Skip to content

Setup Access Management for PostgreSQL Connector

This section outlines the steps to set up the PostgreSQL Connector with the Privacera Policysync. Ensure that all prerequisites are met before proceeding.

Create Instance of PostgreSQL Connector

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to navigate to the /config directory.

    Bash
    1
    cd ~/privacera/privacera-manager/config

  3. Create a new directory for the PostgreSQL connector configuration.

    Note

    In the following example, instance1 is the connector instance name. You can modify this name to uniquely identify your configuration. The instance name must contain only hyphens and alphanumeric characters.

    Bash
    1
    mkdir -p custom-vars/connectors/postgres/instance1

  4. Run the following command to copy the sample vars:

    Bash
    1
    cp -n sample-vars/vars.connector.postgres.yml custom-vars/connectors/postgres/instance1/

  5. Run the following command to open the .yml file to be edited.

    Bash
    1
    vi custom-vars/connectors/postgres/instance1/vars.connector.postgres.yml

  1. In PrivaceraCloud, go to Settings -> Applications.

  2. On the Applications screen, select PostgreSQL.

  3. Enter the application Name and Description. Click Save. Name could be any name of your choice. Example, PostgreSQL Account 123456.

  4. Open the PostgreSQL application.

  5. Enable the Access Management option with toggle button.

JDBC Connection details

  1. Set the JDBC URL to connect to PostgreSQL, without the database name at the end.
  2. Set the JDBC username to connect to PostgreSQL and password with admin privileges which will be used by the connector.
  3. Set JDBC database to be used to make initial connection to PostgreSQL connector.

Warning

Replace the below example values with your actual values.

YAML
1
2
3
4
5
CONNECTOR_POSTGRES_JDBC_URL: "jdbc:postgresql://<postgres-host>:<port>"
CONNECTOR_POSTGRES_JDBC_DB: "postgres_db"
CONNECTOR_POSTGRES_JDBC_USERNAME: "privacera_user"
CONNECTOR_POSTGRES_JDBC_PASSWORD: "privacera_password"
CONNECTOR_POSTGRES_DEFAULT_USER_PASSWORD: "default_password"

Enter these fields under the BASIC tab:

  • Postgres JDBC URL : jdbc:postgresql://<postgres-host>:<port>
  • Postgres JDBC username : privacera_user
  • Postgres JDBC password : privacera_password
  • Postgres default Database: postgres_db
  • Default password for new postgres user: Set a strong password which will be used as the default password for a new Postgres user. This is a mandatory field. It is used when the feature to provision users through the connector is enabled.

Managed Database Objects

This property is used to set comma-separated database names for which access control policies will be applied. Wildcards are supported.

Example: test_db_1,test_db_2,sales_db_*.

Warning

  • Values are case-sensitive.
  • Replace the below example value with your actual value.
YAML
1
CONNECTOR_POSTGRES_MANAGE_DATABASE_LIST: "postgres_db"

Under the BASIC tab, enter the values for:

  • Databases to set access control polices : postgres_db

Managed Users and Groups

Set these properties to enable access permission management for a subset of users, groups, and roles in Privacera.

  1. Provide a comma-separated list of users, groups, and roles to manage (wildcards are supported). Example: privacera_user1,privacera_user2,postgres_*.

Warning

  • Values are case-sensitive.
  • Replace the below example values with your actual values.
YAML
1
2
3
CONNECTOR_POSTGRES_MANAGE_USER_LIST: "privacera_user1,privacera_user2,postgres_*"
CONNECTOR_POSTGRES_MANAGE_GROUP_LIST: "privacera_group1,privacera_group2,postgres_group_*"
CONNECTOR_POSTGRES_MANAGE_ROLE_LIST: "privacera_role1,privacera_role2,postgres_role_*"

Under the ADVANCED tab, enter the values for:

  • Users to set access control policies : privacera_user1,privacera_user2,postgres_*

  • Groups to set access control policies : privacera_group1,privacera_group2,postgres_group_*

  • Roles to set access control policies : privacera_role1,privacera_role2,postgres_role_*

Enable Connector and Access Control Policies

Set these properties to enable or disable access permission management for a subset of users, groups, and roles in Privacera.

  1. Enable/Disable user, group, and role management (CONNECTOR_POSTGRES_MANAGE_ENTITIES):
    • Set this property to true to manage users, groups, and roles from Privacera.
  2. Enable/Disable grant and revoke operations (CONNECTOR_POSTGRES_GRANT_UPDATES):
    • Set this property to true to allow Privacera to perform GRANT and REVOKE operations on the database objects.
YAML
1
2
CONNECTOR_POSTGRES_MANAGE_ENTITIES: "true"
CONNECTOR_POSTGRES_GRANT_UPDATES: "true"

Under the BASIC tab, enter the values for:

  • Enable policy enforcements and user/group/role management : Enable this option to manage users, groups, and roles from Privacera.

Apply the Configuration

To apply the updated configuration, follow the Privacera Manager QuickStart steps to update your Privacera Manager instance.

After applying the configuration, verify that the PostgreSQL Connector pod is running as per list of pods in Self Managed or list of pods in Data Plane.

  1. Once all the required fields are filled, click Save.

  2. The configured PostgreSQL connector appears under Connected Applications.

  3. Once saved and enabled, the PostgreSQL connector will start. Then you can hover on the VIEW LOGS button to check the status, either Running or Stopped.

  4. Perform following steps to restart the PostgreSQL connector application:

    1. Go to SettingsApplications → select the PostgreSQL connector application.

    2. Edit the application by disabling the Access Management option with toggle button and then Save it.

    3. Open the same application again and then enable the Access Management option with toggle button and then Save it.

Comments