Configure External Location Access Check¶
External Location Access Policy Evaluation Order for Catalogs¶
Note
This Feature is enabled by default.
External Location access control for different catalog types follows a defined evaluation order across the configured Privacera policy repositories. Based on the catalog type (e.g., Hive or others), the plugin checks each repository in sequence, granting access based on the first applicable policy.
| Catalog | Access Check Order | Notes |
|---|---|---|
| Hive |
| The plugin first checks the privacera_s3 repository. If unavailable or no S3 policy allows access, it falls back to privacera_files. If access is still not granted, it finally checks privacera_hive. |
| Other Catalogs |
| The plugin first attempts to use privacera_s3. If unavailable or no S3 policy permits access, it checks privacera_files.Note: The privacera_hive repository is not applicable to non-Hive catalogs. |
Disable External Location Access Check¶
Disabling external location access check is not recommended
Disabling external location access check is not recommended. It may lead to security vulnerabilities.
-
SSH to the instance where Privacera is installed.
-
Run the following command to navigate to the
/configdirectory.Bash -
Run the following command to open the
.ymlfile to be edited.Bash -
Update the following property
YAML -
Once the property is configured, update your Privacera Manager platform instance by following the commands.
-
Now rebuild the image and redeploy the application.
- for Open Source Trino: click here
- for Starburst Trino: click here
Follow below steps to disable s3 location access check with privacera-trino plugin on PrivaceraCloud.
-
Navigate to the
privacera-trino-plugindirectory, which contains all the Trino plugin deployment related files. -
Update the following property in the
values.yamlfile -
Once the property is configured, proceed with redeploying the Helm chart.
- Prev topic: Advanced Configuration