Skip to content

Enable Native Support

Privacera supports native column masking and row-level filtering policies for Snowflake Connector. This feature allows you to enforce data access policies directly within the Snowflake, leveraging its built-in capabilities.

Configuration

Note

Native column masking and row filter policies are enabled by default.

  1. Navigate to SettingsApplications in the Self-Managed Portal.

  2. From the list of Connected Applications, select Snowflake.

  3. Click on the application name or the icon to edit. Then, go to the Access Management tab.

  4. Under ADVANCED tab, ensure the following options are enabled:

    • Enforce snowflake native masking: Enables native column masking. Enabled by default.
    • Enforce snowflake native row filter: Enables native row-level filtering. Enabled by default.

  5. Under ADVANCED tab, ensure the following secure view options are disabled:

    • Enforce masking policies using secure views: Disable this option if you want to use native masking instead of secure views.
    • Enforce row filter policies using secure views: Disable this option if you want to use native row filter instead of secure views.
    • Create secure view for all tables/views: Disable this option if you want to use native instead of secure view for all tables and views.

  6. Set default masking values:

    • Default masked defaultValue for numeric datatype columns: Defaults to 0.
    • Default masked defaultValue for text/varchar/string datatype columns: Defaults to <MASKED>.

  7. Click SAVE to apply the changes.

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/snowflake/instance1/vars.connector.snowflake.yml

  3. Enable native support by setting the following properties to true:

    YAML
    1
2
    CONNECTOR_SNOWFLAKE_ENABLE_ROW_FILTER: "true"
CONNECTOR_SNOWFLAKE_ENABLE_MASKING: "true"

  4. Ensure the following secure view options are disabled:

    YAML
    1
2
3
    CONNECTOR_SNOWFLAKE_ENABLE_VIEW_BASED_MASKING: "false"
CONNECTOR_SNOWFLAKE_ENABLE_VIEW_BASED_ROW_FILTER: "false"
CONNECTOR_SNOWFLAKE_SECURE_VIEW_CREATE_FOR_ALL: "false"

  5. Define default masking values:

    YAML
    1
2
    CONNECTOR_SNOWFLAKE_MASKED_NUMBER_VALUE: "<MASKED_NUMBER_VALUE>"
CONNECTOR_SNOWFLAKE_MASKED_TEXT_VALUE: "<MASKED_TEXT_VALUE>"

  6. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

Comments