Skip to content

Privacera Release 6.4

Privacera Platform Release 6.4

Last updated: 2022-05-12

Versions of Privacera Platform Modules

Build/Image: rel_6.4.0.1

  • Discovery: rel_6.4.0.1
  • Access Manager: rel_6.4.0.1
  • Privacera Encryption Gateway (PEG): rel_6.4.0.1

New and Improved Features

Access Management

  • Preview: Access control is now supported for Microsoft SQL. For native views in Microsoft SQL, you can use the native Row-Filter, Dynamic Row-Filter, and Masking policies.

    Note

    Views created by PolicySync during view based Masking and Row Level Filtering are not native views. Native views can be created in a variety of ways, such as by the user or by any of the client's processes.

  • Preview: You can use user or group attributes in Row Level Filtering expressions to create Fine-Grained Access Control (FGAC) policies.

  • Redshift Spectrum supports access control for features such as Row Level Filter, Column Masking, External Schema, and Table modeling.

  • The public group is now included in the PolicySync group's default value.

  • The Privacera Ranger plug-in is now certified for Confluent Kafka 6.2 and 7.1 versions.

  • Access control in Open Source Trino-370 is certified for Hive, Redshift, and PostgreSQL catalogs.

Dataserver

  • File Explorer now supports multiple ClientIDs and Client secrets for Azure data servers.

  • Multiple JWT IDPs are supported in a dataserver. You can configure both PING_IDENTITY (websec) and KEYCLOAK IDPs at the same time. For more information, see JSON Web Tokens.

UserSync

  • Preview: LDAP Ranger UserSync, LDAP Privacera UserSync, and Privacera Portal now support chained SSL certificates.

  • In Privacera UserSync, you can now configure group attributes to run attribute-based policies on groups.

  • In Privacera UserSync, you can now delete users and groups from the Azure Active Directory.

Discovery

  • Starburst Enterprise versions 370 LTS and 360 LTS are supported for the Privacera Data Discovery (PDD) scan.

Portal

  • Search usability has been improved in User/Group/Role management. The search function is now persistent in the browsing session.

PolicySync

From version 6.3 and newer, when PolicySync parses an ignore list for a data source object such as a table or schema, PolicySync appends that list of objects to ignore with an internal list of objects to ignore specific to each data source. Previously, if you specified a list of objects to ignore, the specified list overrode a static list of data source specific objects to ignore, such as the PostgreSQL system catalogs.

Snowflake

  • Native Row Level Filters for native views are now supported on the PolicySync Snowflake connectors.

  • Snowflake's native Row Level Filter now supports inner queries using the SNOWFLAKE_ROW_FILTER_ALIAS_TOKEN property. For more information about this property, see Snowflake connector in PolicySync custom properties.

  • Snowflake native Masking policy is supported for columns with binary, boolean, date, time, and timestamp data types.

  • Column-level access control for native view columns is now supported on the Snowflake resources.

  • Snowflake now supports generating secure view schema names by replacing a substring within the original schema name.

  • Snowflake PolicySync now supports key-pair authentication using the following properties:

    SNOWFLAKE_USE_KEY_PAIR_AUTHENTICATION: "true"
    SNOWFLAKE_JDBC_PRIVATE_KEY_FILE_NAME: “<rsa_key.p8>”
    SNOWFLAKE_JDBC_PRIVATE_KEY_PASSWORD: "<PLEASE_CHANGE>"
    

    For more information about this property, see Snowflake connector in PolicySync custom properties.

  • Snowflake PolicySync extends the following object types to manage permissions:

    • External tables

    • Stages

    • Pipes

    • File formats

    • Streams

    • Functions

    • Sequences

  • SNOWFLAKE_ENABLE_ROW_FILTER and SNOWFLAKE_ENABLE_VIEW_BASED_ROW_FILTER properties can't both be true at the same time to prevent ambiguous behavior at runtime. If you set one property to "true", then the other property will automatically become "false."

  • SNOWFLAKE_ENABLE_MASKING and SNOWFLAKE_ENABLE_VIEW_BASED_MASKING properties can't both be true at the same time to prevent ambiguous behavior at runtime. If you set one property to "true", then the other property will automatically become "false."

    Note

    These are the default values for the following properties:

    SNOWFLAKE_ENABLE_ROW_FILTER : "true"
    SNOWFLAKE_ENABLE_VIEW_BASED_ROW_FILTER : "false"
    SNOWFLAKE_ENABLE_MASKING : "true"
    SNOWFLAKE_ENABLE_VIEW_BASED_MASKING : "false"
    

Supported Versions of Third-party Systems

Expand the "Platform 6.x" table in Supported Versions of Third-party Systems.

Platform Support Policy and End-of-Support Dates

Login to Zendesk to see Privacera's Product Support Policy.

Fixed Issues

See Fixed Issues, Privacera Platform Release 6.4.

Known Issues

See Known Issues, Privacera Platform Release 6.4.

Documentation Changelog

For documentation updates in this release, see the Privacera Documentation Change Log.