Skip to content

Enabling All Privileges for API Token Users

Privacera's Unity Catalog connector supports granting ALL PRIVILEGES on a catalog to an API token user, rather than limiting them to a default set of permissions. By default, the avoid.token.user.allPrivileges property is set to true, which restricts the privileges assigned to the token user. To allow the token user to be granted ALL PRIVILEGES, set this property to false.

Tip

When the property is set to true, the API token user is granted a limited set of privileges on the Catalog: Use Catalog, Create Schema, Use Schema, Create Table, Select, Modify, and Create Function.

Setup

Note

This setting is enabled by default to provide only a limited set of privileges to API token users. You must explicitly override it to grant ALL PRIVILEGES.

  1. Navigate to SettingsApplications in the Self-Managed Portal.

  2. From the list of Connected Applications, select Databricks Unity Catalog.

  3. Click on the application name or the icon to edit. Then, go to the Access Management tab.

  4. Under Add New Custom Properties, add the following property:

    Bash
    1
    ranger.policysync.connector.databricks_unity_catalog.avoid.token.user.allPrivileges=false

  5. Click SAVE to apply the changes.

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/databricks-unity-catalog/instance1/vars.connector.databricks.unity.catalog.yml

  3. Add or update the following property:

    YAML
    1
    CONNECTOR_DATABRICKS_UNITY_CATALOG_AVOID_TOKEN_USER_ALL_PRIVILEGES: "false"

  4. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  1. In PrivaceraCloud portal, navigate to Settings -> Applications.

  2. On the Connected Applications screen, select Databricks Unity Catalog.

  3. Click the pen icon or the Account Name to modify the settings.

  4. On the Edit Application screen, go to Access Management -> ADVANCED tab.

  5. Under Add New Custom Properties, add the following:

    Bash
    1
    ranger.policysync.connector.databricks_unity_catalog.avoid.token.user.allPrivileges=false

  6. Click SAVE to apply the changes.

Info

When this property is set to false, the API token user is granted full catalog-level privileges, allowing comprehensive data access and management within Unity Catalog.

Comments