Advanced Configuration
Add Resource for Discovery Scanning¶
Once the Databricks Unity Catalog data source setup is complete, you can follow the steps from here to add a resource for Discovery Scanning.
Resources can be added in the following formats for Discovery scanning:
dbx_catalog_name.dbx_uc_schema_name/dbx_uc_table_name
*/dbx_uc_table_name
dbx_uc_catalog_name.dbx_uc_schema_name/*
*_schema_*/*_table_*
Setup for Discovery to Ranger Tag Sync¶
-
Log in to Self Managed portal.
-
Edit the Configured Databricks Unity Catalog Connector from the previous step
-
Under Application Properties provide values for the followings:
-
Enable Ranger TagSync : By default, this toggle is disabled. The user can enable this toggle if they want to sync tags in Ranger after a successful scan by Discovery.
-
Add New Custom Properties : Add below 2 properties:
a. Cluster Name : You need to enter
privacera
as a default value for this field.b. Service Name : You need to enter
privacera_databricks_unity_catalog
value for this field. You can take reference for adding this property value from List of Datasources with Service Name
-
-
Click SAVE
Important
You need to follow below steps before setting up Discovery to ranger tag sync:
a. Create Ranger service user, Admin URL and API key
b. Enable the Ranger Service Definitions for Access Connectors
-
Log in to the Privacera Discovery Admin Console.
-
Edit the Configured Databricks Unity Catalog Connector from the previous step
-
Under the ADVANCED tab, enter the values for:
-
Enable Ranger TagSync : By default, this toggle is disabled. The user can enable this toggle if they want to sync tags in Ranger after a successful scan by Discovery.
a. Cluster Name : Once user enable
Enable Ranger TagSync
toggle then this field is visible andprivacera
is the default value for this field.b. Service Name : User can select
privacera_databricks_unity_catalog
value from the list of this field. You can take reference for adding this property value from List of Datasources with Service Name
-
-
Click SAVE
Validation for Discovery to Ranger Tag Sync¶
These steps apply to both Self Managed and Data Plane deployments.
- For Self Managed, log in to the Privacera Portal; for Data Plane, log in to the Privacera Discovery Admin Console.
- Navigate to Access Management > Tag Management
- Under the TAGS tab, Validate whether the Classified Tags are visible in the portal.
-
Under the TAGGED RESOURCES tab, validate whether the resources that were scanned and classified in the portal are visible
-
Resource Filter: You can make use use of resource filter for searching resource with associated synced tags of it.
-
Service Filter: You can get the list of all services in this field and by selecting appropriate service you can validate synced tags. You can refer List of Datasources with Service Name for selecting this field value.
-
Tags Filter: You can get the list of all Synced Tags in this field and by selecting appropriate Tag you can validate whether its synced for particular resource or not.
Info
In case of File Sytsem, resource seen in below format as per application selected (S3, ADLS, GCS)
- bucketname
- objectpath
- accountname
- foldername
In case of JDBC/Database connectors, resource seen in below format as per application selected
- schema
- database
- column
- table
-
- Prev topic: Setup
- Next topic: Troubleshooting