Skip to content

Switching from JDBC to API

This page provides instructions for switching from JDBC (the default connection method) to API-based connectivity for the Privacera Databricks Unity Catalog Connector.

Important: JDBC is the Default and Recommended Approach

JDBC is the default and recommended connection method for the Privacera Unity Catalog Connector. Only switch to API mode if you have specific requirements that cannot be met with JDBC. For a detailed comparison of both methods, see JDBC vs API Comparison.

JDBC Requirements Even with API Mode

Even when API-based connectivity is enabled, JDBC is still required for:

  • Collecting audit logs from Databricks.
  • Row filtering functionality.
  • Masking functionality.

You cannot completely eliminate JDBC dependencies when using API mode.

Setup

  1. Navigate to SettingsApplications in the Self-Managed Portal.

  2. From the list of Connected Applications, select Databricks Unity Catalog.

  3. Click the icon or the Account Name to modify the settings.

  4. On the Edit Application screen, go to Access Management.

  5. Under ADVANCED tab, add the following property under Add New Custom Properties:

    Bash
    1
    ranger.policysync.connector.0.use.database.connection.api=true

  6. Click SAVE to apply the changes.

To enable API-based connectivity, update the following properties in Privacera Manager:

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/databricks-unity-catalog/instance1/vars.connector.databricks.unity.catalog.yml

  3. Set the following properties to enable the connector to use API-based connectivity:

    YAML
    1
    CONNECTOR_DATABRICKS_UNITY_CATALOG_USE_DATABASE_CONNECTION_API: "true"

  4. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - (Optional) Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on. This step is not required if you are updating only connector properties.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  1. In PrivaceraCloud portal, navigate to Settings -> Applications.

  2. On the Connected Applications screen, select Databricks Unity Catalog.

  3. Click the pen icon or the Account Name to modify the settings.

  4. On the Edit Application screen, go to Access Management.

  5. Under ADVANCED tab, add the following property under Add New Custom Properties:

    Bash
    1
    ranger.policysync.connector.0.use.database.connection.api=true

  6. Click SAVE to apply the changes.

Benefits

  • Avoid JDBC Dependencies: API-based connectivity eliminates the need for JDBC driver configurations, which can simplify setup and troubleshooting.

  • Cost Effective: Reduces costs by avoiding the need to provision and maintain a JDBC-compatible data warehouse layer.

  • Suitable for Lightweight Integrations: API-based connections are useful in low-throughput environments where the JDBC overhead is not justified.

Downside

  • Throttling and Rate Limits: Databricks API calls are subject to per-second rate limits, which can cause throttling issues or failures during high-volume operations like permission syncs.

  • Reduced Performance: Compared to JDBC, API-based data transactions may experience latency and performance bottlenecks under load.

For More Details

For a comprehensive comparison of JDBC vs API connection methods, see JDBC vs API Comparison.