- Platform Release 6.5
- Privacera Platform Installation
- About Privacera Manager (PM)
- Install overview
- Prerequisites
- Installation
- Default services configuration
- Component services configurations
- Access Management
- Data Server
- PolicySync
- Snowflake
- Redshift
- Redshift Spectrum
- PostgreSQL
- Microsoft SQL Server
- Databricks SQL
- RocksDB
- Google BigQuery
- Power BI
- UserSync
- Privacera Plugin
- Databricks
- Spark standalone
- Spark on EKS
- Portal SSO with PingFederate
- Trino Open Source
- Dremio
- AWS EMR
- AWS EMR with Native Apache Ranger
- GCP Dataproc
- Starburst Enterprise
- Privacera services (Data Assets)
- Audit Fluentd
- Grafana
- Access Request Manager (ARM)
- Ranger Tagsync
- Discovery
- Encryption & Masking
- Privacera Encryption Gateway (PEG) and Cryptography with Ranger KMS
- AWS S3 bucket encryption
- Ranger KMS
- AuthZ / AuthN
- Security
- Access Management
- Reference - Custom Properties
- Validation
- Additional Privacera Manager configurations
- CLI actions
- Debugging and logging
- Advanced service configuration
- Increase Privacera portal timeout for large requests
- Order of precedence in PolicySync filter
- Configure system properties
- PolicySync
- Databricks
- Table properties
- Upgrade Privacera Manager
- Troubleshooting
- How to validate installation
- Possible Errors and Solutions in Privacera Manager
- Unable to Connect to Docker
- Terminate Installation
- 6.5 Platform Installation fails with invalid apiVersion
- Ansible Kubernetes Module does not load
- Unable to connect to Kubernetes Cluster
- Common Errors/Warnings in YAML Config Files
- Delete old unused Privacera Docker images
- Unable to debug error for an Ansible task
- Unable to upgrade from 4.x to 5.x or 6.x due to Zookeeper snapshot issue
- Storage issue in Privacera UserSync & PolicySync
- Permission Denied Errors in PM Docker Installation
- Unable to initialize the Discovery Kubernetes pod
- Portal service
- Grafana service
- Audit server
- Audit Fluentd
- Privacera Plugin
- How-to
- Appendix
- AWS topics
- AWS CLI
- AWS IAM
- Configure S3 for real-time scanning
- Install Docker and Docker compose (AWS-Linux-RHEL)
- AWS S3 MinIO quick setup
- Cross account IAM role for Databricks
- Integrate Privacera services in separate VPC
- Securely access S3 buckets ssing IAM roles
- Multiple AWS account support in Dataserver using Databricks
- Multiple AWS S3 IAM role support in Dataserver
- Azure topics
- GCP topics
- Kubernetes
- Microsoft SQL topics
- Snowflake configuration for PolicySync
- Create Azure resources
- Databricks
- Spark Plug-in
- Azure key vault
- Add custom properties
- Migrate Ranger KMS master key
- IAM policy for AWS controller
- Customize topic and table names
- Configure SSL for Privacera
- Configure Real-time scan across projects in GCP
- Upload custom SSL certificates
- Deployment size
- Service-level system properties
- PrestoSQL standalone installation
- AWS topics
- Privacera Platform User Guide
- Introduction to Privacera Platform
- Settings
- Data inventory
- Token generator
- System configuration
- Diagnostics
- Notifications
- How-to
- Privacera Discovery User Guide
- What is Discovery?
