Skip to content

Setup for Access Management for Snowflake Connector

This section outlines the steps to set up the Snowflake Connector with Policysync Privacera. Please ensure that all prerequisites are completed before starting the setup process.

Create Instance of Snowflake Connector

Note

The Ops Server Setup is required for the Self-Managed (Portal Configuration) setup.

  1. Navigate to SettingsApplications in the Self-Managed Portal.

  2. Select the Snowflake connector under Available Connections.

  3. Enter the application Name and Description, then click Next.

    • The name can be any meaningful identifier, such as sf-connector-1.
    • The description can provide additional context, e.g. Snowflake Connector for dev account xyz.

  4. Click on the application name or the icon. Enable the Access Management toggle.

  1. SSH to the instance where Privacera is installed.

  2. Run the following command to navigate to the /config directory.

    Bash
    1
    cd ~/privacera/privacera-manager/config

  3. Create a new directory for the Snowflake connector's configuration.

    Note

    In the example below, instance1 is the name of the connector instance. You can change this name to uniquely identify your installed connector configuration. The connector instance name should consist of only hyphens and alphanumeric characters.

    Bash
    1
    mkdir -p custom-vars/connectors/snowflake/instance1

  4. Copy the sample connector configuration file to your custom directory:

    Bash
    1
    cp -n sample-vars/vars.connector.snowflake.yml custom-vars/connectors/snowflake/instance1/

  5. Run the following command to open the .yml file to be edited.

    Bash
    1
    vi custom-vars/connectors/snowflake/instance1/vars.connector.snowflake.yml

  1. In PrivaceraCloud, navigate to SettingsApplications.

  2. On the Applications screen, select Snowflake application under Available connections.

  3. Select the Platform Type. Enter the application Name and Description, then click Save. The name can be any name of your choice, e.g. AWS Snowflake for account 123456789012.

  4. Open the Snowflake Application and click Edit to configure it.

  5. Enable the Access Management option using the toggle.

Connection Details

  1. Specify the Snowflake JDBC URL. For example, jdbc:snowflake://dev-environment.snowflakecomputing.com.
  2. Provide the Snowflake username and password used to authenticate the JDBC connection.
  3. Specify the Snowflake warehouse and role to be used by Policysync Connector on Snowflake server to execute queries.
  4. Specify the default password for new Snowflake users created by Policysync Connector.

Replace the below example values with your actual values.

Enter these fields under the BASIC tab:

Note

  • To view the property details, click the icon next to the property name.
  • Fields with asterisks (*) are mandatory.
  • Requires restart indicates that the connector pod will restart after updating the property.
  • Cleans RocksDB: When this property is updated, the connector pod initiates a cleanup process to remove cached data and other internal resources from RocksDB. The duration of this process may vary depending on the volume of data and resources being managed.
  • Snowflake JDBC url: jdbc:snowflake://dev-environment.snowflakecomputing.com
  • Snowflake JDBC username: <snowflake-jdbc-username>
  • Snowflake JDBC password: <snowflake-jdbc-password>
  • Snowflake warehouse to use: <snowflake-warehouse>
  • Snowflake role to use: <snowflake-role>
  • Default password for new snowflake user: <default-password>
YAML
1
2
3
4
5
6
7
CONNECTOR_SNOWFLAKE_JDBC_URL: "jdbc:snowflake://dev-environment.snowflakecomputing.com"             
CONNECTOR_SNOWFLAKE_JDBC_DB: "<snowflake-database-name>"             
CONNECTOR_SNOWFLAKE_JDBC_USERNAME: "<snowflake-jdbc-username>" 
CONNECTOR_SNOWFLAKE_JDBC_PASSWORD: "<snowflake-jdbc-password>"       
CONNECTOR_SNOWFLAKE_WAREHOUSE_TO_USE: "<snowflake-warehouse>"      
CONNECTOR_SNOWFLAKE_ROLE_TO_USE: "<snowflake-role>"
CONNECTOR_SNOWFLAKE_DEFAULT_USER_PASSWORD: "<default-password>"

Enter these fields under the BASIC tab:

  • Snowflake JDBC url: jdbc:snowflake://dev-environment.snowflakecomputing.com
  • Snowflake JDBC username: <snowflake-jdbc-username>
  • Snowflake JDBC password: <snowflake-jdbc-password>
  • Snowflake warehouse to use: <snowflake-warehouse>
  • Snowflake role to use: <snowflake-role>
  • Default password for new snowflake user: <default-password>

Managed Warehouses and Databases

This property is used to set comma-separated warehouse and database names for which access control policies will be applied. Wildcards are supported.

Example: test_warehouse1,test_warehouse2,sales_*.

Warning

  • Values are case-sensitive.
  • Replace the below example value with your actual value.

Under the BASIC tab, enter the values for:

  • Warehouses to manage access control policies: test_warehouse1
  • Databases to manage access control policies: test_database1
YAML
1
2
CONNECTOR_SNOWFLAKE_MANAGE_WAREHOUSE_LIST: "test_warehouse1"
CONNECTOR_SNOWFLAKE_MANAGE_DATABASE_LIST: "test_database1"

Under the BASIC tab, enter the values for:

  • Warehouses to set access control policies: test_warehouse1
  • Databases to set access control policies: test_database1
  • Database name where the masking function for column access control will be created: test_db1
    Specifies the database name in which policysync should create custom masking functions.
    Mandatory when Column access exception is enabled.

Manage Access Audits

By default, access audit is disabled. To enable it, refer to the Manage Access Audits.

Apply the Configuration

  1. Once all the required fields are filled, click Save.

  2. Download the configuration as a YML file by clicking the icon in the Action column.

  3. Copy the downloaded zip file to the following location on Privacera Manager instance:

    Bash
    1
    ~/privacera/privacera-manager/config/custom-vars/

  4. SSH to the Privacera Manager instance and navigate to the location where zip file is copied and unzip the file:

    Bash
    1
2
    cd ~/privacera/privacera-manager/config/custom-vars/
unzip <file_name>.zip

    Note

    • Backup existing configurations if needed.
    • Ensure unzip is installed on the system.
    • The replacement will only replace files with the same name; other files within the folder remain unchanged.

  5. After all the changes are done you can start the connector by running the following instructions:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  6. Once the connector is started, you can manage and monitor it using the Self-Managed portal.

After all the changes are done you can start the connector by running the following instructions:

Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

Bash
1
2
cd ~/privacera/privacera-manager
./privacera-manager.sh setup
Step 2 - Apply the Privacera Manager helm charts.
Bash
1
2
cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

Bash
1
2
cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  1. Once all the required fields are filled, click Save.

  2. The configured Databricks Unity Catalog connector appears under Connected Applications.

  3. Once saved and enabled, the Databricks Unity Catalog connector will start. Then you can hover on the VIEW LOGS button to check the status, either Running or Stopped.

  4. Perform the following steps to restart the Databricks Unity Catalog connector application:

    1. Go to SettingsApplications → select the Databricks Unity Catalog connector application.

    2. Edit the application by disabling the Access Management option with toggle button and then Save it.

    3. Open the same application again and then enable the Access Management option with toggle button and then Save it.

Comments