Skip to content

Setup for Access Management for Snowflake Connector

This section outlines the steps to set up the Snowflake Connector with Policysync Privacera. Please ensure that all prerequisites are completed before starting the setup process.

Perform the following steps to configure Snowflake connector:

  • SSH to the instance where Privacera is installed.

  • Run the following command to navigate to the /config directory.

Bash
cd ~/privacera/privacera-manager/config
  • Create a new directory for the Snowflake connector's configuration.

Note

In the example below, instance1 is the name of the connector instance. You can change this name to uniquely identify your installed connector configuration. The connector instance name should consist of only hyphens and alphanumeric characters.

Bash
mkdir -p custom-vars/connectors/snowflake/instance1
  • Run the following command to copy the sample vars:

    Bash
    cp sample-vars/vars.connector.snowflake.yml custom-vars/connectors/snowflake/instance1/
    

  • Run the following command to open the .yml file to be edited.

    Bash
    vi custom-vars/connectors/snowflake/instance1/vars.connector.snowflake.yml
    

  • Modify the following properties:

Variable Definition
CONNECTOR_SNOWFLAKE_JDBC_URL Specifies the JDBC url to connect to Snowflake.
CONNECTOR_SNOWFLAKE_JDBC_DB Specifies the Snowflake database name to use for making the JDBC connection. Eg: CUSTOMER_DATABASE
CONNECTOR_SNOWFLAKE_JDBC_USERNAME Specifies the Snowflake username used to authenticate the JDBC connection. Eg: sally_snowflake_user
CONNECTOR_SNOWFLAKE_JDBC_PASSWORD Specifies JDBC password to connect to Snowflake server.
CONNECTOR_SNOWFLAKE_WAREHOUSE_TO_USE Specifies warehouse to be used by Policysync Connector on Snowflake server to execute queries.
CONNECTOR_SNOWFLAKE_ROLE_TO_USE Specifies role to be used by Policysync Connector on Snowflake server to execute queries.
CONNECTOR_SNOWFLAKE_MANAGE_WAREHOUSE_LIST Specifies list of warehouses names which access control should be managed by Policysync Connector.
CONNECTOR_SNOWFLAKE_MANAGE_DATABASE_LIST Specifies list of database names which access control should be managed by Policysync Connector.
CONNECTOR_SNOWFLAKE_MANAGE_ENTITIES Set this property to true to manage users, groups, and roles from Privacera.
CONNECTOR_SNOWFLAKE_GRANT_UPDATES Set this property to true to allow Privacera to perform GRANT and REVOKE operations on the catalog objects.
  • Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

Bash
cd ~/privacera/privacera-manager
./privacera-manager.sh setup
Step 2 - Apply the Privacera Manager helm charts.
Bash
cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

Bash
cd ~/privacera/privacera-manager
./privacera-manager.sh post-install
  1. In PrivaceraCloud, go to SettingsApplications.

  2. On the Applications screen, select Snowflake.

  3. Select the Platform Type. Enter the application Name and Description, then click Save. The name can be any name of your choice, e.g. AWS Snowflake for account 123456789012.

  4. Open the Snowflake Application and click Edit to configure it.

  5. Enable the Access Management option using the toggle button.

  6. Under the BASIC tab, modify the following fields:

    Field Name Definition
    Snowflake JDBC url Specifies the JDBC url to connect to Snowflake.
    Snowflake JDBC username Specifies the JDBC username to connect to Snowflake server.
    Snowflake JDBC password Specifies JDBC password to connect to Snowflake server.
    Snowflake warehouse to use Specifies warehouse to be used by Policysync Connector on Snowflake server to execute queries.
    Snowflake role to use Specifies role to be used by Policysync Connector on Snowflake server to execute queries.
    Database name where the masking function for column access control will be created Specifies the database name in which policysync should create custom masking functions.
    Mandatory when 'Column access exception' is enabled.
    Warehouses to set access control policies Specifies list of warehouses names which access control should be managed by Policysync Connector.
    Databases to set access control policies Specifies list of database names which access control should be managed by Policysync Connector.
  7. Click on 'Save' to save the configuration.

Comments