Disabling Synchronizing of Policies in AWS Redshift¶

When using AWS Redshift with Privacera, you can temporarily disable the synchronizing of policies from Privacera to AWS Redshift. Here are some use cases where you might want to do this:

While setting up the connector, you might want to disable the synchronizing of policies to avoid any conflicts with existing policies in AWS Redshift.
If there are new type of permissions that are supported by Privacera then when you upgrade the connector, you might want to disable the synchronizing of policies to avoid deleting the existing policies in AWS Redshift. The recommendation is to upgrade the connector and apply the policies again in Privacera before enabling the synchronizing. This makes sure that existing users don't lose access during the upgrade.

Setup¶

SSH to the instance where Privacera Manager is installed.
Run the following command to open the .yml file to be edited.

If you have multiple connectors, then replace instance1 with the appropriate connector instance name.
Bash
1 2
cd ~/privacera/privacera-manager/config/custom-vars/connectors/redshift/instance1 vi vars.connector.redshift.yml
Update the following property to disable grant and revoke updates for user, group, and role on Redshift.
YAML
1
CONNECTOR_REDSHIFT_GRANT_UPDATES: "false"
After configuring the property, update the connector with:

Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

Bash
cd ~/privacera/privacera-manager
./privacera-manager.sh setup

Step 2 - Apply the Privacera Manager helm charts.

Bash
cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade

Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

Bash
cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

For reenabling the policy sync, you need to set the CONNECTOR_REDSHIFT_GRANT_UPDATES property to true and re-run the update command.

YAML
CONNECTOR_REDSHIFT_GRANT_UPDATES: "true"