Skip to content

Manage Access Audits

Privacera supports access audits for the Snowflake connector, allowing you to fetch and manage access audit logs from Snowflake. This feature is valuable for tracking user access and ensuring compliance with data governance policies.

Configure

  1. Navigate to SettingsApplications in the Self-Managed Portal.

  2. From the list of Connected Applications, select Snowflake.

  3. Click on the application name or the icon to edit. Then, go to the Access Management tab.

  4. Under the BASIC tab, enable the following options to configure access audits:

    • Enable access audits: Enable to fetch access audits from the Snowflake connector.
    • Enable simple audits: Enables simple access audits queried on database.
    • Enable advance audits: Enables advanced access audits queried on database.

  5. Under ADVANCED tab, configure the following options:

    • Enable column access exception: Enable to display an access denied exception when a user attempts to access specific columns in a table without the necessary permissions.
    • Database name where masking function for column access control will be created: Specify the database where the masking function used for column-level access control will be created. This field is required when Enable column access exception is enabled.

  6. Click SAVE to apply the changes.

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/snowflake/instance1/vars.connector.snowflake.yml

  3. Enable access audits by setting the following properties to true:

    YAML
    1
2
3
    CONNECTOR_SNOWFLAKE_AUDIT_ENABLE: "true"
CONNECTOR_SNOWFLAKE_ENABLE_AUDIT_SOURCE_SIMPLE: "true"
CONNECTOR_SNOWFLAKE_ENABLE_AUDIT_SOURCE_ADVANCE: "true"

  4. Add or update the following property to enable column access exception:

    YAML
    1
    CONNECTOR_SNOWFLAKE_ENABLE_COLUMN_ACCESS_EXCEPTION: "true"

  5. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  1. In PrivaceraCloud portal, navigate to Settings -> Applications.

  2. On the Connected Applications screen, select Snowflake.

  3. Click on the icon or the Account Name to modify the settings.

  4. On the Edit Application screen, go to Access Management.

  5. Under the BASIC tab, enable the following options to configure access audits:

    • Enable access audits: Enable to fetch access audits from the Snowflake connector.
    • Enable simple audits: Enables simple access audits queried on database.
    • Enable advance audits: Enables advanced access audits queried on database.
    • Database name where masking function for column access control will be created: Specify the database where the masking function used for column-level access control will be created. This field is required when Enable column access exception is enabled.

  6. Under ADVANCED tab, configure the following options:

    • Enable column access exception: Enable to display an access denied exception when a user attempts to access specific columns in a table without the necessary permissions.

  7. Click SAVE to apply the changes.

Comments