Enable Secure View¶

Privacera supports Secure View for Snowflake connector. This feature allows you to create views on top of existing tables while applying Row-Level Security (RLS) and column-level masking policies.

For more information, refer to the About Secure Views section.

Configuration¶

Self Managed (Portal Configuration)Self Managed (YAML Configuration) and Data Plane

Note

By deafult, native column masking and row filter policies are enabled. You must disable them to use Secure Views.

Navigate to Settings → Applications in the Self-Managed Portal.
From the list of Connected Applications, select Snowflake.
Click on the application name or the icon to edit. Then, go to the Access Management tab.
Under the ADVANCED tab, enable the following options to configure secure views:
- Enforce masking policies using secure views: Enables enforcement of masking policies using secure views.
- Enforce row filter policies using secure views: Enables enforcement of row filter policies using secure views.
- Create secure view for all tables/views: Enable to create secure view for all tables and views.
Under ADVANCED tab, ensure the following native options are disabled:
- Enforce snowflake native masking: Disable this option if you want to use secure Views instead of native maksing, which is enabled by default.
- Enforce snowflake native row filter: Disable this option if you want to use secure Views instead of native row level filter, which is enabled by default.
Set default values for masked columns:
- Default masked defaultValue for numeric datatype columns: Default value is 0 for numeric datatype columns.
- Default masked defaultValue for text/varchar/string datatype columns: Default value is <MASKED> for text/varchar/string datatype columns.
Set view naming conventions (optional):
- Secure view name prefix: Prefix for the secure view name.
- Secure view name postfix: Postfix for the secure view name.
- Secure view schema name prefix: Prefix for the secure view schema name.
- Secure view schema name postfix: Postfix for the secure view schema name.
Click SAVE to apply the changes.

SSH to the instance where Privacera Manager is installed.
Run the following command to open the .yml file to be edited.

If you have multiple connectors, then replace instance1 with the appropriate connector instance name.
Bash
1
vi ~/privacera/privacera-manager/config/custom-vars/connectors/snowflake/instance1/vars.connector.snowflake.yml

To enable secure view update the following properties to true:

YAML
CONNECTOR_SNOWFLAKE_ENABLE_VIEW_BASED_MASKING: "true"
CONNECTOR_SNOWFLAKE_ENABLE_VIEW_BASED_ROW_FILTER: "true"
CONNECTOR_SNOWFLAKE_SECURE_VIEW_CREATE_FOR_ALL: "true"

Ensure the following native options are disabled:

YAML
CONNECTOR_SNOWFLAKE_ENABLE_ROW_FILTER: "false"
CONNECTOR_SNOWFLAKE_ENABLE_MASKING: "false"

Set default masked values:

YAML
CONNECTOR_SNOWFLAKE_MASKED_NUMBER_VALUE: "<MASKED_NUMBER_VALUE>"
CONNECTOR_SNOWFLAKE_MASKED_TEXT_VALUE: "<MASKED_TEXT_VALUE>"

Set view naming conventions (optional):

YAML
CONNECTOR_SNOWFLAKE_SECURE_VIEW_NAME_PREFIX: "<SECURE_VIEW_NAME_PREFIX>"
CONNECTOR_SNOWFLAKE_SECURE_VIEW_NAME_POSTFIX: "<SECURE_VIEW_NAME_POSTFIX>"
CONNECTOR_SNOWFLAKE_SECURE_VIEW_SCHEMA_NAME_PREFIX: "<SECURE_VIEW_SCHEMA_NAME_PREFIX>"
CONNECTOR_SNOWFLAKE_SECURE_VIEW_SCHEMA_NAME_POSTFIX: "<SECURE_VIEW_SCHEMA_NAME_POSTFIX>"

Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

Step 1 - Setup which generates the helm charts. This step usually takes few minutes.
Bash
1 2
cd ~/privacera/privacera-manager ./privacera-manager.sh setup
Step 2 - Apply the Privacera Manager helm charts.
Bash
1 2
cd ~/privacera/privacera-manager ./pm_with_helm.sh upgrade
Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.
Bash
1 2
cd ~/privacera/privacera-manager ./privacera-manager.sh post-install

Prev topic: Advanced Configuration

Enable Secure View¶

Configuration¶

Comments