Skip to main content

Privacera Documentation

Table of Contents

UserSync system properties on Privacera Platform

UserSync property

Description

Property

Default

PRIVACERA_USERSYNC_RANGER_URL

Address of Ranger instance.

ranger.url

http://ranger:6080

PRIVACERA_USERSYNC_RANGER_USERNAME

Username of Ranger user.

ranger.username

admin

PRIVACERA_USERSYNC_RANGER_PASSWORD

Password of Ranger user.

ranger.password

welcome1

PRIVACERA_USERSYNC_CONTEXT_CLASS

Implementation class used for USContext. Storage of synced Users and Groups.

usersync.context.class

com.privacera.usersync.context.USContextRocksDB Options: com.privacera.usersync.context.USContextRocksDB com.privacera.usersync.context.USContextMemory

PRIVACERA_USERSYNC_CONTEXT_DATASOURCE_PRIORITY_LIST

Priority list of configured datasources. Sources nearest the beginning of the list will be used over sources later in the list.

usersync.context.datasource.priority.list

PRIVACERA_USERSYNC_DETECT_CACHE_DIFFERENCES_ENABLED

To enable the cache synchronization.

While UserSync reads data from an IdP, for performance, the incoming user data is kept in cache and periodically compared to user data already synced to the Privacera portal. From cache, UserSync pushes user data from the IdP that has been reconciled with the Privacera portal to the connected applications.

.

usersync.detect.DifferencesBetweenCacheAndRangerForUserAndGroup.enabled

true

PRIVACERA_USERSYNC_DETECT_CACHE_INTERVAL_SECONDS

Frequency of cache synchronization in seconds.

usersync.ranger.compare.interval.seconds

43200

PRIVACERA_USERSYNC_LOADER_BULK_ENABLED

Load users to Portal in batches.

usersync.user.loader.bulk.enabled

TRUE

PRIVACERA_USERSYNC_LOADER_BULK_BATCHSIZE

Size of batches to load Users into Portal.

usersync.user.loader.bulk.batchsize

100

PRIVACERA_USERSYNC_UPDATE_GROUP_MEMBERSHIPS_BATCH_ENABLE

Load group memberships to Portal in batches.

usersync.user.loader.update.group.memberships.batch.enable

FALSE

PRIVACERA_USERSYNC_UPDATE_GROUP_MEMBERSHIPS_BATCHSIZE

Size of batches to load Group memberships into Portal.

usersync.user.loader.update.group.memberships.batchsize

1000

PRIVACERA_USERSYNC_STARTUP_PERFORM_OPERATIONS_ENABLED

Scan for and perform any pending operations in cache (User/Group objects) at service start-up

usersync.startup.performoperations.enabled

TRUE

PRIVACERA_USERSYNC_LOADER_PROCESS_THREAD_MIN

Minimum threads for processing user/group updates (<=0 will use a cached thread pool)

usersync.user.loader.process.thread.min

1

PRIVACERA_USERSYNC_LOADER_PROCESS_THREAD_MAX

Maximum threads for processing user/group updates (if min is <= 0, this has no effect)

usersync.user.loader.process.thread.max

1

PRIVACERA_USERSYNC_LOADER_PROCESS_THREAD_KEEPALIVE

Keep alive value for threads in pool.

usersync.user.loader.process.thread.keepalive

30

JCEKS KeyStore File Paths

privacera.usersync.keystore.files

JCEKS KeyStore Files Passwords

privacera.usersync.keystore.passwords

Secure keys alias prefix

privacera.usersync.secure.key.prefix

jceks

PRIVACERA_USERSYNC_AUTH_SSL_TRUSTSTORE_FILE

SSL Truststore path

ssl.truststore

PRIVACERA_USERSYNC_AUTH_SSL_TRUSTSTORE_PASSWORD

SSL Truststore password

ssl.truststore.password

PRIVACERA_USERSYNC_RANGER_INIT_RETRY_INTERVAL_IN_MILLIS

Delay in milliseconds between retry attempts for initializing Ranger user loader.

usersync.user.loader.ranger.init.retryinterval.ms

30000

PRIVACERA_USERSYNC_RANGER_INIT_RETRY_LIMIT

Maximum retry attempts for initializing Ranger user loader. (<0 indicates unlimited retries)

usersync.user.loader.ranger.init.retrylimit

-1

PRIVACERA_USERSYNC_RANGER_REQUEST_RETRY_INTERVAL_IN_MILLIS

Delay in milliseconds between retry attempts for requests to Ranger

ranger.request.retryinterval.ms

10000

PRIVACERA_USERSYNC_RANGER_REQUEST_RETRY_LIMIT

Maximum retry attempts for requests to Ranger

ranger.request.retrylimit

3

PRIVACERA_USERSYNC_UPDATE_GROUP_MEMBERSHIPS_BULK_ENABLED

Enable bulk update of group memberships to Ranger

usersync.user.loader.update.group.memberships.bulk.enabled

TRUE

PRIVACERA_USERSYNC_CONTEXT_OPEN_MAX_RETRY

Maximum retry attempts to open RocksDB cache.

usersync.context.rocksdb.open.max.retry

5

PRIVACERA_USERSYNC_CONTEXT_OPEN_DESTROY_ON_FAIL

Enable automatic destroy of RocksDB cache if unable to open (corrupted). Cache will be rebuilt.

usersync.context.rocksdb.open.destroyonfail

TRUE

PRIVACERA_USERSYNC_LOADER_ASSIGN_ROLE_PRIORITY_LIST

Priority list of roles if a user has multiple roles mapped. Highest priority role will be applied to the user.

usersync.user.loader.assign.role.priority.list

ROLE_SYS_ADMIN,ROLE_ADMIN_AUDITOR

PRIVACERA_USERSYNC_API_SECURITY_USER_NAME

If configured, Usersync REST APIs are available with basic auth.

usersync.api.security.user.name

PRIVACERA_USERSYNC_API_SECURITY_USER_PASSWORD

If configured, Usersync REST APIs are available with basic auth.

usersync.api.security.user.password