Skip to content

Filtering Privacera User, Group, and Role Names

This section describes the configuration options available to filter specific Privacera users, groups, and roles. These filters allow administrators to control which identities are included or excluded from policy synchronization and access evaluation.

Goal

You wish to manage access permissions for a specific set of Privacera users, groups, and roles within your BigQuery environment.

Prerequisites

  1. You have successfully installed Privacera Manager and have the base installation operational.
  2. You have configured the connector for BigQuery or are in the process of doing so.

Configuration Steps

Warning

The values shown below are for example purposes only. Replace them with your actual configuration values.

Update Configuration File Modify the following property in the vars.connector.bigquery.yml file located in the connector’s instance directory.

YAML
1
2
3
4
5
6
7
CONNECTOR_BIGQUERY_MANAGE_USER_LIST: "privacera_user1, privacera_user2"
CONNECTOR_BIGQUERY_MANAGE_GROUP_LIST: "privacera_group1, privacera_test_group_*"
CONNECTOR_BIGQUERY_MANAGE_ROLE_LIST: "privacera_role1, privacera_test_role_*"

CONNECTOR_BIGQUERY_IGNORE_USER_LIST: "test_user1"
CONNECTOR_BIGQUERY_IGNORE_GROUP_LIST: "test_group1"
CONNECTOR_BIGQUERY_IGNORE_ROLE_LIST: "test_role1"
You can set the MANAGE list to include users, groups, or roles from Privacera to be managed by the connector. The IGNORE list will exclude users, groups, or roles from being managed by the connector. The following are the rules for the values you can set:

  1. You can provide a comma-separated list of user, group, and role names.
  2. You can use * as a wildcard character.
  3. The ignore list takes precedence over the manage list. If a user, group, or role appears in both lists, it will be excluded.
  4. If you wish to manage all users, you can skip specifying these properties.

Save the file and update the privacera manager

Bash
1
2
cd ~/privacera/privacera-manager
./privacera-manager.sh update

  1. In PrivaceraCloud, go to Settings -> Applications.

  2. On the Applications screen, select BigQuery.

  3. Enter the application Name and Description. Click Save. Name could be any name of your choice. E.g. BigQuery Connector for account 123456.

  4. Open the BigQuery application.

  5. Enable the Access Management option with toggle button.

  6. Under the ADVANCED tab, enter the values for:

    Users to Set Access Control Policies : Specifies a comma-separated list of user names for which PolicySync manages access control. Wildcards can be used.

    Groups to Set Access Control Policies : Specifies a comma-separated list of group names for which PolicySync manages access control. Wildcards can be used.

    Users to be Ignored by Access Control Policies : Specifies a comma-separated list of user names that PolicySync does not provide access control for. Wildcards can be used.

    Groups to be Ignored by Access Control Policies : Specifies a comma-separated list of group names that PolicySync does not provide access control for. Wildcards can be used.

    Set Access Control Policies Only on Users from Managed Groups : Specifies whether to manage only the users that are members of groups specified by Groups to set access control policies. Default value is false.

  7. Click SAVE.

  8. The configured BigQuery connector appears under Applications.

  9. Once saved and enabled, the BigQuery connector will start. Then you can hover on the VIEW LOGS button to check the status, either Running or Stopped.

Note

Text Only
1
Perform the following steps only if the connector does not reflect the updated configuration and requires a restart.

Restart The BigQuery Connector:

  1. Go to Settings > Applications > select the BigQuery connector application .

  2. Edit the application > Disable it > and Save it.

  3. Open the same application again and then: Enable it and Save it.

Comments