Secure Views Configuration¶

The BigQuery connector allows you to control secure view creation and naming conventions. These settings determine how the connector creates and names secure views, including project name modifications and automated cleanup of naming suffixes.

Secure views are a critical component of the BigQuery connector's security model, providing controlled access to sensitive data through view-based access control. Proper naming configuration ensures consistent, manageable, and organizationally compliant naming standards across all secure views.

Secure Views Properties:

Property Name	Description	Default Value	Supported Values
SECURE VIEW NAME PREFIX	Sets the name prefix for secure views	`""`	Any valid string
SECURE VIEW NAME POSTFIX	Sets the name postfix for secure views	`""`	Any valid string
SECURE VIEW DATASET NAME PREFIX	Sets the dataset name prefix for secure views	`""`	Any valid string
SECURE VIEW DATASET NAME POSTFIX	Sets the dataset name postfix for secure views	`_secure`	Any valid string
SECURE VIEW PROJECT NAME PREFIX	Sets the project name prefix for secure views	`""`	Any valid string
SECURE VIEW PROJECT NAME POSTFIX	Sets the project name postfix for secure views	`""`	Any valid string
SECURE VIEW NAME REMOVE SUFFIX LIST	Sets the list of suffix strings to be removed from the secure view name	`""`	Any valid string
SECURE VIEW DATASET NAME REMOVE SUFFIX LIST	Sets the list of suffix strings to be removed from the secure view dataset name	`""`	Any valid string
SECURE VIEW PROJECT NAME REMOVE SUFFIX LIST	Sets the list of suffix strings to be removed from the secure view project name	`""`	Any valid string

Configuration Steps¶

Warning

Verify that project prefixes/postfixes don't conflict with existing projects.
Use comma-separated lists for multiple suffix values.
Replace the example values with your actual configuration values.

Restart Required

Any changes to these properties require restarting the BigQuery connector application for the updates to take effect.

Self Managed (Portal Configuration)Self Managed (YAML Configuration) and Data PlanePrivacera Cloud

Navigate to Settings → Applications in the Self-Managed Portal.
Select BigQuery from the list of Connected Applications.
Click on the application name or the icon, then click on Access Management → ADVANCED tab.
To use the secure view name and dataset name suffixes, set the following properties:
- Secure view name prefix: privacera-
- Secure view name postfix: -secure
- Secure view dataset name prefix: privacera-
- Secure view dataset name postfix: -secure

Add the following properties under the Add New Custom Properties section:

Bash
ranger.policysync.connector.0.secure.view.project.name.prefix=privacera-
ranger.policysync.connector.0.secure.view.project.name.postfix=-secure
ranger.policysync.connector.0.secure.view.name.remove.suffix.list=_temp,_staging,_test
ranger.policysync.connector.0.secure.view.dataset.name.remove.suffix.list=_raw,_staging
ranger.policysync.connector.0.secure.view.project.name.remove.suffix.list=_dev,_test

Click SAVE to apply the changes.

SSH to the instance where Privacera Manager is installed.
Run the following command to open the .yml file to be edited.

If you have multiple connectors, then replace instance1 with the appropriate connector instance name.
Bash
1
vi ~/privacera/privacera-manager/config/custom-vars/connectors/bigquery/instance1/vars.connector.bigquery.yml

Add or modify the following properties:

YAML
CONNECTOR_BIGQUERY_SECURE_VIEW_NAME_PREFIX: "privacera-"
CONNECTOR_BIGQUERY_SECURE_VIEW_NAME_POSTFIX: "-secure"
CONNECTOR_BIGQUERY_SECURE_VIEW_DATASET_NAME_PREFIX: "privacera-"
CONNECTOR_BIGQUERY_SECURE_VIEW_DATASET_NAME_POSTFIX: "_secure"
CONNECTOR_BIGQUERY_SECURE_VIEW_PROJECT_NAME_PREFIX: "prod-secure-"
CONNECTOR_BIGQUERY_SECURE_VIEW_PROJECT_NAME_POSTFIX: "-protected"
CONNECTOR_BIGQUERY_SECURE_VIEW_NAME_REMOVE_SUFFIX_LIST: "_dev,_test,_staging"
CONNECTOR_BIGQUERY_SECURE_VIEW_DATASET_NAME_REMOVE_SUFFIX_LIST: "_temp,_test,_dev"
CONNECTOR_BIGQUERY_SECURE_VIEW_PROJECT_NAME_REMOVE_SUFFIX_LIST: "_dev,_test"

Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

Step 1 - Setup which generates the helm charts. This step usually takes few minutes.
Bash
1 2
cd ~/privacera/privacera-manager ./privacera-manager.sh setup
Step 2 - Apply the Privacera Manager helm charts.
Bash
1 2
cd ~/privacera/privacera-manager ./pm_with_helm.sh upgrade
Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.
Bash
1 2
cd ~/privacera/privacera-manager ./privacera-manager.sh post-install

In PrivaceraCloud, go to Settings → Applications.
Select BigQuery from the list of Connected Applications.
Click on the application name or the icon, then click on Access Management → ADVANCED tab.
To use the secure view name and dataset name suffixes, set the following properties:
- Secure view name prefix: privacera-
- Secure view name postfix: -secure
- Secure view dataset name prefix: privacera-
- Secure view dataset name postfix: -secure

Add the following properties under the Add New Custom Properties section:

Bash
ranger.policysync.connector.0.secure.view.project.name.prefix=secure-
ranger.policysync.connector.0.secure.view.project.name.postfix=-views
ranger.policysync.connector.0.secure.view.name.remove.suffix.list=_temp,_staging
ranger.policysync.connector.0.secure.view.dataset.name.remove.suffix.list=_raw,_temp
ranger.policysync.connector.0.secure.view.project.name.remove.suffix.list=_test,_dev

Click SAVE.
Once saved and enabled, the BigQuery connector will start. You can hover on the VIEW LOGS button to check the status, either Running or Stopped.

Note

Perform the following steps only if the connector does not reflect the updated configuration and requires a restart.

Restart the BigQuery Connector:

Go to Settings → Applications → select the BigQuery connector application.
Edit the application → Disable it → and Save it.
Open the same application again and then: Enable it and Save it.

Prev topic: Advanced Configuration

Secure Views Configuration¶

Configuration Steps¶

Comments