Skip to content

Manage Resources List

You can configure the MSSQL connector to manage access control policies for specific databases, schemas, and tables/views. You can specify lists to include and exclude resources. The connector manages access control policies for resources in the include list and ignores resources in the exclude list. If a resource is in the exclude list, the connector does not manage it, even if it is also in the include list.

Use the following properties to specify comma-separated databases, schemas, and tables/views whose access control should be managed by PolicySync. To manage all resources, do not specify these properties. You can use wildcard characters (*) to match multiple databases, schemas, and tables/views.

Example:

  • Databases: sales_db,production_db,test_*
  • Schemas: sales_db.schema1,sales_db.sales*,production_db.*
  • Tables/Views: sales_db.schema1.table1,sales_db.sales*.orders*,sales_db.schema1.view1

Setup

Warning

  • Values are case-sensitive.
  • Provide fully qualified names for schemas, tables, and views. For example: database.schema.table
  • Replace the example values with your actual resource names.
  • If you leave a property empty, all resources of that type will be managed (unless excluded).

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/mssql/instance1/vars.connector.mssql.yml

  3. Set the following properties to enable the connector to manage the permissions for databases, schemas, tables, and views in MSSQL:

    YAML
    1
2
3
4
    CONNECTOR_MSSQL_MANAGE_DATABASE_LIST: "sales_db,production_db"
CONNECTOR_MSSQL_MANAGE_SCHEMA_LIST: "sales_db.schema1,sales_db.sales*"
CONNECTOR_MSSQL_MANAGE_TABLE_LIST: "sales_db.schema1.table1,sales_db.sales*.orders*"
CONNECTOR_MSSQL_MANAGE_VIEW_LIST: "sales_db.schema1.view1,sales_db.sales*.report*"

  4. For excluding resources, set the following properties:

    YAML
    1
2
3
4
    CONNECTOR_MSSQL_IGNORE_DATABASE_LIST: "test_db,dev_*"
CONNECTOR_MSSQL_IGNORE_SCHEMA_LIST: "sales_db.sys,sales_db.INFORMATION_SCHEMA"
CONNECTOR_MSSQL_IGNORE_TABLE_LIST: "sales_db.schema1.temp_table*"
CONNECTOR_MSSQL_IGNORE_VIEW_LIST: "sales_db.schema1.temp_view*"

  5. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - (Optional) Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on. This step is not required if you are updating only connector properties.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  1. In PrivaceraCloud portal, navigate to Settings -> Applications.

  2. On the Connected Applications screen, select MSSQL.

  3. Click the pen icon or the Account Name to modify the settings.

  4. On the Edit Application screen, go to Access Management -> ADVANCED tab.

  5. For including resources, enter the following values in the respective fields:

    • Database to set access control policies: sales_db,production_db
    • Schemas to set access control policies: sales_db.schema1,sales_db.sales*
    • Tables to set access control policies: sales_db.schema1.table1,sales_db.sales*.orders*

  6. For excluding resources, enter the following values in the respective fields:

    • Databases to ignore while setting access control policies: test_db,dev_*
    • Schemas to ignore while setting access control policies: sales_db.sys,sales_db.INFORMATION_SCHEMA

  7. Click SAVE to apply the changes.