- Discovery Dashboard
- Scan Techniques
- Processing order of scan techniques
- Add and scan resources in a data source
- Start or cancel a scan
- Tags
- Dictionaries
- Patterns
- Scan status
- Data zone movement
- Models
- Disallowed Tags policy
- Rules
- Types of rules
- Example rules and classifications
- Create a structured rule
- Create an unstructured rule
- Create a rule mapping
- Export rules and mappings
- Import rules and mappings
- Post-processing in real-time and offline scans
- Enable post-processing
- Example of post-processing rules on tags
- List of structured rules
- Supported scan file formats
- Data Source Scanning
- Data Inventory
- TagSync using Apache Ranger
- Compliance Workflow
- Data zones and workflow policies
- Workflow Policies
- Alerts Dashboard
- Data Zone Dashboard
- Data zone movement
- Workflow policy use case example
- Discovery Health Check
- Reports
- How-to
- Privacera Encryption Guide
- Overview of Privacera Encryption
- Install Privacera Encryption
- Encryption Key Management
- Schemes
- Encryption with PEG REST API
- Privacera Encryption REST API
- PEG API endpoint
- PEG REST API encryption endpoints
- PEG REST API authentication methods on Privacera Platform
- Common PEG REST API fields
- Construct the datalist for the /protect endpoint
- Deconstruct the response from the /unprotect endpoint
- Example data transformation with the /unprotect endpoint and presentation scheme
- Example PEG API endpoints
- /authenticate
- /protect with encryption scheme
- /protect with masking scheme
- /protect with both encryption and masking schemes
- /unprotect without presentation scheme
- /unprotect with presentation scheme
- /unprotect with masking scheme
- REST API response partial success on bulk operations
- Audit details for PEG REST API accesses
- Make encryption API calls on behalf of another user
- Troubleshoot REST API Issues on Privacera Platform
- Privacera Encryption REST API
- Encryption with Databricks, Hive, Streamsets, Trino
- Databricks UDFs for encryption and masking
- Hive UDFs
- StreamSets Data Collector (SDC) and Privacera Encryption
- Privacera crypto plugin for Trino
- Privacera Access Management User Guide
- Privacera Access Management
- How Polices are evaluated
- Resource policies
- Policies overview
- Creating Resource Based Policies
- Configure Policy with Attribute-Based Access Control
- Configuring Policy with Conditional Masking
- Tag Policies
- Entitlement
- Request Access
- Approve access requests
- Service Explorer
- Users, groups, and roles
- Permissions
- Reports
- Audit
- Security Zone
- Access Control using APIs
- AWS User Guide
- Overview of Privacera on AWS
- Set policies for AWS services
- Using Athena with data access server
- Using DynamoDB with data access server
- Databricks access manager policy
- Accessing Kinesis with data access server
- Accessing Firehose with Data Access Server
- EMR user guide
- AWS S3 bucket encryption
- Getting started with Minio
- Plugins
- How to Get Support
- Coordinated Vulnerability Disclosure (CVD) Program of Privacera
- Shared Security Model
- Privacera Platform documentation changelog
Table properties
PolicySync
Common Properties
Property | Description | Default Value |
|---|---|---|
ranger.policysync.connector.<id> | To Set the Unique Connection name for the policysync connector | |
ranger.policysync.connector.<id>.enabled | Toggle to Enable/Disable the Connector | |
ranger.policysync.connector.<id>.jdbc.url | JDBC Connection URL | |
ranger.policysync.connector.<id>.jdbc.username | Database Username to be used with jdbc connection | |
ranger.policysync.connector.<id>.jdbc.password | Database Password to be used with jdbc connection | |
ranger.policysync.connector.<id>.jdbc.db | Database Name to be used with jdbc connection | |
ranger.policysync.connector.<id>.master.database | Master Database | |
ranger.policysync.connector.<id>.new.user.password | password that will be set for all the new users after sync | |
ranger.policysync.connector.<id>.switch.ownership.role | role name which policysync can switch to | |
ranger.policysync.connector.<id>.manage.service.user | Enable/Disable Toggle for creating ranger user | TRUE |
ranger.policysync.connector.<id>.manage.service.group | Enable/Disable Toggle for creating ranger group | TRUE |
ranger.policysync.connector.<id>.manage.service.role | Enable/Disable Toggle for creating ranger role | TRUE |
ranger.policysync.connector.<id>.User.role.prefix | Prefix will be appended while creating user | priv_user_ |
ranger.policysync.connector.<id>.Group.role.prefix | Prefix will be appended while creating group | priv_group_ |
ranger.policysync.connector.<id>.Role.role.prefix | Prefix will be appended while creating role | priv_role_ |
ranger.policysync.connector.<id>.manage.table.list | Table name/s which needs to be managed Notes:
