Skip to main content

Privacera Documentation

AWS Lake Formation Connector Properties

The properties described in this topic are necessary for setting up AWS Lake Formation with PrivaceraCloud and Platform.

Table 47. AWS Account Configuration

PrivaceraCloud property field name

PM connector property name

Mandatory (to set by user)

Property variable name

PrivaceraCloud property type

Property mode

AWS Account ID

CONNECTOR_LAKEFORMATION_AWS_ACCOUNT_ID

TRUE

aws.account.id

BASIC

Common

AWS Assume IAM Role ARN

CONNECTOR_LAKEFORMATION_AWS_ACCOUNT_ID

TRUE

aws.assume.iam.role.arn

BASIC

Common

AWS Assume IAM Role External ID

CONNECTOR_LAKEFORMATION_AWS_ASSUME_IAM_ROLE_EXTERNAL_ID

FALSE

aws.assume.iam.role.external.id

BASIC

Common

AWS Access Key

CONNECTOR_LAKEFORMATION_AWS_ACCESS_KEY

FALSE

aws.access.key

CUSTOM

Common

AWS Secret Key

CONNECTOR_LAKEFORMATION_AWS_SECRET_KEY

FALSE

aws.secret.key

CUSTOM

Common

AWS Session Token

CONNECTOR_LAKEFORMATION_AWS_SESSION_TOKEN

FALSE

aws.session.token

CUSTOM

Common

AWS Region

CONNECTOR_LAKEFORMATION_AWS_REGION

TRUE

aws.region

BASIC

Common

SAML Provider ARN

CONNECTOR_LAKEFORMATION_SAML_PROVIDER_ARN

TRUE

saml.provider.arn

BASIC

Common



Table 48. Load keys and intervals

PrivaceraCloud property field name

PM connector property name

Default value

Mandatory

Property variable name

PrivaceraCloud property type

Property mode

Enable Resources Sync

CONNECTOR_LAKEFORMATION_RESOURCE_SYNC_ENABLE

TRUE

FALSE

sync.resource.enable

CUSTOM

Common

Enable policy synchronization periodically from AWS Lake Formation

N/A

FALSE

FALSE

sync.servicepolicy.enable

BASIC

Push mode

Resource sync interval time in seconds

CONNECTOR_LAKEFORMATION_RESOURCE_SYNC_INTERVAL

60

FALSE

sync.interval.sec

CUSTOM

Common

Enable Tags Sync

CONNECTOR_LAKEFORMATION_SYNC_TAGDEF_ENABLE

TRUE

FALSE

sync.tagdef.enable

ADVANCED

Pull mode

Enable Tag Resource mapping Sync

CONNECTOR_LAKEFORMATION_SYNC_RESOURCE_TAG_ENABLE

TRUE

FALSE

sync.resourcetag.enable

ADVANCED

Pull mode

Enable Resource Permissions Sync

CONNECTOR_LAKEFORMATION_SYNC_RESOURCE_POLICY_ENABLE

TRUE

FALSE

sync.resourcepolicy.enable

ADVANCED

Common

Enable Tag Permissions Sync

CONNECTOR_LAKEFORMATION_SYNC_TAG_POLICY_ENABLE

TRUE

FALSE

sync.tagpolicy.enable

ADVANCED

Pull mode

Enable AWS IAM Roles Sync

CONNECTOR_LAKEFORMATION_SYNC_IAM_ROLE_ENABLE

TRUE

FALSE

sync.iam.role.enable

ADVANCED

Pull mode

Enable Reconcile Resource Policies from Ranger

CONNECTOR_LAKEFORMATION_RECONCILE_RESOURCE_POLICY_ENABLE

TRUE

FALSE

reconcile.resourcepolicy.enable

ADVANCED

Common

Enable Reconcile Tag Policies from Ranger

CONNECTOR_LAKEFORMATION_RECONCILE_TAG_POLICY_ENABLE

TRUE

FALSE

reconcile.tagpolicy.enable

ADVANCED

Pull mode

Enable Reconcile Tag Resource mapping from Ranger

CONNECTOR_LAKEFORMATION_RECONCILE_RESOURCETAGS_ENABLE

TRUE

FALSE

reconcile.resourcetags.enable

ADVANCED

Pull mode

Tagdef sync interval time in seconds

CONNECTOR_LAKEFORMATION_TAGDEF_SYNC_INTERVAL

60

FALSE

tagdef.interval.sec

CUSTOM

Pull mode

Tag Resource mapping sync interval time in seconds

CONNECTOR_LAKEFORMATION_RESOURCE_TAG_SYNC_INTERVAL

60

FALSE

resourcetag.interval.sec

CUSTOM

Pull mode

Resource Permissions sync interval time in seconds

CONNECTOR_LAKEFORMATION_RESOURCE_POLICY_SYNC_INTERVAL

60

FALSE

resourcepolicy.interval.sec

CUSTOM

Common

Tag Permissions sync interval time in seconds

CONNECTOR_LAKEFORMATION_TAG_POLICY_SYNC_INTERVAL

60

FALSE

tagpolicy.interval.sec

CUSTOM

Pull mode

AWS IAM Role sync interval time in seconds

CONNECTOR_LAKEFORMATION_IAM_ROLE_SYNC_INTERVAL

60

FALSE

iam.role.interval.sec

CUSTOM

Pull mode

Reconcile Resource Policies interval time in seconds

CONNECTOR_LAKEFORMATION_RECONCILE_RESOURCE_POLICY_INTERVAL

600

FALSE

reconcile.resourcepolicy.interval.sec

CUSTOM

Common

Reconcile Tag Policies interval time in seconds

CONNECTOR_LAKEFORMATION_RECONCILE_TAG_POLICY_INTERVAL

600

FALSE

reconcile.tagpolicy.interval.sec

CUSTOM

Pull mode

Reconcile Tag Resource mapping interval time in seconds

CONNECTOR_LAKEFORMATION_RECONCILE_RESOURCETAGS_INTERVAL

600

FALSE

reconcile.tagpolicy.interval.sec

CUSTOM

Pull mode



Table 49. Resource Management

PrivaceraCloud property field name

PM Connector property name

Description

Mandatory

PrivaceraCloud property type

Property mode

Catalogs to set access control policies

CONNECTOR_LAKEFORMATION_MANAGE_CATALOG_LIST

