Skip to content

Secure Views Configuration

The BigQuery connector allows you to control secure view creation and naming conventions. These settings determine how the connector creates and names secure views, including project name modifications and automated cleanup of naming suffixes.

Secure views are a critical component of the BigQuery connector's security model, providing controlled access to sensitive data through view-based access control. Proper naming configuration ensures consistent, manageable, and organizationally compliant naming standards across all secure views.

Secure Views Properties:

Property Name Description Default Value Supported Values
SECURE VIEW NAME PREFIX Sets the name prefix for secure views "" Any valid string
SECURE VIEW NAME POSTFIX Sets the name postfix for secure views "" Any valid string
SECURE VIEW DATASET NAME PREFIX Sets the dataset name prefix for secure views "" Any valid string
SECURE VIEW DATASET NAME POSTFIX Sets the dataset name postfix for secure views _secure Any valid string
SECURE VIEW PROJECT NAME PREFIX Sets the project name prefix for secure views "" Any valid string
SECURE VIEW PROJECT NAME POSTFIX Sets the project name postfix for secure views "" Any valid string
SECURE VIEW NAME REMOVE SUFFIX LIST Sets the list of suffix strings to be removed from the secure view name "" Any valid string
SECURE VIEW DATASET NAME REMOVE SUFFIX LIST Sets the list of suffix strings to be removed from the secure view dataset name "" Any valid string
SECURE VIEW PROJECT NAME REMOVE SUFFIX LIST Sets the list of suffix strings to be removed from the secure view project name "" Any valid string

Configuration Steps

Warning

  • Verify that project prefixes/postfixes don't conflict with existing projects.
  • Use comma-separated lists for multiple suffix values.
  • Replace the example values with your actual configuration values.

Restart Required

Any changes to these properties require restarting the BigQuery connector application for the updates to take effect.

  1. Navigate to SettingsApplications in the Self-Managed Portal.

  2. Select BigQuery from the list of Connected Applications.

  3. Click on the application name or the icon, then click on Access ManagementADVANCED tab.

  4. To use the secure view name and dataset name suffixes, set the following properties:

    • Secure view name prefix: privacera-
    • Secure view name postfix: -secure
    • Secure view dataset name prefix: privacera-
    • Secure view dataset name postfix: -secure
  5. Add the following properties under the Add New Custom Properties section:

    Bash
    1
    2
    3
    4
    5
    ranger.policysync.connector.0.secure.view.project.name.prefix=privacera-
    ranger.policysync.connector.0.secure.view.project.name.postfix=-secure
    ranger.policysync.connector.0.secure.view.name.remove.suffix.list=_temp,_staging,_test
    ranger.policysync.connector.0.secure.view.dataset.name.remove.suffix.list=_raw,_staging
    ranger.policysync.connector.0.secure.view.project.name.remove.suffix.list=_dev,_test
    

  6. Click SAVE to apply the changes.

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/bigquery/instance1/vars.connector.bigquery.yml
    
  3. Add or modify the following properties:

    YAML
    1
    2
    3
    4
    5
    6
    7
    8
    9
    CONNECTOR_BIGQUERY_SECURE_VIEW_NAME_PREFIX: "privacera-"
    CONNECTOR_BIGQUERY_SECURE_VIEW_NAME_POSTFIX: "-secure"
    CONNECTOR_BIGQUERY_SECURE_VIEW_DATASET_NAME_PREFIX: "privacera-"
    CONNECTOR_BIGQUERY_SECURE_VIEW_DATASET_NAME_POSTFIX: "_secure"
    CONNECTOR_BIGQUERY_SECURE_VIEW_PROJECT_NAME_PREFIX: "prod-secure-"
    CONNECTOR_BIGQUERY_SECURE_VIEW_PROJECT_NAME_POSTFIX: "-protected"
    CONNECTOR_BIGQUERY_SECURE_VIEW_NAME_REMOVE_SUFFIX_LIST: "_dev,_test,_staging"
    CONNECTOR_BIGQUERY_SECURE_VIEW_DATASET_NAME_REMOVE_SUFFIX_LIST: "_temp,_test,_dev"
    CONNECTOR_BIGQUERY_SECURE_VIEW_PROJECT_NAME_REMOVE_SUFFIX_LIST: "_dev,_test"
    

  4. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    cd ~/privacera/privacera-manager
    ./privacera-manager.sh setup
    
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    cd ~/privacera/privacera-manager
    ./pm_with_helm.sh upgrade
    
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    cd ~/privacera/privacera-manager
    ./privacera-manager.sh post-install
    
  1. In PrivaceraCloud, go to SettingsApplications.

  2. Select BigQuery from the list of Connected Applications.

  3. Click on the application name or the icon, then click on Access ManagementADVANCED tab.

  4. To use the secure view name and dataset name suffixes, set the following properties:

    • Secure view name prefix: privacera-
    • Secure view name postfix: -secure
    • Secure view dataset name prefix: privacera-
    • Secure view dataset name postfix: -secure
  5. Add the following properties under the Add New Custom Properties section:

    Bash
    1
    2
    3
    4
    5
    ranger.policysync.connector.0.secure.view.project.name.prefix=secure-
    ranger.policysync.connector.0.secure.view.project.name.postfix=-views
    ranger.policysync.connector.0.secure.view.name.remove.suffix.list=_temp,_staging
    ranger.policysync.connector.0.secure.view.dataset.name.remove.suffix.list=_raw,_temp
    ranger.policysync.connector.0.secure.view.project.name.remove.suffix.list=_test,_dev
    

  6. Click SAVE.

  7. Once saved and enabled, the BigQuery connector will start. You can hover on the VIEW LOGS button to check the status, either Running or Stopped.

Note

Perform the following steps only if the connector does not reflect the updated configuration and requires a restart.

Restart the BigQuery Connector:

  1. Go to SettingsApplications → select the BigQuery connector application.

  2. Edit the application → Disable it → and Save it.

  3. Open the same application again and then: Enable it and Save it.

Comments