Fine Tuning Databricks FGAC¶
These are some common properties that can be used to fine-tune the Databricks FGAC configuration.
| Feature | Description | Default Value | Possible Values |
|---|---|---|---|
| spark.hadoop.privacera.custom.current_user.udf.names | Map logged-in user to Ranger user for row-filter policy. Valid function name however you have to make sure it should be in sync with row-filter current_user condition. | current_user() | |
| spark.hadoop.privacera.spark.rowfilter.extension.enable | To enable/disable Row Filtering on table. | true | true/false |
| spark.hadoop.privacera.spark.masking.extension.enable | To enable/disable Column Masking on table. | true | true/false |
| spark.hadoop.privacera.fgac.file.ignore.path | Comma separated list of paths that are ignored during access check. This property does not currently support the wildcard * pattern match. For example s3://bucket/folderA/*/folderD, is not supported. | /tmp/tmp/* | s3://bucket, s3://bucket*, s3://bucket/dir, /tmp/data/, dbfs:/local_disk0/ |
| spark.hadoop.privacera.fgac.sql.metadata.read.denied.audit.enabled | Set this property to true to generate READ denied audits for metadata requests (instead of SELECT) if there is no permissions. If both READ and SELECT permissions are provided, an allowed audit entry will be recorded for READ. | false | true/false |
| spark.hadoop.privacera.fgac.wa.partition.filter.enable | Set this property to false to skip the plugin’s transformation logic for Filter conditions. For more details refer Troubleshoot section. | true | true/false |
- Prev topic: Advanced Configuration