Skip to content

User Email Case Conversion in Databricks Unity Catalog

You can configure the Databricks Unity Catalog connector to control how user email addresses are handled with respect to case sensitivity during user synchronization from Ranger to Unity Catalog, as well as during case conversion before executing apply operations on the end service.

This is particularly useful when your identity provider, Ranger, or Databricks stores email addresses in different cases (for example, User@Example.com vs user@example.com). By configuring case handling appropriately, you can ensure consistent principal matching and avoid unintended mismatches during sync and policy application.

Properties

Property Description Supported values
CONNECTOR_DATABRICKS_UNITY_CATALOG_USER_EMAIL_PERSIST_CASE_SENSITIVITY
OR
ranger.policysync.connector.0.user.email.persist.case.sensitivity
When true, user emails are stored in Unity Catalog exactly as received (case-sensitive). When false, the connector may normalize case based on the case conversion setting. true | false
CONNECTOR_DATABRICKS_UNITY_CATALOG_USER_EMAIL_CASE_CONVERSION
OR
ranger.policysync.connector.0.user.email.case.conversion
Controls how email addresses are converted before processing and syncing to Unity Catalog. none | lower | upper

Note

If persist case sensitivity is set to true, then case conversion will not take effect.

Setup

Configure the properties and restart the connector to apply the changes.

  1. Navigate to SettingsApplications in the Self-Managed Portal.

  2. From the list of Connected Applications, select Databricks Unity Catalog.

  3. Click on the application name or the icon to edit. Then, go to the Access Management tab and select the ADVANCED tab.

  4. In Custom Properties, add the following (replace 0 with the appropriate connector index if you have multiple connectors):

    Properties
    ranger.policysync.connector.0.user.email.persist.case.sensitivity=true
    ranger.policysync.connector.0.user.email.case.conversion=none
    
  5. Click SAVE to apply the changes.

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/databricks-unity-catalog/instance1/vars.connector.databricks.unity.catalog.yml
    
  3. Set the following properties:

    Bash
    CONNECTOR_DATABRICKS_UNITY_CATALOG_USER_EMAIL_PERSIST_CASE_SENSITIVITY: "true"
    CONNECTOR_DATABRICKS_UNITY_CATALOG_USER_EMAIL_CASE_CONVERSION: "none"
    

  4. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    cd ~/privacera/privacera-manager
    ./privacera-manager.sh setup
    
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    cd ~/privacera/privacera-manager
    ./pm_with_helm.sh upgrade
    
    Step 3 - (Optional) Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on. This step is not required if you are updating only connector properties.

    Bash
    cd ~/privacera/privacera-manager
    ./privacera-manager.sh post-install
    
  1. In PrivaceraCloud portal, navigate to Settings -> Applications.

  2. On the Connected Applications screen, select Databricks Unity Catalog.

  3. Click the pen icon or the Account Name to modify the settings.

  4. On the Edit Application screen, go to Access Management -> ADVANCED tab.

  5. In Custom Properties, add the following (replace 0 with the appropriate connector index if you have multiple connectors):

    Properties
    ranger.policysync.connector.0.user.email.persist.case.sensitivity=true
    ranger.policysync.connector.0.user.email.case.conversion=none
    
  6. Click SAVE to apply the changes.