Skip to content

Manage Resources List

You can configure the Databricks SQL connector to manage access control policies for specific databases, tables/views. You can specify lists to include and exclude resources. The connector manages access control policies for resources in the include list and ignores resources in the exclude list. If a resource is in the exclude list, the connector does not manage it, even if it is also in the include list.

Use the following properties to specify comma-separated list of databases and tables/views for which access control should be managed by PolicySync. To manage all resources, leave these properties unspecified. You can also use wildcard characters (*) to match multiple databases, tables, or views.

Example:

  • Databases: test_db1,test_db2*.sales*
  • Tables/Views: test_db1.table1,test_db2*.table2,sales*.view*

Setup

Warning

  • Values are case-sensitive.
  • Provide fully qualified names for databases, tables/views. E.g. test_db1.table1
  • Replace the example values with your actual resource names.

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/databricks-sql-analytics/instance1/vars.connector.databricks.sql.analytics.yml

  3. Set the following properties to enable the connector to manage the permissions for databases, tables/views, and other resources in the Databricks SQL:

    YAML
    1
2
    CONNECTOR_DATABRICKS_SQL_ANALYTICS_MANAGE_DATABASE_LIST: "test_db1"
CONNECTOR_DATABRICKS_SQL_ANALYTICS_MANAGE_TABLE_LIST: "test_db1.table1"

  4. For excluding resources, set the following properties:

    YAML
    1
2
    CONNECTOR_DATABRICKS_SQL_ANALYTICS_IGNORE_DATABASE_LIST: "test_db1"
CONNECTOR_DATABRICKS_SQL_ANALYTICS_IGNORE_TABLE_LIST: "test_db1.table1"

  5. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  1. In PrivaceraCloud portal, navigate to Settings -> Applications.

  2. On the Connected Applications screen, select Databricks SQL.

  3. Click on the icon or the Account Name to modify the settings.

  4. On the Edit Application screen, go to Access Management.

  5. For including resources, enter the following values in the respective fields:

    • Databases to set access control policies: test_db1
    • Tables to set access control policies: test_db1.table1

  6. For excluding resources, enter the following values in the respective fields:

    • Databases to ignore while setting access control policies: test_db1
    • Tables to ignore while setting access control policies: test_db1.table1

  7. Click SAVE to apply the changes.

Comments