Switch Ownership¶

Privacera supports switching the ownership of Databricks SQL resources managed through the Databricks SQL connector. This feature allows you to assign ownership of Databricks SQL resources—such as databases and tables—to a designated user, group, or service principal. This helps improve the management of access control and permissions.

The Switch Ownership property requires the email ID of the user, group name, or service principal Application ID to whom you want to assign ownership of resources.

Prerequisites

The user or OAuth credentials (if using a service principal for authentication) must have admin privileges to change ownership of resources.
The user, group, or service principal set as owner will have ownership over all Databricks SQL resources managed by Privacera.
Typically, this email should match the Databricks SQL JDBC username.

After the resource loader runs, the connector executes the following queries for each loaded resource:

For databases: ALTER DATABASE <db-name> OWNER TO '<user-email>';
For tables: ALTER TABLE <db-name>.<table-name> OWNER TO '<user-email>';

Configure¶

Replace <RESOURCE_OWNER> with your actual value (user email, group name, or service principal Application ID).

Self Managed (Portal Configuration)Self Managed (YAML Configuration) and Data PlanePrivaceraCloud

Navigate to Settings → Applications in the Self-Managed Portal.
From the list of Connected Applications, select Databricks SQL.
Click the icon or the Account Name to modify the settings.
On the Edit Application screen, go to Access Management.
Under the ADVANCED tab, add the following property under Add New Custom Properties:
Bash
1
ranger.policysync.connector.0.owner=<RESOURCE_OWNER>
Click SAVE to apply the changes.

SSH to the instance where Privacera Manager is installed.
Run the following command to open the .yml file to be edited.

If you have multiple connectors, then replace instance1 with the appropriate connector instance name.
Bash
1
vi ~/privacera/privacera-manager/config/custom-vars/connectors/databricks-sql-analytics/instance1/vars.connector.databricks.sql.analytics.yml
Add or update the following property to specify the ownership:
YAML
1
CONNECTOR_DATABRICKS_SQL_ANALYTICS_OWNER_ROLE: "<RESOURCE_OWNER>"
Default Value

If not specified, the owner role defaults to the JDBC username ({{ CONNECTOR_DATABRICKS_SQL_ANALYTICS_JDBC_USERNAME }}). You can explicitly set it to a user email, group name, or service principal Application ID.
Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

Step 1 - Setup which generates the helm charts. This step usually takes few minutes.
Bash
1 2
cd ~/privacera/privacera-manager ./privacera-manager.sh setup
Step 2 - Apply the Privacera Manager helm charts.
Bash
1 2
cd ~/privacera/privacera-manager ./pm_with_helm.sh upgrade
Step 3 - (Optional) Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on. This step is not required if you are updating only connector properties.
Bash
1 2
cd ~/privacera/privacera-manager ./privacera-manager.sh post-install

In PrivaceraCloud portal, navigate to Settings → Applications.
On the Connected Applications screen, select Databricks SQL.
Click the pen icon or the Account Name to modify the settings.
On the Edit Application screen, go to Access Management.
Under the ADVANCED tab, add the following property under Add New Custom Properties:
Bash
1
ranger.policysync.connector.0.owner=<RESOURCE_OWNER>
Click SAVE to apply the changes.

Prev topic: Advanced Configuration