| |
ranger.policysync.connector.<id>.manage.view.list | View name/s which needs to be managed Notes:
| |
ranger.policysync.connector.<id>.ignore.schema.list | Schema name/s where policies should not be enforced or ignored. Notes:
| |
ranger.policysync.connector.<id>.ignore.table.list | Table name/s where policies should not be enforced or ignored Notes:
| |
ranger.policysync.connector.<id>.manage.user.list | User names to be manged by Policysync Notes:
| |
ranger.policysync.connector.<id>.manage.group.list | Group names to be manged by Policysync Notes:
| |
ranger.policysync.connector.<id>.manage.role.list | Role names to be manged by Policysync Notes:
| |
ranger.policysync.connector.<id>.perform.grant.updates | Policy-sync will manage users specified in “manage.user.list” prop only if they are associated with any group specified in “manage.group.list” | TRUE |
ranger.policysync.connector.<id>.manage.user.filterby.group | If: True Policy-sync will manage users specified in “manage.user.list” prop only if they are associated with any group specified in “manage.group.list” | FALSE |
ranger.policysync.connector.<id>.manage.user.filterby.role | If: True Policy-sync will manage users specified in “manage.user.list” prop only if they are associated with any group specified in “manage.role.list” | FALSE |
ranger.policysync.connector.<id>.masked.number.value | Masking Value for Numbers in policies | 0 |
ranger.policysync.connector.<id>.masked.double.value | Masking Value for Numbers in policies | 0 |
ranger.policysync.connector.<id>.masked.text.value | Masking Value for Texts in policies | <MASKED>' |
ranger.policysync.connector.<id>.masked.varchar.value | Masking Value for Characters in policies | <MASKED>' |
ranger.policysync.connector.<id>.enable.row.filter | Toggle to Enable/Disable Row Filter | TRUE |
ranger.policysync.connector.<id>.enable.view.based.row.filter | Toggle to Enable/Disable Row Filter on Views | FALSE |
ranger.policysync.connector.<id>.enable.view.based.masking | Toggle to Enable/Disable Masking on Views | TRUE |
ranger.policysync.connector.<id>.secure.view.schema.name | Schema name where secure view/s needs to be created Note: By default view based row filter and masking related secure views are created in the same schema as the original table schema. | |
ranger.policysync.connector.<id>.secure.view.schema.name.prefix | Add Prefix to the secured view/s in the schema Note: By default view based row filter and masking related secure views have the same schema name as the table schema name. | |
ranger.policysync.connector.<id>.secure.view.schema.name.postfix | Add Postfix to the secured view/s in the schema Note: By default view based row filter and masking related secure views have the same schema name as the table schema name. | |
ranger.policysync.connector.<id>.secure.view.name.prefix | Add Prefix to the secured view/s Note: By default view based row filter and masking related secure views have the same schema name as the table schema name. | |
ranger.policysync.connector.<id>.secure.view.name.postfix | Add Postfix to the secured view/s Note: By default view based row filter and masking related secure views have the same schema name as the table schema name. | _secure |
ranger.policysync.connector.<id>.secure.view.schema.name.remove.suffix.list | To Remove any suffix from the secured view/s in the schema Note: By default view based row filter and masking related secure views have the same schema name as the table schema name. | |
ranger.policysync.connector.<id>.secure.view.name.remove.suffix.list | To Remove any Suffix from the secured view/s Note: By default view based row filter and masking related secure views have the same schema name as the table schema name. | |
ranger.policysync.connector.<id>.secure.view.create.for.all | Toggle to create secure views regardless of masking/row filter policies | FALSE |
ranger.policysync.connector.<id>.enable.audit | Toggle to Enable/Disable Audits | TRUE |
ranger.policysync.connector.<id>.audit.sqs.queue.name | AWS SQS Queue name to send the audit logs | |
ranger.policysync.connector.<id>.region | AWS Region name |
MSSQL
Property | Description | Default Value |
|---|---|---|
ranger.policysync.connector.<id>.class | Implementation class for mssql connector | com.privacera.policysync.connector.PSMSSQLConnector |
ranger.policysync.connector.<id>.jdbc.driver | Jdbc driver | com.microsoft.sqlserver.jdbc.SQLServerDriver |
ranger.policysync.connector.<id>.servicetype | Ranger service type | mssql |
ranger.policysync.connector.<id>.service.appid | Ranger service appId | privacera_mssql |
Snowflake
Property | Description | Default Value |
|---|---|---|
ranger.policysync.connector.<id>.class | Implementation class for snowflake connector | com.privacera.policysync.connector.PSSnowflakeConnector |
