Skip to content

Table Properties#

PolicySync#

Common Properties#

Property Description Default Value
ranger.policysync.connector.<id> To Set the Unique Connection name for the policysync connector
ranger.policysync.connector.<id>.enabled Toggle to Enable/Disable the Connector
ranger.policysync.connector.<id>.jdbc.url JDBC Connection URL
ranger.policysync.connector.<id>.jdbc.username Database Username to be used with jdbc connection
ranger.policysync.connector.<id>.jdbc.password Database Password to be used with jdbc connection
ranger.policysync.connector.<id>.jdbc.db Database Name to be used with jdbc connection
ranger.policysync.connector.<id>.master.database Master Database  
ranger.policysync.connector.<id>.new.user.password password that will be set for all the new users after sync
ranger.policysync.connector.<id>.switch.ownership.role role name which policysync can switch to
ranger.policysync.connector.<id>.manage.service.user Enable/Disable Toggle for creating ranger user TRUE
ranger.policysync.connector.<id>.manage.service.group Enable/Disable Toggle for creating ranger group TRUE
ranger.policysync.connector.<id>.manage.service.role Enable/Disable Toggle for creating ranger role TRUE
ranger.policysync.connector.<id>.User.role.prefix Prefix will be appended while creating user priv_user_
ranger.policysync.connector.<id>.Group.role.prefix Prefix will be appended while creating group priv_group_
ranger.policysync.connector.<id>.Role.role.prefix Prefix will be appended while creating role priv_role_
ranger.policysync.connector.<id>.manage.table.list

Table name/s which needs to be managed

Notes:

  • Provide Multiple Table names separated by comma.
  • Blank Value will manage all the databases.
  • "none" Value will skip all the databases.
  • Regex can be used (ex: *_dev)
ranger.policysync.connector.<id>.manage.view.list

View name/s which needs to be managed

Notes:

  • Provide Multiple Views separated by comma.
  • Blank Value will manage all the databases.
  • "none" Value will skip all the databases.
  • Regex can be used (ex: *_dev)
ranger.policysync.connector.<id>.ignore.schema.list

Schema name/s where policies should not be enforced or ignored.

Notes:

  • Provide Multiple Schema names separated by comma.
  • Blank Value will manage all the databases.
  • "none" Value will skip all the databases.
  • Regex can be used (ex: *_dev)
ranger.policysync.connector.<id>.ignore.table.list

Table name/s where policies should not be enforced or ignored

Notes:

  • Provide Multiple Table names separated by comma
  • Blank Value will manage all the databases.
  • "none" Value will skip all the databases.
  • Regex can be used (ex: *_dev)
ranger.policysync.connector.<id>.manage.user.list

User names to be manged by Policysync

Notes:

  • Provide Multiple usernames separated by comma
  • Blank Value will manage all the users.
  • "none" Value will skip all the users.
  • Regex can be used (ex: *_user)
ranger.policysync.connector.<id>.manage.group.list

Group names to be manged by Policysync

Notes:

  • Provide Multiple groupnames separated by comma
  • Blank Value will manage all the groups.
  • "none" Value will skip all the groups.
  • Regex can be used (ex: *_group)
ranger.policysync.connector.<id>.manage.role.list

Role names to be manged by Policysync

Notes:

  • Provide Multiple usernames separated by comma
  • Blank Value will manage all the roles.
  • "none" Value will skip all the roles.
  • Regex can be used (ex: *_role)
ranger.policysync.connector.<id>.perform.grant.updates Policy-sync will manage users specified in “manage.user.list” prop only if they are associated with any group specified in “manage.group.list” TRUE
ranger.policysync.connector.<id>.manage.user.filterby.group If: True
Policy-sync will manage users specified in “manage.user.list” prop only if they are associated with any group specified in “manage.group.list”
FALSE
ranger.policysync.connector.<id>.manage.user.filterby.role If: True
Policy-sync will manage users specified in “manage.user.list” prop only if they are associated with any group specified in “manage.role.list”
FALSE
ranger.policysync.connector.<id>.masked.number.value Masking Value for Numbers in policies 0
ranger.policysync.connector.<id>.masked.double.value Masking Value for Numbers in policies 0
ranger.policysync.connector.<id>.masked.text.value Masking Value for Texts in policies <MASKED>'
ranger.policysync.connector.<id>.masked.varchar.value Masking Value for Characters in policies <MASKED>'
ranger.policysync.connector.<id>.enable.row.filter Toggle to Enable/Disable Row Filter TRUE
ranger.policysync.connector.<id>.enable.view.based.row.filter Toggle to Enable/Disable Row Filter on Views FALSE
ranger.policysync.connector.<id>.enable.view.based.masking Toggle to Enable/Disable Masking on Views TRUE
ranger.policysync.connector.<id>.secure.view.schema.name Schema name where secure view/s needs to be created

Note:
By default view based row filter and masking related secure views are created in the same schema as the original table schema.
ranger.policysync.connector.<id>.secure.view.schema.name.prefix Add Prefix to the secured view/s in the schema

Note:
By default view based row filter and masking related secure views have the same schema name as the table schema name.
ranger.policysync.connector.<id>.secure.view.schema.name.postfix Add Postfix to the secured view/s in the schema

Note:
By default view based row filter and masking related secure views have the same schema name as the table schema name.
ranger.policysync.connector.<id>.secure.view.name.prefix Add Prefix to the secured view/s

Note:
By default view based row filter and masking related secure views have the same schema name as the table schema name.
ranger.policysync.connector.<id>.secure.view.name.postfix Add Postfix to the secured view/s

