- PrivaceraCloud Release 4.5
- PrivaceraCloud User Guide
- PrivaceraCloud
- What is PrivaceraCloud?
- Getting Started with Privacera Cloud
- User Interface
- Dashboard
- Access Manager
- Discovery
- Usage statistics
- Encryption and Masking
- Privacera Encryption core ideas and terminology
- Encryption Schemes
- Encryption Schemes
- System Encryption Schemes Enabled by Default
- View Encryption Schemes
- Formats, Algorithms, and Scopes
- Record the Names of Schemes in Use and Do Not Delete Them
- System Encryption Schemes Enabled by Default
- Viewing the Encryption Schemes
- Formats, Algorithms, and Scopes
- Record the Names of Schemes in Use and Do Not Delete Them
- Encryption Schemes
- Presentation Schemes
- Masking schemes
- Create scheme policies on PrivaceraCloud
- Encryption formats, algorithms, and scopes
- Deprecated encryption formats, algorithms, and scopes
- PEG REST API on PrivaceraCloud
- PEG API Endpoint
- Request Summary for PrivaceraCloud
- Prerequisites
- Anatomy of a PEG API endpoint on PrivaceraCloud
- About constructing the datalist for /protect
- About deconstructing the response from /unprotect
- Example of data transformation with /unprotect and presentation scheme
- Example PEG REST API endpoints for PrivaceraCloud
- Audit details for PEG REST API accesses
- Make calls on behalf of another user on PrivaceraCloud
- Privacera Encryption UDF for masking in Databricks
- Privacera Encryption UDFs for Trino
- Syntax of Privacera Encryption UDFs for Trino
- Prerequisites for installing Privacera Crypto plug-in for Trino
- Variable values to obtain from Privacera
- Determine required paths to crypto jar and crypto.properties
- Download Privacera Crypto Jar
- Set variables in Trino etc/crypto.properties
- Restart Trino to register the Privacera Crypto UDFs for Trino
- Example queries to verify Privacera-supplied UDFs
- Azure AD setup
- Launch Pad
- Settings
- General functions in PrivaceraCloud settings
- Applications
- About applications
- Azure Data Lake Storage Gen 2 (ADLS)
- Athena
- Privacera Discovery with Cassandra
- Databricks
- Databricks SQL
- Dremio
- DynamoDB
- Elastic MapReduce from Amazon
- EMRFS S3
- Files
- File Explorer for Google Cloud Storage
- Glue
- Google BigQuery
- Kinesis
- Lambda
- Microsoft SQL Server
- MySQL for Discovery
- Open Source Spark
- Oracle for Discovery
- PostgreSQL
- Power BI
- Presto
- Redshift
- Redshift Spectrum
- Kinesis
- Snowflake
- Starburst Enterprise with PrivaceraCloud
- Starburst Enterprise Presto
- Trino
- Datasource
- User Management
- API Key
- About Account
- Statistics
- Help
- Apache Ranger API
- Reference
- Okta Setup for SAML-SSO
- Azure AD setup
- SCIM Server User-Provisioning
- AWS Access with IAM
- Access AWS S3 buckets from multiple AWS accounts
- Add UserInfo in S3 Requests sent via Dataserver
- EMR Native Ranger Integration with PrivaceraCloud
- Spark Properties
- Operational Status
- How-to
- Create CloudFormation Stack
- Enable Real-time Scanning of S3 Buckets
- Enable Discovery Realtime Scanning Using IAM Role
- How to configure multiple JSON Web Tokens (JWTs) for EMR
- Enable offline scanning on Azure Data Lake Storage Gen 2 (ADLS)
- Enable Real-time Scanning on Azure Data Lake Storage Gen 2 (ADLS)
- How to Get Support
- Coordinated Vulnerability Disclosure (CVD) Program of Privacera
- Shared Security Model
- PrivaceraCloud
- PrivaceraCloud Previews
- Privacera documentation changelog
Connect users
PrivaceraCloud works with two different sets of users: data access users and portal users.
Data access users and portal users serve different purposes and are managed separately. However, these user sets can overlap. For example, portal users authentication can be bound to the same LDAP/AD directory service that is imported for data access.
Data access Users, Groups, and Roles
Data access users: Rights to data are configured with the use of data access users, data access groups (groups of users), and data access roles (groups of users, groups, and other data access roles).
Data access users, groups, and roles can be created and managed individually. See About data access users, groups, and roles resource policies.
Data access users and groups can also be provisioned using a pull from a Directory Service or Identity Provider, or a push to your PrivaceraCloud account once it is configured as a SCIM Server.
UserSync
The term UserSync mean synchronizing the user-related data between external systems and PrivaceraCloud. The following are the general types of UserSync:
Synchronization by pulling user data from external systems into PrivaceraCloud.
Synchronization by pushing user data from PrivaceraCloud to external systems.
For pull-based user provisioning, UserSync works with the Lightweight Directory Access Protocol (LDAP) , LDAP-SSL, and System for Cross-domain Identity Management (SCIM) protocols and with applications built on those prototocols, such as Active Directory (AD), Azure Active Directory (AAD), and Okta. UserSync pulls an initial set of defined identities from these systems and keeps the set of identities updated with refresh queries, approximately once an hour.
For push user-provisioning, PrivaceraCloud account can be configured to act as an SCIM server so that SCIM-enabled clients can push user and group identities to your PrivaceraCloud account. For more information, see SCIM Server User-Provisioning.
Portal user LDAP/AD
Portal users are credentialed identities that can log onto and access your PrivaceraCloud account via the web portal and the API. Portal users are created and managed in Settings: User Management.
Portal users can also be imported from an LDAP, LDAP-SSL, or Active Directory service. For more information, see LDAP/AD.
Portal access can also be enabled in Single Sign On (SSO) mode, with a SAML connection to a SAML Identity Provider server using an Okta SAML connection.For more information, see SAML: Activate Single Sign-On (SSO).
SSO enabled users must still be assigned a portal user role. This role assignment is done in Settings: User Management, once the user is established.