Secure View Row Filter and Masking¶

1. Navigate to Settings → Applications in the Self-Managed Portal.

2. Select BigQuery from the list of Connected Applications.

3. Click on the application name or the icon, then click on Access Management.

4. Under the ADVANCED tab, enter the values for:

   • Enforce masking policies using secure views: Enable if you want to enforce masking policies using secure views. Default value is true.
   • Enforce row filter policies using secure views: Enable if you want to enforce row filter policies using secure views. Default value is true.
   • Create secure view for all tables/views: Enable if you want to create secure views for all tables and views, regardless of existing masking or row filter policies. Default value is true.
   • Enforce tag masking: Enable if you want to enforce tag masking. Default value is false.
   • Default masked value for int64 datatype columns : Specifies the masking value used for numeric data types. E.g. 0
   • Default masked value for string datatype columns : Specifies the masking value used for text or string data types. E.g. <MASKED>

5. Click SAVE to apply the changes.

The following properties define how access control mechanisms are managed within BigQuery:

1. CONNECTOR_BIGQUERY_ENABLE_ROW_FILTER

   • Description: Enables native BigQuery row filters.
   • Recommended Setting: false

2. CONNECTOR_BIGQUERY_ENABLE_VIEW_BASED_MASKING

   • Description: Enables masking policies using secure views.

   • Recommended Setting: true

     GBQ support native tag based masking. we recommend as "true" as this is secure section.

3. CONNECTOR_BIGQUERY_ENABLE_VIEW_BASED_ROW_FILTER

   • Description: Enables row filter policies using secure views.
   • Recommended Setting: true

4. CONNECTOR_BIGQUERY_SECURE_VIEW_CREATE_FOR_ALL

   • Description: Creates secure views for all tables and views, regardless of existing masking or row filter policies.
   • Recommended Setting: false

Modify the following properties in the vars.connector.bigquery.yml file located in the instance directory of the connector.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

# Enable native BigQuery row filters
CONNECTOR_BIGQUERY_ENABLE_ROW_FILTER: "false"

# Enable native BigQuery tag masking
ENABLE_TAG_MASKING: "false"

# Enable view-based masking for BigQuery
CONNECTOR_BIGQUERY_ENABLE_VIEW_BASED_MASKING: "true"

# Enable view-based row filters for BigQuery
CONNECTOR_BIGQUERY_ENABLE_VIEW_BASED_ROW_FILTER: "true"

# Create secure views for all tables and views, regardless of policies
CONNECTOR_BIGQUERY_SECURE_VIEW_CREATE_FOR_ALL: "false"

Save the file and update the privacera manager

1
2

cd ~/privacera/privacera-manager
./privacera-manager.sh update

1. In PrivaceraCloud, go to Settings -> Applications.

2. Select BigQuery from the list of Connected Applications.

3. Click on the application name or the icon, then click on Access Management.

4. Under the ADVANCED tab, enter the values for:

   • Enforce Masking Policies Using Secure Views : Specifies whether to use secure view-based masking. Default value is true.
   • Default Masking Value for Numeric Datatype : Specifies the masking value used for numeric data types.
   • Default Masking Value for Text/String Datatype : Specifies the masking value used for text or string data types.
   • Enforce Row Filter Policies Using Secure Views : Specifies whether to use secure view-based row filtering. Default value is true.

5. Click SAVE.

6. Once saved and enabled, the BigQuery connector will start. Then you can hover on the VIEW LOGS button to check the status, either Running or Stopped.

1

Perform the following steps only if the connector does not reflect the updated configuration and requires a restart.

Restart The BigQuery Connector:

1. Go to Settings > Applications > select the BigQuery connector application .

2. Edit the application > Disable it > and Save it.

3. Open the same application again and then: Enable it and Save it.