Enable DataAdmin for scrubbing RLF evaluation¶

Enables DataAdmin bypass for Row-Level Filter (RLF) evaluation, allowing principals with DataAdmin permission to be excluded from fine-grained access controls. When enabled, all RowFilter policies are skipped for such privileged principals, providing a centralized and flexible mechanism to configure trusted administrative access.

Prerequisites¶

Before configuring DataAdmin for Snowflake connector, ensure that:

OMNI is configured for Snowflake Connector.
PBAC is configured for Snowflake.

OMNI Configuration¶

To configure OMNI for Snowflake Connector refer to the OMNI configuration guide for detailed steps.

PBAC Configuration¶

To configure PBAC for Snowflake Connector, refer to the PBAC configuration guide for detailed steps.

Configuration¶

Data Plane

SSH to the instance where Privacera Manager is installed.
Run the following command to open the .yml file to be edited.

If you have multiple connectors, then replace instance1 with the appropriate connector instance name.
Bash
1
vi ~/privacera/privacera-manager/config/custom-vars/connectors/snowflake/instance1/vars.connector.snowflake.yml
Set the following property to true. The default value is false:
YAML
1
CONNECTOR_SNOWFLAKE_ENABLE_DATAADMIN_RLF_SCRUBBING: "true"
Once the property is configured, run the following commands to update your Privacera Manager platform instance:

Step 1 - Setup which generates the helm charts. This step usually takes few minutes.
Bash
1 2
cd ~/privacera/privacera-manager ./privacera-manager.sh setup
Step 2 - Apply the Privacera Manager helm charts.
Bash
1 2
cd ~/privacera/privacera-manager ./pm_with_helm.sh upgrade
Step 3 - (Optional) Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on. This step is not required if you are updating only connector properties.
Bash
1 2
cd ~/privacera/privacera-manager ./privacera-manager.sh post-install

Prev topic: Advanced Configuration