Skip to content

Manage Resources List

You can configure the Dremio connector to manage access control policies for specific sources, spaces, virtual or physical datasets, and folders. It allows you to specify include and exclude lists for resources. The connector enforces access control policies on resources in the include list while ignoring those in the exclude list. If a resource appears in both lists, the exclude list takes precedence, and the connector will not manage that resource.

Use the following properties to specify comma-separated lists of sources, spaces, virtual or physical datasets, and folders whose access control should be managed by PolicySync. To manage all resources, leave these properties unspecified. You can use wildcard characters (*) to match multiple sources, spaces, datasets, or folders.

Example:

  • Space: testspace1,testspace2,space*
  • Source: testsource1,testsource2,source*
  • Physical Dataset: source.folder1.physicaldataset,source*.sales*.*
  • Virtual Dataset: space.folder1.virtualdataset,space*.sales*.*
  • Space Folder: space.spacefolder,space*.sales*
  • Source Folder: source.sourcefolder,source*.sales*

Setup

Warning

  • Values are case-sensitive.
  • Provide fully qualified names for space, Source, Physical/Virtual dataset and Space/Source folder E.g. source.folder1.physicaldataset
  • Replace the example values with your actual resource names.

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/dremio/instance1/vars.connector.dremio.yml

  3. Set the following properties to enable the connector to manage the permissions for schemas, tables/views, and other resources in the Dremio:

    YAML
    1
2
3
4
5
6
     CONNECTOR_DREMIO_MANAGE_SPACE_LIST: "testspace1"
 CONNECTOR_DREMIO_MANAGE_SOURCE_LIST: "testsource1" 
 CONNECTOR_DREMIO_MANAGE_SPACE_FOLDER_LIST:  "testspace1.folder1"
 CONNECTOR_DREMIO_MANAGE_SOURCE_FOLDER_LIST: "testsource1.folder1"
 CONNECTOR_DREMIO_MANAGE_PHYSICAL_DATASET_LIST: "testsource1.folder1.physicaldataset"
 CONNECTOR_DREMIO_MANAGE_VIRTUAL_DATASET_LIST: "testsource1.folder1.virtualdataset"

  4. For excluding resources, set the following properties:

    YAML
    1
2
3
4
5
6
     CONNECTOR_DREMIO_IGNORE_SPACE_LIST: "testspace2"
 CONNECTOR_DREMIO_IGNORE_SOURCE_LIST: "testsource2"
 CONNECTOR_DREMIO_IGNORE_SPACE_FOLDER_LIST: "testspace2.folder2"
 CONNECTOR_DREMIO_IGNORE_SOURCE_FOLDER_LIST: "testsource2.folder2"
 CONNECTOR_DREMIO_IGNORE_PHYSICAL_DATASET_LIST: "stestsource2.folder2.physicaldataset"
 CONNECTOR_DREMIO_IGNORE_VIRTUAL_DATASET_LIST: "testsource2.folder2.virtualdataset"

  5. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

Comments