Skip to content

Access Management for Google Groups in Native Tag Based Masking

Google Groups simplify access control in Google Cloud by enabling administrators to manage permissions for multiple users collectively. In BigQuery's native tag-based masking, these groups determine who can access sensitive data once access is granted through tag associations.

Privacera supports access management for custom groups. These group must be created on the service side, with users manually added to them. Once created, access for the group can be granted within BigQuery.

Note

  • For instructions on how to create a custom group in Google Cloud, refer to the link.
  • The values shown below are for example purposes only. Be sure to replace them with your actual configuration values.
  1. Navigate to SettingsApplications in the Self-Managed Portal.

  2. Select BigQuery from the list of Connected Applications.

  3. Click on the application name or the icon, then click on Access Management.

  4. Under the ADVANCED tab, add the following property under Add New Custom Properties:

    YAML
    ranger.policysync.connector.0.native.public.group.masking.identity.name="<domain_name>"
    
  5. Click SAVE to apply the changes.

  1. Open the vars.connector.bigquery.yml file located in the connector’s instance directory.

  2. Add or update the following property:

    • Description: Identity name for native public groups in tag-based masking.
    • Property: CONNECTOR_BIGQUERY_NATIVE_PUBLIC_GROUP_MASKING_IDENTITY_NAME
    • Value for example: connectorDev@googlegroups.com

    Note

    If this property is not set, the default value will be null.

  3. Save the file and update the privacera manager.

    Bash
    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
    

  1. In PrivaceraCloud, go to Settings -> Applications.

  2. Select BigQuery from the list of Connected Applications.

  3. Click on the application name or the icon, then click on Access Management.

  4. Under the ADVANCED tab, add the following property under Add New Custom Properties:

    YAML
    ranger.policysync.connector.0.native.public.group.masking.identity.name="<domain_name>"
    
  5. Click SAVE.

  6. Once saved and enabled, the BigQuery connector will start. Then you can hover on the VIEW LOGS button to check the status, either Running or Stopped.

Note

Perform the following steps only if the connector does not reflect the updated configuration and requires a restart.

Restart The BigQuery Connector:

  1. Go to Settings > Applications > select the BigQuery connector application .

  2. Edit the application > Disable it > and Save it.

  3. Open the same application again and then: Enable it and Save it.

Comments