Access Management updates

Support for filtering databases and tables in the EMR Hive Glue metastore

EMR Hive Glue metastore now supports filtering databases and tables based on access policy.

Creating select access policy for AWS Lake Formation in Apache Ranger for pull mode

The row-level filter policy in Lake Formation with all columns creates an access policy in Apache Ranger for * columns in pull mode.

Support access control on functions in PostgreSQL

PrivaceraCloud now supports access control policies on PostgreSQL functions.

UserSync updates

Support of service principal in Databricks for Privacera UserSync

Databricks Privacera UserSync now supports specifying a service principal.

UI updates

Improved policy creation page

Improved policy creation page with intuitive information to create policies.

Improved Account Settings screen

The account admin can now edit the personal information on Account Settings screen.

REST API changes

Formerly, for an unauthorized user call, the REST API for Access Manager and Ranger returned the HTTP response code 401-Unauthorized. Instead, the REST API now returns response code 403-Forbidden (unauthorized).

The REST API response body now does not return attributes or fields that have no values. This has improved the response time for many calls.

Access Management updates

Support of DROP permission for AWS Redshift tables

The Privacera PolicySync connector now supports DROP permission for AWS Redshift tables.

Improved dataset and resource listing page in Governed Data Stewardship

The dataset and resource listing pages display a configurable number of rows per page.

Support of access management for EMR's Multiple master node configuration

EMR clusters with multiple master nodes can be configured for access management.

UI updates

Introducing restart functionality in PrivaceraCloud Portal

When any configuration outside of the application configuration is changed, you need to restart your application, encryption, or UserSync. This is to ensure that the updated configuration functions properly. This functionality is added for Applications, Encryption, and UserSync services.

PrivaceraCloud is now in the Whitelisted IP addresses list

PrivaceraCloud has been added to the list of Whitelisted IP Addresses.

Special characters are not allowed in PrivaceraCloud

Special characters such as <, >, &, and " are not allowed when configuring things in PrivaceraCloud.

UI updates

Improved notifications page for access request message

The access request message for the datasets appears in the notifications. When accepted, the notification is removed.

Resources remain same after deleting data owner

When the owner of a data domain is deleted, the resources shared by that owner are not deleted and remain in datasets.

Free text search is now available in Audit page

The search feature on the Audit page has been improved to support free text search and autocomplete. You can now modify your search.

Introducing an existing policy cloning option

Existing Policy can now be cloned to the same and different services.

New property for Databricks FGAC and OLAC

For Databricks FGAC and OLAC, the property spark.hadoop.privacera.fgac.use.displayname controls whether the Databricks Service Principal name is used for access control and recorded in the audit logs. By default, the Service Principal ID is used, not the name.

Access Management updates

Support for access control when writing to S3 using Kafka

Confluent Kafka and Open Source Kafka now support access control when writing to S3.

UI updates

Enable data domain-related notifications to IT admin user

Users with the IT Admin role can now receive notifications about data management-related activities such as, dataset access requests, resource creation and additions to the data domain, and resource deletions from the data domain.

Improved search in the user management table

Filters/search boxes have been added above each column in the user management table to improve usability.

Access Management updates

Preview - Databricks Unity Catalog Supports FGAC

The Databricks Unity Catalog Connector (on AWS) now supports Fine Grained Access Control (FGAC).

Oracle application supports as a resource in Domain, shared datasets, and projects

The Oracle Application now appears on the Add Resource pop-up while adding Oracle resources to the Data Domain, Shared Data Set, and Project Data Set.

Support of Tag-based policies in a Security Zone

Security Zone now supports Tag-based policies created through a Data Domain.

Discovery updates

GCS supports offline scanning

GCS files and folders (except ORC and PARQUET file formats) support offline scanning for PII information, allowing you to create appropriate tag-based access policies.

Introducing auto approval option for datasets and projects

Data owners can now select the auto approval option for datasets and projects. This allows for instant approval notification and access to datasets and projects.

Access Management updates

Support for access control in GDS for SE and SEP

Governed Data Stewardship (GDS) now supports access control for Starburst Enterprise (SE) and Starburst Enterprise Presto (SEP).

Support for PolicySync-based access control in Oracle application

Oracle database now supports access control through PolicySync. On-premises installation of Oracle Database 19c is supported.

Discovery update

Introducing offline scanning in Discovery for GBQ

Google BigQuery (GBQ) now supports offline scanning in Discovery to scan for PII information in Tables and Views.

Encryption update

Introducing Encryption for Snowflake resources

Encryption is now certified for Snowflake resources to encrypt and decrypt the column using external UDFs. Snowflake resources support user/role/group-based masking policies.

