Skip to content

User Management Configuration

You can configure the BigQuery connector to control how it manages user authentication, filtering, and role-based access. These settings determine which users are synchronized, how they are identified in the system, and what filtering criteria are applied during the synchronization process.

Proper user management configuration ensures that only the appropriate users are managed by the connector and that they are correctly identified in audit logs and policy enforcement. This is particularly important in organizations with complex user hierarchies or multiple email domains.

User Management Properties:

Property Name Description Default Value Supported Values
USER FILTER WITH EMAIL Enables filtering of users based on email domain false true, false
USER USE EMAIL AS SERVICE NAME Enables using email as service name for user true true, false
MANAGE USER FILTERBY ROLE Set to true to manage only the users who belongs to the roles defined in manage roles list property false true, false

Configuration Steps

Warning

  • Replace the example values with your actual configuration values.

Restart Required

Any changes to these properties require restarting the BigQuery connector application for the updates to take effect.

  1. Navigate to SettingsApplications in the Self-Managed Portal.

  2. Select BigQuery from the list of Connected Applications.

  3. Click on the application name or the icon, then click on Access ManagementADVANCED tab.

  4. Add the following properties under the Add New Custom Properties section:

    Bash
    1
2
3
    ranger.policysync.connector.0.user.filter.with.email=true
ranger.policysync.connector.0.user.use.email.as.service.name=true
ranger.policysync.connector.0.manage.user.filterby.role=false

  5. Click SAVE to apply the changes.

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/bigquery/instance1/vars.connector.bigquery.yml

  3. Add or modify the following properties:

    YAML
    1
2
3
4
5
6
7
8
    # Enable email domain filtering
CONNECTOR_BIGQUERY_USER_FILTER_WITH_EMAIL: "true"

# Use email as service name for better identification
CONNECTOR_BIGQUERY_USER_USE_EMAIL_AS_SERVICE_NAME: "true"

# Disable role-based filtering
CONNECTOR_BIGQUERY_MANAGE_USER_FILTERBY_ROLE: "false"

  4. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  1. In PrivaceraCloud, go to SettingsApplications.

  2. Select BigQuery from the list of Connected Applications.

  3. Click on the application name or the icon, then click on Access ManagementADVANCED tab.

  4. Add the following properties under the Add New Custom Properties section:

    Bash
    1
2
3
    ranger.policysync.connector.0.user.filter.with.email=true
ranger.policysync.connector.0.user.use.email.as.service.name=true
ranger.policysync.connector.0.manage.user.filterby.role=false

  5. Click SAVE.

  6. Once saved and enabled, the BigQuery connector will start. You can hover on the VIEW LOGS button to check the status, either Running or Stopped.

Note

Perform the following steps only if the connector does not reflect the updated configuration and requires a restart.

Restart the BigQuery Connector:

  1. Go to SettingsApplications → select the BigQuery connector application.

  2. Edit the application → Disable it → and Save it.

  3. Open the same application again and then: Enable it and Save it.

Comments