Skip to content

Setup Access Management for Dremio

This section outlines the steps to set up the Dremio connector in Privacera. Ensure that all prerequisites are met before proceeding.

Best Practice for enabling the connector

This connector will manage the access control policies for the Dremio. If there are existing policies in Dremio, then it they will be overwritten by the policies from Privacera. It is strongly recommended that to test managing few resources initially before enabling the connector for all resources. You could create a test space in Dremio and manage the access control policies for that space and after you are comfortable you can enable the connector for all spaces.

Create Instance of Dremio

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to navigate to the /config directory.

    Bash
    1
    cd ~/privacera/privacera-manager/config

  3. Create a new directory for the Dremio connector configuration.

    Note

    In the example below, instance1 is the name of the connector instance. You can change this name to uniquely identify your installed connector configuration. The connector instance name should consist of only hyphens and alphanumeric characters.

    Bash
    1
    mkdir -p custom-vars/connectors/dremio/instance1

  4. Copy the sample connector configuration file to your custom directory:

    Bash
    1
    cp -n sample-vars/vars.connector.dremio.yml custom-vars/connectors/dremio/instance1/

  5. Run the following command to open the .yml file to be edited:

    Bash
    1
    vi custom-vars/connectors/dremio/instance1/vars.connector.dremio.yml

Connection Details

  1. Specify the Dremio URL. For example, http://xx.xxx.xxx.xx:9047/.
  2. Specify the Dremio JDBC URL. For example, jdbc:dremio:direct=xx.xx.xxx.xx:31010.
  3. Specify the Dremio JDBC Username and password.

Replace the below example values with your actual values.

YAML
1
2
3
4
CONNECTOR_DREMIO_URL: "http://xx.xxx.xx.xx:9047/"
CONNECTOR_DREMIO_JDBC_URL: "jdbc:dremio:direct=xx.xxx.xx.xx:31010"
CONNECTOR_DREMIO_JDBC_USERNAME: "<jdbc_user_name>"
CONNECTOR_DREMIO_JDBC_PASSWORD: "<jdbc_password>"

Managed Space and Source

This property is used to define comma-separated space and source names for which access control policies should be enforced.

Example: test_space1,test_space2,test_space_*.

Warning

  • Values are case-sensitive.
  • Replace the below example value with your actual value.

It is recommended to first test the connector with a dedicated test space and source before enabling it for all spaces. This helps validate configuration and behavior in a controlled environment.

YAML
1
2
CONNECTOR_DREMIO_MANAGE_SPACE_LIST: "test_space1"
CONNECTOR_DREMIO_MANAGE_SOURCE_LIST: "test_source1"

To enforce grants/revoke

This property is used to enable grants/revoke

YAML
1
CONNECTOR_DREMIO_GRANT_UPDATES: "true"

Apply the Configuration

After all the changes are done you can start the connector by running the following instructions:

Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

Bash
1
2
cd ~/privacera/privacera-manager
./privacera-manager.sh setup
Step 2 - Apply the Privacera Manager helm charts.
Bash
1
2
cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

Bash
1
2
cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

Comments