set comma separated user names which access control should be managed by policysync. If you want to manage all users then you can skip specifying this property. This supports wildcards as well. The ignore users list has precedence over manage users list. For example, user1,user2,dev_user*

Groups to set access control policies

CONNECTOR_VERTICA_MANAGE_GROUP_LIST

FALSE

manage.group.list

ADVANCE

This property is used to set comma separated group names which access control should be managed by policysync. If you want to manage all group then you can skip specifying this property. This supports wildcards as well. The ignore group list has precedence over manage group list. For example, group1,group2,dev_group*

Roles to set access control policies

CONNECTOR_VERTICA_MANAGE_ROLE_LIST

FALSE

manage.role.list

ADVANCE

This property is used to set comma separated role names which access control should be managed by policysync. If you want to manage all role then you can skip specifying this property. This supports wildcards as well. The ignore role list has precedence over manage role list. For example, role1,role2,dev_role*

Users to be ignored by access control policies

CONNECTOR_VERTICA_IGNORE_USER_LIST

FALSE

ignore.user.list

ADVANCE

This property is used to set comma separated user names which access control you don't want to be managed by policysync. If you don't want to ignore any users then you can skip specifying this property. This supports wildcards as well. This has precedence over manage users list. For example, user1,user2,dev_user*

Groups be ignored by access control policies

CONNECTOR_VERTICA_IGNORE_GROUP_LIST

FALSE

ignore.group.list

ADVANCE

This property is used to set comma separated group names which access control you don't want to be managed by policysync. If you don't want to ignore any groups then you can skip specifying this property. This supports wildcards as well. This has precedence over manage groups list. For example, group1,group2,dev_group*

Roles be ignored by access control policies

CONNECTOR_VERTICA_IGNORE_ROLE_LIST

FALSE

ignore.role.list

ADVANCE

This property is used to set comma separated role names which access control you don't want to be managed by policysync. If you don't want to ignore any roles then you can skip specifying this property. This supports wildcards as well. This has precedence over manage roles list. For example, role1,role2,dev_role*

Prefix of Vertica roles for portal users

CONNECTOR_VERTICA_USER_ROLE_PREFIX

FALSE

User.role.prefix

ADVANCE

This property is used to set a prefix for role which we will be creating in vertica for user from ranger. For example, if you have user named john in ranger and you have defined prefix as test_user_ then the role which we create for john in vertica will have name test_user_john

Prefix of Vertica roles for portal groups

CONNECTOR_VERTICA_GROUP_ROLE_PREFIX

FALSE

Group.role.prefix

ADVANCE

This property is used to set a prefix for role which we will be creating in vertica for group from ranger. For example, if you have group named dev in ranger and you have defined prefix as test_group_ then the role which we create for dev in Vertica will have name test_group_dev

Prefix of Vertica roles for portal roles

CONNECTOR_VERTICA_ROLE_ROLE_PREFIX

FALSE

Role.role.prefix

ADVANCE

This property is used to set a prefix for role which we will be creating in vertica for role from ranger. For example, if you have role named finance in ranger and you have defined prefix as test_role_ then the role which we create for finance in Vertica will have name test_role_finance

Use Vertica native public group for public group access policies

CONNECTOR_VERTICA_USE_NATIVE_PUBLIC_GROUP

FALSE

use.native.public.group

ADVANCE

Set this property to true, if you want PolicySync to use porstgres native public group for access grants whenever there is policy created referring to public group inside it.

Set access control policies only on the users from managed groups

CONNECTOR_VERTICA_MANAGE_USER_FILTERBY_GROUP

FALSE

manage.user.filterby.group

ADVANCE

Set this property to true, if you want to manage only the users who belongs the the groups defined in manage groups list property.

Set access control policies only on the users/groups from managed roles

CONNECTOR_VERTICA_MANAGE_USER_FILTERBY_ROLE

FALSE

manage.user.filterby.role

ADVANCE

Set this property to true, if you want to manage only the users who belongs the roles defined in manage roles list property.

Access control management

Enforce vertica native masking

CONNECTOR_VERTICA_ENABLE_ROW_FILTER

FALSE

enable.masking

ADVANCE

Set this property to true, if you want to enable native column masking functionality. Note:- The native column masking can only be created on tables, they can't be created on views.

Note

Native column maskingcan exclusively be generated for tables; they cannot be generated for views.

Enforce vertica tr filter policies

CONNECTOR_VERTICA_ENABLE_MASKING

FALSE

enable.tr.filter

ADVANCE

Set this property to true, if you want to enable native tr filter functionality.

Note

Native tr filters can exclusively be generated for tables; they cannot be generated for views.

Default masked value for numeric datatype columns

CONNECTOR_VERTICA_MASKED_NUMBER_VALUE

FALSE

masked.int.value

ADVANCE

This property is used to specify the default masking value for numeric columns.

Default masked value for text/varchar/string datatype columns

CONNECTOR_VERTICA_MASKED_TEXT_VALUE

FALSE

masked.text.value

ADVANCE

This property is used to specify the default masking value for text/string columns.

Enable policy enforcements and user/group/role management

CONNECTOR_VERTICA_GRANT_UPDATES

FALSE

perform.grant.updates

BASIC

This property controls whether actual grant/revoke and create/update/delete queries for user/group/role should be run on Vertica.

Access audits management

Enable access audits

CONNECTOR_VERTICA_AUDIT_ENABLE

FALSE

enable.audit

BASIC

This property is used to enable access audit fetching from vertica.

Users to exclude when fetching access audits

CONNECTOR_VERTICA_AUDIT_EXCLUDED_USERS

FALSE

audit.excluded.users

ADVANCE

This property is used to set the list of users whose access audits we want to ignore. It takes list of comma separated users.