ranger.policysync.connector.<id>.jdbc.driver | Jdbc driver | net.snowflake.client.jdbc.SnowflakeDriver |
ranger.policysync.connector.<id>.servicetype | Ranger service type | snowflake |
ranger.policysync.connector.<id>.service.appid | Ranger service appId | privacera_snowflake |
ranger.policysync.connector.<id>.audit.source.timezone | Audit source timezone | US/Pacific |
ranger.policysync.connector.<id>.enable.column.access.masking | Toggle to enable/disable masking based column level access control in snowflake Policysync will be configured to return | TRUE |
ranger.policysync.connector.<id>.enable.column.access.exception | Toggle to throw an exception if no column level access. This will cause the query to fail. If set to True, then also set enable.column.access.masking to false | FALSE |
ranger.policysync.connector.<id>.enable.column.access.exception.function | This property decides what function to call to throw an exception if no column level access is there in snowflake. | {database}.PUBLIC.ThrowColumnAccessException('{col}') |
ranger.policysync.connector.<id>.enable.row.filter | Toggle to Enable Native Row Filter Functionality | FALSE |
ranger.policysync.connector.<id>.user.login.name.use.email | When Set to True, Policysync will create Users Account with their email address as login in Snowflake | FALSE |
ranger.policysync.connector.<id>.create.service.user | Toggle To Create User account in Snowflake | TRUE |
ranger.policysync.connector.<id>.create.service.user.role | Toggle to allow policysync to create user roles in the snowflake | TRUE |
ranger.policysync.connector.<id>.user.name.replace.from.regex | Takes the regular expression as input and finds the matching characters in user name and replaces them with the characters specified in user.name.replace.to.string variable. #Note #If set to blank, no find and replace operation is performed. | |
ranger.policysync.connector.<id>.user.name.replace.to.string | To replace the characters found by regex specified in user.name.replace.from.regex variable. #Note #If set to blank, no find and replace operation is performed. | |
ranger.policysync.connector.<id>.group.name.replace.from.regex | This takes the regular expression as input and finds the matching characters in the group name and replaces them with the characters specified in group.name.replace.to.string variable. #Note #If set to blank, no find and replace operation is performed. | |
ranger.policysync.connector.<id>.group.name.replace.to.string | To replace the characters found by regex specified in group.name.replace.from.regex variable. #Note: #If set to blank, no find and replace operation is performed. | |
ranger.policysync.connector.<id>.role.name.replace.from.regex | This takes the regular expression as input and finds the matching characters in role name and replaces them with the characters specified in role.name.replace.to.string variable. #Note If set to blank, no find and replace operation is performed. | |
ranger.policysync.connector.<id>.role.name.replace.to.string | To replace the characters found by regex specified in role.name.replace.from.regex variable. #Note If set to blank, no find and replace operation is performed. | |
ranger.policysync.connector.<id>.secure.view.schema.name.remove.suffix.list | Set the list of comma separated strings, which will be checked if it matches as a suffix for the schema name and if a match is found, suffix will be removed from the schema name. #Note if set to blank, no replacement will happen | |
ranger.policysync.connector.<id>.secure.view.name.remove.suffix.list | Set the list of comma separated strings, which will be checked if it matches as a suffix for the schema name and if a match is found, suffix will be removed from the schema name. #Note if set to blank, no replacement will happen |
Redshift
Property | Description | Default Value |
|---|---|---|
ranger.policysync.connector.<id>.class | Implementation class for postgres connector | com.privacera.policysync.connector.PSRedshiftDBConnector |
ranger.policysync.connector.<id>.jdbc.driver | Jdbc driver | org.postgresql.Driver |
ranger.policysync.connector.<id>.servicetype | Ranger service type | redshift |
ranger.policysync.connector.<id>.service.appid | Ranger service appId | privacera_redshift |
PostgreSQL
Property | Description | Default Value |
|---|---|---|
ranger.policysync.connector.<id>.class | Implementation class for postgres connector | com.privacera.policysync.connector.PSPostgresBaseConnector |
ranger.policysync.connector.<id>.jdbc.driver | Jdbc driver | org.postgresql.Driver |
ranger.policysync.connector.<id>.servicetype | Ranger service type | postgres |
ranger.policysync.connector.<id>.service.appid | Ranger service appId | privacera_postgres |