Note:
By default view based row filter and masking related secure views have the same schema name as the table schema name.
_secure
ranger.policysync.connector.<id>.secure.view.schema.name.remove.suffix.list To Remove any suffix from the secured view/s in the schema

Note:
By default view based row filter and masking related secure views have the same schema name as the table schema name.
ranger.policysync.connector.<id>.secure.view.name.remove.suffix.list To Remove any Suffix from the secured view/s

Note:
By default view based row filter and masking related secure views have the same schema name as the table schema name.
ranger.policysync.connector.<id>.secure.view.create.for.all Toggle to create secure views regardless of masking/row filter policies FALSE
ranger.policysync.connector.<id>.enable.audit Toggle to Enable/Disable Audits TRUE
ranger.policysync.connector.<id>.audit.sqs.queue.name AWS SQS Queue name to send the audit logs  
ranger.policysync.connector.<id>.region AWS Region name  

MSSQL#

Property Description Default Value
ranger.policysync.connector.<id>.class Implementation class for mssql connector com.privacera.policysync.connector.PSMSSQLConnector
ranger.policysync.connector.<id>.jdbc.driver Jdbc driver com.microsoft.sqlserver.jdbc.SQLServerDriver
ranger.policysync.connector.<id>.servicetype Ranger service type mssql
ranger.policysync.connector.<id>.service.appid Ranger service appId privacera_mssql

Snowflake#

Property Description Default Value
ranger.policysync.connector.<id>.class Implementation class for snowflake connector com.privacera.policysync.connector.PSSnowflakeConnector
ranger.policysync.connector.<id>.jdbc.driver Jdbc driver net.snowflake.client.jdbc.SnowflakeDriver
ranger.policysync.connector.<id>.servicetype Ranger service type snowflake
ranger.policysync.connector.<id>.service.appid Ranger service appId privacera_snowflake
ranger.policysync.connector.<id>.audit.source.timezone Audit source timezone US/Pacific
ranger.policysync.connector.<id>.enable.column.access.masking Toggle to enable/disable masking based column level access control in snowflake TRUE
ranger.policysync.connector.<id>.enable.column.access.exception Toggle to throw exception if no column level access.

if set to True, then also set enable.column.access.masking to false
FALSE
ranger.policysync.connector.<id>.enable.column.access.exception.function This property decides what function to call to throw an exception if no column level access is there in snowflake. {database}.PUBLIC.ThrowColumnAccessException('{col}')
ranger.policysync.connector.<id>.enable.row.filter Toggle to Enable Native Row Filter Functionality FALSE
ranger.policysync.connector.<id>.user.login.name.use.email When Set to True, Policysync will create Users Account with their email address as login in Snowflake FALSE
ranger.policysync.connector.<id>.create.service.user Toggle To Create User account in Snowflake TRUE
ranger.policysync.connector.<id>.create.service.user.role Toggle to allow policysync to create user roles in the snowflake TRUE
ranger.policysync.connector.<id>.user.name.replace.from.regex Takes the regular expression as input and finds the matching characters in user name and replaces them with the characters specified in user.name.replace.to.string variable.

#Note
#If set to blank, no find and replace operation is performed.
ranger.policysync.connector.<id>.user.name.replace.to.string To replace the characters found by regex specified in user.name.replace.from.regex variable.

#Note
#If set to blank, no find and replace operation is performed.
ranger.policysync.connector.<id>.group.name.replace.from.regex This takes the regular expression as input and finds the matching characters in the group name and replaces them with the characters specified in group.name.replace.to.string variable.

#Note
#If set to blank, no find and replace operation is performed.
ranger.policysync.connector.<id>.group.name.replace.to.string To replace the characters found by regex specified in group.name.replace.from.regex variable.

#Note:
#If set to blank, no find and replace operation is performed.
ranger.policysync.connector.<id>.role.name.replace.from.regex This takes the regular expression as input and finds the matching characters in role name and replaces them with the characters specified in role.name.replace.to.string variable.

#Note
If set to blank, no find and replace operation is performed.
ranger.policysync.connector.<id>.role.name.replace.to.string To replace the characters found by regex specified in role.name.replace.from.regex variable.

#Note
If set to blank, no find and replace operation is performed.
ranger.policysync.connector.<id>.secure.view.schema.name.remove.suffix.list Set the list of comma separated strings, which will be checked if it matches as a suffix for the schema name and if a match is found, suffix will be removed from the schema name.

#Note
if set to blank, no replacement will happen
ranger.policysync.connector.<id>.secure.view.name.remove.suffix.list Set the list of comma separated strings, which will be checked if it matches as a suffix for the schema name and if a match is found, suffix will be removed from the schema name.

#Note
if set to blank, no replacement will happen

Redshift#

Property Description Default Value
ranger.policysync.connector.<id>.class Implementation class for postgres connector com.privacera.policysync.connector.PSRedshiftDBConnector
ranger.policysync.connector.<id>.jdbc.driver Jdbc driver org.postgresql.Driver
ranger.policysync.connector.<id>.servicetype Ranger service type redshift
ranger.policysync.connector.<id>.service.appid Ranger service appId privacera_redshift

PostgreSQL#

Property Description Default Value
ranger.policysync.connector.<id>.class Implementation class for postgres connector com.privacera.policysync.connector.PSPostgresBaseConnector
ranger.policysync.connector.<id>.jdbc.driver Jdbc driver org.postgresql.Driver
ranger.policysync.connector.<id>.servicetype Ranger service type postgres
ranger.policysync.connector.<id>.service.appid Ranger service appId privacera_postgres

Last update: July 23, 2021