Access Audits Management¶
The BigQuery connector allows you to enable and manage access audits using PolicySync, providing detailed tracking and filtering of access events. You can configure how audit logs are collected and processed, with key settings including log collection frequency, the maximum interval for loading audit data, and progress reporting for audit operations.
This guide provides complete instructions for configuring audit collection and processing in the BigQuery connector, covering both basic setup and advanced options.
Prerequisites¶
Before you begin, ensure the following:
- Privacera Manager is installed and the base installation operational.
- The BigQuery connector is configured or currently being configured.
Basic Audit Configuration¶
Configure the BigQuery connector to collect access audit logs from your BigQuery environment.
Basic Audit Properties:
Property Name | Description | Required | Supported Values |
---|---|---|---|
AUDIT ENABLE | Enables access audit data fetching from BigQuery | Yes | true , false |
AUDIT PROJECT ID | Project ID where BigQuery audit logs are stored | Yes | Valid GCP project ID |
AUDIT DATASET NAME | Dataset name containing the audit data | Yes | Valid BigQuery dataset name |
AUDIT EXCLUDED USERS | Comma-separated list of users to exclude from audit logs | No | Email addresses |
Configuration Steps¶
Warning
- Replace the example values with your actual configuration values.
-
Navigate to Settings → Applications in the Self-Managed Portal.
-
Select BigQuery from the list of Connected Applications.
-
Click on the application name or the icon, then click on Access Management.
-
To enable access audits for BigQuery, enter the following values in the respective fields under BASIC tab:
- Enable access audits: Enable to fetch access audits from BigQuery.
- Project id having the bigquery audits datasets configured: Enter the project ID where the BigQuery audit are stored.
- Dataset name to fetch the access audits: Enter the dataset name to fetch the access audits.
-
Under the ADVANCED tab, optionally configure:
- Users to exclude when fetching access audits: Enter a comma-separated list of user email addresses to exclude from audit logs.
-
Click SAVE to apply the changes.
-
SSH to the instance where Privacera Manager is installed.
-
Run the following command to open the
.yml
file to be edited.If you have multiple connectors, then replace
instance1
with the appropriate connector instance name.Bash -
Add or modify the following properties:
-
Once the properties are configured, run the following commands to update your Privacera Manager platform instance:
Step 1 - Setup which generates the helm charts. This step usually takes few minutes.
Step 2 - Apply the Privacera Manager helm charts. Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.
-
In PrivaceraCloud, go to Settings → Applications.
-
Select BigQuery from the list of Connected Applications.
-
Click on the application name or the icon, then click on Access Management.
-
Under the BASIC tab, enter the values for:
- Enable access audits: Enable to fetch access audits from BigQuery.
- Project id having the bigquery audits datasets configured: Enter the project ID where the BigQuery audit logs are stored.
- Dataset name to fetch the access audits: Enter the dataset name to fetch the access audits.
-
Under the ADVANCED tab, optionally configure:
- Ignore Audit for Users: Enter a comma-separated list of user email addresses to exclude from audit logs.
-
Click SAVE.
-
Once saved and enabled, the BigQuery connector will start. You can hover on the VIEW LOGS button to check the status, either Running or Stopped.
Advanced Audit Configuration¶
Configure advanced settings to control audit log collection intervals, processing behavior, and progress reporting.
Advanced Audit Properties:
Property Name | Description | Default Value | Supported Values |
---|---|---|---|
AUDIT LOAD MAX INTERVAL MINUTES | Sets the maximum interval for loading audit logs in minutes | 30 | Any numeric value in minutes |
AUDIT PROGRESS REPORT TRACKER ENABLE | Enables progress report tracker for audit logs | false | true , false |
AUDIT PROGRESS COMPLETE REPORT ENABLE | Enables progress report for completed audit logs | true | true , false |
AUDIT PROGRESS COMPLETE REPORT INTERVAL SEC | Sets the interval for progress report for completed audit logs in seconds | 1800 | Any numeric value in seconds |
Configuration Steps¶
Warning
- Replace the example values with your actual configuration values.
Restart Required
Any changes to these properties require restarting the BigQuery connector application for the updates to take effect.
-
Navigate to Settings → Applications in the Self-Managed Portal.
-
Select BigQuery from the list of Connected Applications.
-
Click on the application name or the icon, then click on Access Management → ADVANCED tab.
-
Add the following properties under the
Add New Custom Properties
section:Bash -
Click SAVE to apply the changes.
-
SSH to the instance where Privacera Manager is installed.
-
Run the following command to open the
.yml
file to be edited.If you have multiple connectors, then replace
instance1
with the appropriate connector instance name.Bash -
Add or modify the following properties:
-
Once the properties are configured, run the following commands to update your Privacera Manager platform instance:
Step 1 - Setup which generates the helm charts. This step usually takes few minutes.
Step 2 - Apply the Privacera Manager helm charts. Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.
-
In PrivaceraCloud, go to Settings → Applications.
-
Select BigQuery from the list of Connected Applications.
-
Click on the application name or the icon, then click on Access Management → ADVANCED tab.
-
Add the following properties under the
Add New Custom Properties
section:Bash -
Click SAVE.
-
Once saved and enabled, the BigQuery connector will start. You can hover on the VIEW LOGS button to check the status, either Running or Stopped.
Note
Perform the following steps only if the connector does not reflect the updated configuration and requires a restart.
Restart the BigQuery Connector:
-
Go to Settings → Applications → select the BigQuery connector application.
-
Edit the application → Disable it → and Save it.
-
Open the same application again and then: Enable it and Save it.
- Prev topic: Advanced Configuration