Skip to content

Permission Sink for Unity Catalog

The Privacera Connector for AWS Lake Formation pull mode supports the permission sink for the Unity Catalog. If you are using both Lake Formation and Unity Catalog, update the following properties to enable policy synchronization for Unity Catalog.

  • Enable the policy sink for Unity Catalog.
  • Provide the catalog name for the Unity Catalog (UC) policy. If left empty, the AWS account ID will be used as the default catalog name.

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/lakeformation/instance1/vars.connector.lakeformation.pull.yml

  3. Enable following properties to create policies and specify the catalog name for the UC policy in UC repository.

    YAML
    1
2
3
    CONNECTOR_LAKEFORMATION_SINK_UC_ENABLED: "true"
CONNECTOR_LAKEFORMATION_SINK_UC_SERVICE_APP_ID: "privacera_databricks_unity_catalog"
CONNECTOR_LAKEFORMATION_SINK_UC_CATALOG_NAME: "<PLEASE_CHANGE>"

  4. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

Comments