Skip to content

Enable Native Support

Privacera supports native column masking and row-level filtering policies for the Dremio connector. This feature enables you to enforce data access policies directly within Dremio by leveraging its built-in capabilities.

Configuration

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/dremio/instance1/vars.connector.dremio.yml

  3. Enable native support by setting the following properties to true:

    YAML
    1
2
    CONNECTOR_DREMIO_ENABLE_ROW_FILTER: "true"
CONNECTOR_DREMIO_ENABLE_MASKING: "true"

  4. Ensure the following secure view options are disabled:

    YAML
    1
2
3
4
    CONNECTOR_DREMIO_ENABLE_VIEW_BASED_MASKING: "false"
CONNECTOR_DREMIO_ENABLE_VIEW_BASED_ROW_FILTER: "false"
CONNECTOR_DREMIO_SECURE_VIEW_CREATE_FOR_ALL: "false"
CONNECTOR_DREMIO_ENABLE_DATA_ADMIN: "false"

  5. Configure native column-level access control:

    YAML
    1
    CONNECTOR_DREMIO_COLUMN_ACCESS_CONTROL_TYPE: "native_masking"

  6. Define default masking values:

    YAML
    1
2
3
    CONNECTOR_DREMIO_MASKED_NUMBER_VALUE: "<MASKED_NUMBER_VALUE>"
CONNECTOR_DREMIO_MASKED_TEXT_VALUE: "<MASKED_TEXT_VALUE>"
CONNECTOR_DREMIO_MASKED_DOUBLE_VALUE: "<MASKED_DOUBLE_VALUE>"

  7. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

Comments