Skip to content

Enable Native Support

Privacera supports native column masking and row-level filtering policies for Databricks Unity Catalog. This capability enables enforcement of data access policies directly within Unity Catalog, leveraging its built-in security and governance features.

Configuration

Note

Native column masking and row filter policies are enabled by default.

  1. Navigate to SettingsApplications in the Self-Managed Portal.

  2. From the list of Connected Applications, select Databricks Unity Catalog.

  3. Click on the application name or the icon to edit. Then, go to the Access Management tab.

  4. Under ADVANCED tab, ensure the following options are enabled:

    • Enforce native column masking: Enables native column masking. Enabled by default.
    • Enforce native row filter policies: Enables native row-level filtering. Enabled by default.

  5. Under ADVANCED tab, ensure the following secure view options are disabled:

    • Enforce masking policies using secure views: Disable this option if you want to use native masking instead of secure views.
    • Enforce row filter policies using secure views: Disable this option if you want to use native row filter instead of secure views.
    • Create secure view for all tables/views: Disable this option if you want to use native instead of secure view for all tables and views.
    • Enable dataadmin: Disable this option to disable secure views.

  6. For native column-level access control, set the following:

    • How column level access should be handled: Set to native_masking (default).

  7. Set default masking values:

    • Default masked defaultValue for numeric datatype columns: Defaults to 0.
    • Default masked defaultValue for text/varchar/string datatype columns: Defaults to <MASKED>.

  8. Click SAVE to apply the changes.

Note

By default, Secure view is enabled. You must disable them to use Native support.

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/databricks-unity-catalog/instance1/vars.connector.databricks.unity.catalog.yml

  3. Enable native support by setting the following properties to true:

    YAML
    1
2
    CONNECTOR_DATABRICKS_UNITY_CATALOG_ENABLE_ROW_FILTER: "true"
CONNECTOR_DATABRICKS_UNITY_CATALOG_ENABLE_MASKING: "true"

  4. Disable secure view-based policies by setting the following properties to false:

    YAML
    1
2
3
4
    CONNECTOR_DATABRICKS_UNITY_CATALOG_ENABLE_VIEW_BASED_MASKING: "false"
CONNECTOR_DATABRICKS_UNITY_CATALOG_ENABLE_VIEW_BASED_ROW_FILTER: "false"
CONNECTOR_DATABRICKS_UNITY_CATALOG_SECURE_VIEW_CREATE_FOR_ALL: "false"
CONNECTOR_DATABRICKS_UNITY_CATALOG_ENABLE_DATA_ADMIN: "false"

  5. Configure native column-level access control:

    YAML
    1
    CONNECTOR_DATABRICKS_UNITY_CATALOG_COLUMN_ACCESS_CONTROL_TYPE: "native_masking"

  6. Define default masking values:

    YAML
    1
2
    CONNECTOR_DATABRICKS_UNITY_CATALOG_MASKED_NUMBER_VALUE: "<MASKED_NUMBER_VALUE>"
CONNECTOR_DATABRICKS_UNITY_CATALOG_MASKED_TEXT_VALUE: "<MASKED_TEXT_VALUE>"

  7. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

Comments