Skip to content

Enable Secure View

Privacera supports Secure View for Microsoft SQL Server, enabling the creation of views on top of existing tables while enforcing row-level security (RLS) and column-level masking policies. Secure view is enabled by default, with secure view properties set to true by default. This means secure views will be created automatically when policies are applied.

For more information, refer to the About Secure Views section.

Configuration

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/mssql/instance1/vars.connector.mssql.yml

  3. To enable secure view, update the following properties to true:

    YAML
    1
2
3
4
    CONNECTOR_MSSQL_ENABLE_VIEW_BASED_MASKING: "true"
CONNECTOR_MSSQL_ENABLE_VIEW_BASED_ROW_FILTER: "true"
CONNECTOR_MSSQL_SECURE_VIEW_CREATE_FOR_ALL: "true"
CONNECTOR_MSSQL_ENABLE_DATA_ADMIN: "true"

  4. Set default masked values:

    YAML
    1
2
3
    CONNECTOR_MSSQL_MASKED_NUMBER_VALUE: "0"
CONNECTOR_MSSQL_MASKED_TEXT_VALUE: "<MASKED>"
CONNECTOR_MSSQL_MASKED_DATE_VALUE: "<MASKED_DATE>"

  5. Set view naming conventions (optional):

    YAML
    1
2
3
4
    CONNECTOR_MSSQL_SECURE_VIEW_NAME_PREFIX: "<SECURE_VIEW_NAME_PREFIX>"
CONNECTOR_MSSQL_SECURE_VIEW_NAME_POSTFIX: "<SECURE_VIEW_NAME_POSTFIX>"
CONNECTOR_MSSQL_SECURE_VIEW_SCHEMA_NAME_PREFIX: "<SECURE_VIEW_SCHEMA_NAME_PREFIX>"
CONNECTOR_MSSQL_SECURE_VIEW_SCHEMA_NAME_POSTFIX: "<SECURE_VIEW_SCHEMA_NAME_POSTFIX>"

  6. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - (Optional) Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on. This step is not required if you are updating only connector properties.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  1. In PrivaceraCloud portal, navigate to SettingsApplications.

  2. On the Connected Applications screen, select MSSQL.

  3. Click the pen icon or the Account Name to modify the settings.

  4. On the Edit Application screen, go to Access Management.

  5. Under the ADVANCED tab, enable the following options to configure secure views:

    • Enforce masking policies using secure views: Enables enforcement of masking policies using secure views.
    • Enforce row filter policies using secure views: Enables enforcement of row filter policies using secure views.
    • Create secure view for all tables/views: Enable to create secure view for all tables and views.
    • Enable dataadmin: Allow the dataadmin role to create secure views.

  6. Set default values for masked columns:

    • Default masked value for numeric datatype columns: Default value is 0 for numeric datatype columns.
    • Default masked value for text/varchar datatype columns: Default value is <MASKED> for text/varchar datatype columns.

  7. Set view naming conventions (optional):

    • Secure view name prefix: Prefix for the secure view name.
    • Secure view name postfix: Postfix for the secure view name (default: _secure).
    • Secure view schema name prefix: Prefix for the secure view schema name.
    • Secure view schema name postfix: Postfix for the secure view schema name.

  8. Click SAVE to apply the changes.