Skip to content

Access Control Configuration

You can configure the BigQuery connector to control access control mechanisms, row filtering, and data masking policies. These settings determine how the connector implements column-level access control, creates row filter policies, and manages custom masking functions for data protection.

Proper access control configuration is essential for implementing fine-grained security policies that protect sensitive data while maintaining operational efficiency. These settings control both the security mechanisms used and the naming conventions for policies and resources.

Access Control Properties:

Property Name Description Default Value Supported Values
COLUMN ACCESS CONTROL TYPE Sets the method of column level access control to be used by policysync view view, none
POLICY NAME SEPARATOR Sets the separator to use while creating name for native row filter policy _ Any valid string
ROW FILTER POLICY NAME TEMPLATE Sets template to create name for native row filter policy row_filter_item_ Any valid string
MASKING FUNCTIONS DATASET Sets the dataset name to create custom masking functions privacera_dataset Any valid dataset name

Configuration Steps

Warning

  • Replace the example values with your actual configuration values.

Restart Required

Any changes to these properties require restarting the BigQuery connector application for the updates to take effect.

  1. Navigate to SettingsApplications in the Self-Managed Portal.

  2. Select BigQuery from the list of Connected Applications.

  3. Click on the application name or the icon, then click on Access ManagementADVANCED tab.

  4. Add the following properties under the Add New Custom Properties section:

    Bash
    1
2
3
4
    ranger.policysync.connector.0.column.access.control.type=view
ranger.policysync.connector.0.policy.name.separator=_
ranger.policysync.connector.0.row.filter.policy.name.template=finance_row_filter_
ranger.policysync.connector.0.masking.functions.dataset.name=finance_security_dataset

  5. Click SAVE to apply the changes.

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/bigquery/instance1/vars.connector.bigquery.yml

  3. Add or modify the following properties:

    YAML
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
    # Column Level access control configurations
CONNECTOR_BIGQUERY_COLUMN_ACCESS_CONTROL_TYPE: "view"

# Masking/Row filter policy name separator
CONNECTOR_BIGQUERY_POLICY_NAME_SEPARATOR: "_"

# Native row filter configurations
CONNECTOR_BIGQUERY_ROW_FILTER_POLICY_NAME_TEMPLATE: "row_filter_item_"

# Masking functions dataset
CONNECTOR_BIGQUERY_MASKING_FUNCTIONS_DATASET: "privacera_dataset"

  4. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  1. In PrivaceraCloud, go to SettingsApplications.

  2. Select BigQuery from the list of Connected Applications.

  3. Click on the application name or the icon, then click on Access ManagementADVANCED tab.

  4. Add the following properties under the Add New Custom Properties section:

    Bash
    1
2
3
4
    ranger.policysync.connector.0.column.access.control.type=view
ranger.policysync.connector.0.policy.name.separator=_
ranger.policysync.connector.0.row.filter.policy.name.template=row_filter_item_
ranger.policysync.connector.0.masking.functions.dataset.name=privacera_dataset

  5. Click SAVE.

  6. Once saved and enabled, the BigQuery connector will start. You can hover on the VIEW LOGS button to check the status, either Running or Stopped.

Note

Perform the following steps only if the connector does not reflect the updated configuration and requires a restart.

Restart the BigQuery Connector:

  1. Go to SettingsApplications → select the BigQuery connector application.

  2. Edit the application → Disable it → and Save it.

  3. Open the same application again and then: Enable it and Save it.

Comments