Setup for Access Management for Snowflake Connector¶
This section outlines the steps to set up the Snowflake Connector with Policysync Privacera. Please ensure that all prerequisites are completed before starting the setup process.
Perform the following steps to configure Snowflake connector:
-
SSH to the instance where Privacera is installed.
-
Run the following command to navigate to the /config directory.
| Bash | |
|---|---|
- Create a new directory for the Snowflake connector's configuration.
Note
In the example below, instance1 is the name of the connector instance. You can change this name to uniquely identify your installed connector configuration. The connector instance name should consist of only hyphens and alphanumeric characters.
| Bash | |
|---|---|
-
Run the following command to copy the sample vars:
Bash -
Run the following command to open the .yml file to be edited.
Bash -
Modify the following properties:
| Variable | Definition |
|---|---|
| CONNECTOR_SNOWFLAKE_JDBC_URL | Specifies the JDBC url to connect to Snowflake. |
| CONNECTOR_SNOWFLAKE_JDBC_DB | Specifies the Snowflake database name to use for making the JDBC connection. Eg: CUSTOMER_DATABASE |
| CONNECTOR_SNOWFLAKE_JDBC_USERNAME | Specifies the Snowflake username used to authenticate the JDBC connection. Eg: sally_snowflake_user |
| CONNECTOR_SNOWFLAKE_JDBC_PASSWORD | Specifies JDBC password to connect to Snowflake server. |
| CONNECTOR_SNOWFLAKE_WAREHOUSE_TO_USE | Specifies warehouse to be used by Policysync Connector on Snowflake server to execute queries. |
| CONNECTOR_SNOWFLAKE_ROLE_TO_USE | Specifies role to be used by Policysync Connector on Snowflake server to execute queries. |
| CONNECTOR_SNOWFLAKE_MANAGE_WAREHOUSE_LIST | Specifies list of warehouses names which access control should be managed by Policysync Connector. |
| CONNECTOR_SNOWFLAKE_MANAGE_DATABASE_LIST | Specifies list of database names which access control should be managed by Policysync Connector. |
| CONNECTOR_SNOWFLAKE_MANAGE_ENTITIES | Set this property to true to manage users, groups, and roles from Privacera. |
| CONNECTOR_SNOWFLAKE_GRANT_UPDATES | Set this property to true to allow Privacera to perform GRANT and REVOKE operations on the catalog objects. |
- Once the properties are configured, run the following commands to update your Privacera Manager platform instance:
Step 1 - Setup which generates the helm charts. This step usually takes few minutes.
Step 2 - Apply the Privacera Manager helm charts. Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.-
In PrivaceraCloud, go to Settings → Applications.
-
On the Applications screen, select Snowflake.
-
Select the Platform Type. Enter the application Name and Description, then click Save. The name can be any name of your choice, e.g.
AWS Snowflake for account 123456789012. -
Open the Snowflake Application and click Edit to configure it.
-
Enable the Access Management option using the toggle button.
-
Under the BASIC tab, modify the following fields:
Field Name Definition Snowflake JDBC url Specifies the JDBC url to connect to Snowflake. Snowflake JDBC username Specifies the JDBC username to connect to Snowflake server. Snowflake JDBC password Specifies JDBC password to connect to Snowflake server. Snowflake warehouse to use Specifies warehouse to be used by Policysync Connector on Snowflake server to execute queries. Snowflake role to use Specifies role to be used by Policysync Connector on Snowflake server to execute queries. Database name where the masking function for column access control will be created Specifies the database name in which policysync should create custom masking functions.
Mandatory when 'Column access exception' is enabled.Warehouses to set access control policies Specifies list of warehouses names which access control should be managed by Policysync Connector. Databases to set access control policies Specifies list of database names which access control should be managed by Policysync Connector. -
Click on 'Save' to save the configuration.
- Prev topic: Prerequistes
- Next topic: Advanced Configurations