Skip to content

Principal Naming and Case Configuration

This section describes how to configure role prefixes and case sensitivity for principals created in Microsoft SQL Server.

When the Microsoft SQL Server Connector creates principals—users, groups, and roles—in Microsoft SQL Server, you can configure how these principals are named and how their case is handled. This page covers the following configuration options:

  • Role Prefixes: Customize the prefixes used for database roles created for users, groups, and roles
  • Case Sensitivity: Control whether principal names preserve their original case or are converted
  • Case Conversion: Specify how principal names should be converted (lowercase, uppercase, or preserved)

Setup

By default, principal names are converted to lowercase when they are created in Microsoft SQL Server. However, the connector provides configuration options to control case sensitivity and normalization.

Persist Case Sensitivity:

  • When case sensitivity is retained (true): Principal names (users, groups, roles) are stored and managed exactly as provided, preserving uppercase and lowercase letters.

  • When case sensitivity is not retained (false, default behavior): Principal names are automatically converted to lowercase in Microsoft SQL Server.

Case Conversion Options:

  • lower (default): Principal names (users, groups, roles) are converted to lowercase.
  • upper: Principal names are converted to uppercase.
  • none: Principal names are preserved as-is, without any case conversion.
Case conversion properties apply only when case sensitivity is not persisted

  • Self Managed (YAML Configuration) deployments:

    • CONNECTOR_MSSQL_USER_NAME_PERSIST_CASE_SENSITIVITY
    • CONNECTOR_MSSQL_GROUP_NAME_PERSIST_CASE_SENSITIVITY
    • CONNECTOR_MSSQL_ROLE_NAME_PERSIST_CASE_SENSITIVITY

  • PrivaceraCloud deployments:

    • Disable the following in Access Management → ADVANCED tab of the MSSQL application:
      • Persist case sensitivity of user names
      • Persist case sensitivity of group names
      • Persist case sensitivity of role names

Warning

  • Replace the example values with your actual values.

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/mssql/instance1/vars.connector.mssql.yml

  3. To customize the role prefixes for users, groups, and roles, set the following properties:

    YAML
    1
2
3
    CONNECTOR_MSSQL_USER_ROLE_PREFIX: "priv_user_dev"
CONNECTOR_MSSQL_GROUP_ROLE_PREFIX: "priv_group_dev"
CONNECTOR_MSSQL_ROLE_ROLE_PREFIX: "priv_role_dev"

  4. To retain the case of the principal names, set the following properties:

    YAML
    1
2
3
    CONNECTOR_MSSQL_USER_NAME_PERSIST_CASE_SENSITIVITY: "true"
CONNECTOR_MSSQL_GROUP_NAME_PERSIST_CASE_SENSITIVITY: "true"
CONNECTOR_MSSQL_ROLE_NAME_PERSIST_CASE_SENSITIVITY: "true"

  5. To configure case conversion, set the following properties:

    YAML
    1
2
3
    CONNECTOR_MSSQL_USER_NAME_CASE_CONVERSION: "lower"
CONNECTOR_MSSQL_GROUP_NAME_CASE_CONVERSION: "lower"
CONNECTOR_MSSQL_ROLE_NAME_CASE_CONVERSION: "lower"

  6. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - (Optional) Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on. This step is not required if you are updating only connector properties.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  1. In PrivaceraCloud portal, navigate to Settings -> Applications.

  2. On the Connected Applications screen, select MSSQL.

  3. Click the Edit (pen) icon or the Account Name to modify the settings.

  4. On the Edit Application screen, go to Access Management -> ADVANCED tab.

  5. To customize the role prefixes, enter the prefix in the following fields:

    • Prefix of mssql roles for portal users: priv_user_dev
    • Prefix of mssql roles for portal groups: priv_group_dev
    • Prefix of mssql roles for portal roles: priv_role_dev

  6. To retain the case of the principal names, enable the following options:

    • Persist case sensitivity of user names
    • Persist case sensitivity of group names
    • Persist case sensitivity of role names

  7. To use the case conversion, add the following properties under Add New Custom Properties section:

    Text Only
    1
2
3
    ranger.policysync.connector.0.user.name.case.conversion=lower
ranger.policysync.connector.0.group.name.case.conversion=lower
ranger.policysync.connector.0.role.name.case.conversion=lower

  8. Click SAVE to apply the changes.