Skip to content

Configuring OMNI for Privacera PolicySync Connectors

This guide provides an overview and step-by-step guidance for configuring OMNI mode in Privacera PolicySync connectors.

Supported Connectors

OMNI mode is currently supported for

  • Snowflake
  • Databricks Unity Catalog

Choosing Your Deployment Path

Select the appropriate configuration path based on your deployment scenario:

Scenario Description
Existing Deployment You already have Privacera deployed with Databricks Unity Catalog or Snowflake connector
Configuring Omni You are performing a new Privacera installation

Note

If you have an existing deployment, you must complete Existing Deployment before proceeding to Configuring Omni.

Existing Deployment

Perform the following steps to cleanup the Connector PVC before configuring the Omni Metadata Feature.

We require this action to trigger Metadata Sync from Connector to the Metadata Service for all previously loaded connector resources.

DEPLOYMENT_ENV_NAME

You can get your deployment by running the command

Bash
1
2
3
4
cd ~/privacera/privacera-manager
grep DEPLOYMENT_ENV_NAME config/vars.privacera.yml
cd ~/privacera/privacera-manager
grep DEPLOYMENT_ENV_NAME config/vars.privacera.yml
And set it as an environment variable
Bash
1
2
export DEPLOYMENT_ENV_NAME=<your-deployment-name>
export DEPLOYMENT_ENV_NAME=<your-deployment-name>

  1. List all the deployments in the namespace.

    Bash
    1
    kubectl get deployments -n $DEPLOYMENT_ENV_NAME

  2. Identify the respective connector deployment and run the following command to scale down the connector deployment to 0.

    Bash
    1
    kubectl scale deployment <connector-deployment-name> --replicas=0 -n $DEPLOYMENT_ENV_NAME

  3. List all the PVC in the namespace

    Bash
    1
    kubectl get pvc -n $DEPLOYMENT_ENV_NAME

  4. Identify the respective connector PVC name. Run the following command to delete the connector PVC.

    Bash
    1
    kubectl delete pvc <connector-pvc-name> -n $DEPLOYMENT_ENV_NAME

Once these steps are completed, refer below section for configuring the Omni feature.

Configuring Omni

Data Plane Version Requirement

The data plane must be version 9.2.0.2 or greater to use OMNI mode. If you need to upgrade your data plane, refer to the Upgrading Privacera Manager guide.

Note for Fresh Install Deployment

Please ensure you have completed the Data Plane Configuration before proceeding with this below setup.

  1. Privacera Support to configure OMNI for your service.

    Important

    Before enabling OMNI mode, you need to migrate your existing tag-resource mappings from Ranger to the OMNI metadata service. This ensures that your existing tag-based policies continue to work correctly after the migration.

  2. Migrate your existing tag-resource mappings to OMNI.

    Follow the instructions in the Ranger to OMNI Tag-Resource Migration Guide to complete this migration.

  3. Run the following command to navigate to the /privacera-manager directory.

    Bash
    1
2
    cd ~/privacera/privacera-manager
cd ~/privacera/privacera-manager

  4. Add the below properties to the file config/custom-vars/vars.privacera-cloud.yml.

    YAML
    1
2
3
4
    # Metadata Sync agent and Tag Enricher URL
CONNECTOR_OMNI_METADATA_SYNC_HTTP_BASE_URL: "{{PRIVACERA_CLOUD_RANGER_ADMIN_URL}}/omni-metadata"
CONNECTOR_OMNI_METADATA_TAG_ENRICHER_HTTP_BASE_URL: "{{PRIVACERA_CLOUD_RANGER_ADMIN_URL}}/omni-metadata"
PRIVACERA_USERSYNC_LOADER_OMNI_URL: "{{PRIVACERA_CLOUD_RANGER_ADMIN_URL}}/omni-metadata"

  5. Make sure you have Enabled the Ranger Service Definitions for Access Connectors

    Note

    If you already have the Connector Service enabled you should skip the above step.

  6. Configure your PolicySync Connector with Omni

    Tip

    Complete the base setup configuration for your specific connector before proceeding:

    Snowflake: Snowflake Connector Base Setup.

    Databricks Unity Catalog: Databricks Unity Catalog Connector Base Setup.

    Important

    When following the base setup documentation, skip the OMNI-specific configuration steps—you'll complete those here.

    • Add the below properties to the file config/custom-vars/connectors/<connector-name>/<instance-name>/vars.connector.<TYPE>.yml

      • Replace <connector-name> with your connector name (e.g., snowflake, databricks-unity-catalog).
      • Replace <instance-name> with your instance name (e.g., instance1, instance2).
      • Replace <TYPE> with your connector name (e.g., snowflake, databricks.unity.catalog).
    YAML
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
    # Uncomment below property to enable RLF Expression Merging for policies
CONNECTOR_RANGER_MERGE_ROWFILTER_EXPRESSION_ENABLED: "true"

# Uncomment below property to enable evaluating RLF for tag-based policies
CONNECTOR_RANGER_EVALUATE_TAG_ROWFILTER_EXPRESSION_ENABLED: "true"

# Uncomment below properties to enable Omni Metadata Sync
CONNECTOR_OMNI_METADATA_SYNC_ENABLED: "true"

# Uncomment below properties to enable Omni Metadata Tag Enricher
CONNECTOR_OMNI_METADATA_TAG_ENRICHER_ENABLED: "true"

  7. Apply the Configuration to "Data Plane"

    After all the changes are done you can start the connector by running the following instructions:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install