Skip to content

Users, Groups, and Roles Management

Privacera's AWS Redshift connector provides an option to limit the users, groups, and roles that need to be managed by the connector. This can be achieved by specifying the users, groups, and roles that need to be managed or ignored by the connector. Ignored users, groups and roles have precedence over managed users, groups, and roles.

This section provides details on how to configure the connector to manage them.

Setup

The following properties define comma-separated lists of users, groups, and roles to be managed by PolicySync. If you wish to manage all resources, you can skip specifying these properties. Wildcards (*)are supported to match multiple resources.

Example:

  • Users: user1, user2, dev_user*
  • Groups: group1, group2, dev_group_*
  • Roles: role1, role2, dev_role_*

Replace the example values with your actual user, group, and role names.

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/redshift/instance1/vars.connector.redshift.yml

  3. If you want to manage only specific users, groups, and roles, specify them in the respective lists. Leave the values empty or put *, to manage all users, groups, and roles.

    YAML
    1
2
3
    CONNECTOR_REDSHIFT_MANAGE_USER_LIST: "user1, user2"
CONNECTOR_REDSHIFT_MANAGE_GROUP_LIST: "group1, group2, dev_group_*"
CONNECTOR_REDSHIFT_MANAGE_ROLE_LIST: "role1, role2, dev_role_*"

  4. To exclude specific users, groups, and roles from the connector, set the following properties.

    YAML
    1
2
3
    CONNECTOR_REDSHIFT_IGNORE_USER_LIST: "user_a, user_b"
CONNECTOR_REDSHIFT_IGNORE_GROUP_LIST: "group_a, group_b, dev_group_*"
CONNECTOR_REDSHIFT_IGNORE_ROLE_LIST: "role_a, role_b, dev_role_*"

  5. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  1. Navigate to Settings -> Applications.

  2. On the Connected Applications screen, select Redshift application.

  3. Click the edit icon, click on Access Management -> ADVANCED tab.

  4. For including specific users, groups, and roles, enter the values in the following fields:

    • Users to set access control policies: user1, user2, dev_user*
    • Groups to set access control policies: group1, group2, dev_group_*
    • Roles to set access control policies: role1, role2, dev_role_*

  5. For excluding specific users, groups, and roles, enter the values in the following fields:

    • Users to be ignored by access control policies: user_a, user_b
    • Groups be ignored by access control policies: group_a, group_b, dev_group_*
    • Roles be ignored by access control policies: role_a, role_b, dev_role_*

  6. Click Save to apply the changes.

Comments