Access Management updates

Change in permission for the Databricks application

The privacera_hive service must be granted the alter permission rather than the update permission for databricks versions less than 10.4 LTS. Add a new policy to the privacera hive service for the database, and grant alter permission.

Preview: Introducing Databricks Unity Catalog

The Databricks Unity Catalog connector is now supported by the PrivaceraCloud portal.

Support for multiple AWS applications for access control

Multiple AWS accounts can be added using the application name in the PrivaceraCloud portal. All the created AWS accounts are displayed as tabs in the File Explorer to access S3 buckets.

Support for multiple subscriptions in Azure

Multiple subscriptions for access control in Databricks on Azure and dataserver are supported.

Improved policycache service

The policycache service now supports cache persistence. Deactivated services and deleted cases can be managed in Policycache.

Enabling access control for Dataproc and Textract applications

You can now use Access Manager service for Textract and Dataproc applications.

Additional permissions are added for more security reasons

Previously, when creating a table with a location, only read or write permissions were granted. It is now recommended to grant read, write, and delete permissions to ensure consistency for multiple flavors of creating tables for different Spark versions (7.3, 9.1, 10.3, and 11.3), different file formats (parquet, csv, json, and delta), and additional security reasons.

Discovery updates

GBQ supports for Data Discovery

GBQ now supports Data Discovery for scanning resources.

Limit the volume of Text/Verchar datatypes during scanning

Limit the volume of data read during the scan for all the JDBC data sources where we used Text/Varchar datatypes.

Support for Encryption and Decryption functionalities for BigQuery

The BigQuery application now supports Encryption and Decryption functionalities for sensitive data based on Apache Ranger access authorisation.

Introducing UTF-8 encoding for other than English language characters

UTF-8 encoding is now used to encrypt other than English language language characters.

Enabling PolicySync for Dremio application

The Dremio application now supports PolicySync features.

Tags column on the Audit page displays attributes

The tags column in the access audit log record is currently populated when the accessed resource has any tags associated with it. If the tag has any attributes, the values of those attributes are displayed in the audit log record.

Improvement in Datasets

The user of a shared dataset can now add the resource to a project.

Addition of Client OAuth option in ADLS Gen2 application

The ADLS Gen2 application now has Shared Key and Client OAuth options. Previously, you could only configure ADLS Gen2 with the Shared Key option. Now, you can create Tenant and Clients for your ADLS Gen2 application using the Client OAuth option.

Improvement in About modal window

The About modal window now displays specific component information, including the Privacera release version.

Access Management updates

Introducing Amazon Textract application for Access control

The Amazon Textract application can now be connected to PrivaceraCloud for access control.

Access control of multiple AWS accounts via dataserver.

The AWS S3 service supports access control via dataserver across multiple AWS accounts.

Support for OSS versions 3.2.2 and 3.3.0 access control

Spark plugin access control supports Kubernetes deployment of Open Source Spark (OSS) versions 3.2.2 and 3.3.0.

Certify access control support for EMR version 5.36.0

Access control support for EMR version 5.36.0 has been certified. You can configure EMR Hive, FGAC/OLAC Spark.

Preview: Dremio PolicySync connector

Access-control lists (ACLs) are supported by the Dremio PolicySync connector on both Physical datasets (PDS) and Virtual datasets (VDS).

Preview: Support of conditional masking in Snowflake connector

The Snowflake connector now supports conditional masking for access control using its native masking policy.

Improvement in the PolicySync Audit logs

Audit logs for Redshift, GBQ, Snowflake, and PostgreSQL PolicySync connectors are now improved.

Discovery updates

DynamoDB support for Data Discovery

DynamoDB datasource scan is supported for discovering sensitive elements and sync tags identified by Ranger.

Preview: Support scanning of Database views

Discovery now supports scanning of database views to be able to tag them.

Encryption updates

Introducing "mask" UDF for Trino

Trino now supports a masking scheme to protect UDFs.

Preview: Introducing PEG Integration with OSS

Introducing PEG Integration with Open Source Spark (OSS).

Introducing PEG Integration with Open Source Trino

Introducing PEG Integration with Open Source Trino Version 394.

Certify PEG scheme policies

With the Apache Ranger Security Zone, PEG schema policies are now certified.

UI updates

The new "Identity" menu in the PrivaceraCloud UI

The new Identity menu in the UI Settings, which allows you to configure LDAP/AD and Single Sign-On. Earlier, the Datasource menu included LDAP/AD and Single Sign-On, but now Datasource only includes UserSync.

Improved Notification page

To clear all the unread notifications, a new button labelled Mark All as Read has been added.