Access Audits Management¶

1. Navigate to Settings → Applications in the Self-Managed Portal.

2. Select BigQuery from the list of Connected Applications.

3. Click on the application name or the icon, then click on Access Management.

4. To enable access audits for BigQuery, enter the following values in the respective fields under BASIC tab:

   • Enable access audits: Enable to fetch access audits from BigQuery.
   • Project id having the bigquery audits datasets configured: Enter the project ID where the BigQuery audit are stored.
   • Dataset name to fetch the access audits: Enter the dataset name to fetch the access audits.

5. Click SAVE to apply the changes.

To enable access audits for BigQuery, update the following properties in the vars.connector.bigquery.yml file, located in the connector’s instance directory.

CONNECTOR_BIGQUERY_AUDIT_ENABLE:

• Set this property to true to enable access audit data fetching from BigQuery.
• When enabled, PolicySync will collect access audit logs from the specified BigQuery project and dataset.

CONNECTOR_BIGQUERY_AUDIT_EXCLUDED_USERS:

• This property is used to specify a list of users whose access audits should be excluded by PolicySync.
• Provide a comma-separated list of email addresses for users whose access events should be excluded from the audit logs.

CONNECTOR_BIGQUERY_AUDIT_PROJECT_ID

• Specify the project ID from which BigQuery audits should be retrieved.
• This is the GCP project where the audit logs are stored and queried.

CONNECTOR_BIGQUERY_AUDIT_DATASET_NAME

• Specify the dataset name that will be used to query and retrieve access audits from BigQuery.
• This is the dataset within the project that contains the audit information.

Update Configuration File Modify the following property in the vars.connector.bigquery.yml file located in the connector’s instance directory.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

# Enable access audit fetching from BigQuery
CONNECTOR_BIGQUERY_AUDIT_ENABLE: "true"

# Set the list of users whose access audits should be ignored
CONNECTOR_BIGQUERY_AUDIT_EXCLUDED_USERS: "user1@example.com, user2@example.com"

# Set the project ID to fetch BigQuery audits
CONNECTOR_BIGQUERY_AUDIT_PROJECT_ID: "your-bigquery-project-id"

# Set the dataset name to fetch BigQuery audits
CONNECTOR_BIGQUERY_AUDIT_DATASET_NAME: "your-bigquery-dataset-name"

1
2

cd ~/privacera/privacera-manager
./privacera-manager.sh update

1. In PrivaceraCloud, go to Settings -> Applications.

2. Select BigQuery from the list of Connected Applications.

3. Click on the application name or the icon, then click on Access Management.

4. Under the ADVANCED tab, enter the values for:

   • Ignore Audit for Users: Enter a comma-separated list of user email addresses to exclude from audit logs.

   • Project ID Used to Fetch BigQuery Audits: Enter the project ID where BigQuery audit logs are stored.

   • Dataset Used to Fetch BigQuery Audits: Enter the name of the dataset containing the audit data.

5. Click SAVE.

6. Once saved and enabled, the BigQuery connector will start. Then you can hover on the VIEW LOGS button to check the status, either Running or Stopped.

1

Perform the following steps only if the connector does not reflect the updated configuration and requires a restart.

Restart The BigQuery Connector:

1. Go to Settings > Applications > select the BigQuery connector application .

2. Edit the application > Disable it > and Save it.

3. Open the same application again and then: Enable it and Save it.