Specifies a comma-separated list of AWS Catalogs for which PolicySync manages access control. If unset, access control is managed for all catalogs. If specified, use the following format. You can use wildcards. Names are case-sensitive.

Example list of catalogs: 123456789XXX, 987654321XXX, 1234*

If specified, Catalogs to ignore while setting access control policies takes precedence over this setting.

FALSE

BASIC

Common

Data Locations to set access control policies

CONNECTOR_LAKEFORMATION_MANAGE_DATA_LOCATION_LIST

Specifies a comma-separated list of Data locations for which PolicySync manages access control. If unset, access control is managed for all data locations. If specified, use the following format. You can use wildcards. Names are case-sensitive.

Example list of data locations: 123456789XXX.us-east-1.demo-s3-bucket/test_data*

If specified, Data locations to ignore while setting access control policies takes precedence over this setting.

FALSE

ADVANCED

Common

Databases to set access control policies

CONNECTOR_LAKEFORMATION_MANAGE_DATABASE_LIST

Specifies a comma-separated list of database names for which PolicySync manages access control. If unset, access control is managed for all databases. If specified, use the following format. You can use wildcards. Names are case-sensitive.

Syntax: <CATALOG_ID>.<REGION>.<DATABASE>

Example list of databases: 123456789XXX.us-east-1.testdb1, 123456789XXX.us-east-1.testdb2, 123456789XXX.us-east-1.sales_db*

If specified, Databases to ignore while setting access control policies takes precedence over this setting.

FALSE

CUSTOM

Common

Database Resource Links to set access control policies

CONNECTOR_LAKEFORMATION_MANAGE_DATABASE_RESOURCE_LINK_LIST

Specifies a comma-separated list of database resource links for which PolicySync manages access control. If unset, access control is managed for all database resource links. If specified, use the following format. You can use wildcards. Names are case-sensitive.

Syntax: <CATALOG_ID>.<REGION>.<DATABASE_RESOURCE_LINK>

Example list of database resource links: 123456789XXX.us-east-1.testdb1, 123456789XXX.us-east-1.testdb2, 123456789XXX.us-east-1.sales_db*

If specified, Databases resource links to ignore while setting access control policies takes precedence over this setting.

FALSE

ADVANCED

Common

Tables to set access control policies

CONNECTOR_LAKEFORMATION_MANAGE_TABLE_LIST

Specifies a comma-separated list of table names for which PolicySync manages access control. If unset, access control is managed for all tables. If specified, use the following format. You can use wildcards. Names are case-sensitive.

Syntax: <CATALOG_ID>.<REGION>.<DATABASE>.<TABLE>

Example list of tables: 123456789XXX.us-east-1.testdb1.test_table1, 123456789XXX.us-east-1.testdb2.test_table2, 123456789XXX.us-east-1.sales_db.sales_data*

If specified, tables to ignore while setting access control policies takes precedence over this setting.

FALSE

CUSTOM

Common

Table Resource Links to set access control policies

CONNECTOR_LAKEFORMATION_MANAGE_TABLE_RESOURCE_LINK_LIST

Specifies a comma-separated list of table resource links for which PolicySync manages access control. If unset, access control is managed for all table resource links. If specified, use the following format. You can use wildcards. Names are case-sensitive.

Syntax: <CATALOG_ID>.<REGION>.<DATABASE>.<TABLE_RESOURCE_LINK>

Example list of table resource links: 123456789XXX.us-east-1.testdb1.test_table1, 123456789XXX.us-east-1.testdb2.test_table2, 123456789XXX.us-east-1.sales_db.sales_data*

If specified, Table resource links to ignore while setting access control policies takes precedence over this setting.

FALSE

CUSTOM

Common

Tags to set access control policies

CONNECTOR_LAKEFORMATION_MANAGE_TAG_LIST

Specifies a comma-separated list of tags for which PolicySync manages access control. If unset, access control is managed for all tags. If specified, use the following format. You can use wildcards. Names are case-sensitive.

Syntax:<CATALOG_ID>.<REGION>.<TAG>

Example list of tags: 123456789XXX.us-east-1.test_tag1, 123456789XXX.us-east-1.test_tag2, 123456789XXX.us-east-1.sales_db_tag*

If specified, tags to ignore while setting access control policies takes precedence over this setting.

FALSE

CUSTOM

Push mode

Catalogs to ignore for access control policies

CONNECTOR_LAKEFORMATION_IGNORE_CATALOG_LIST

Specifies a comma-separated list of AWS catalog ids that PolicySync does not provide access control for. You can specify wildcards. Names are case-sensitive. If not specified, all catalogs from manage catalog list are subject to access control.

Example: 123456789XXX, 987654321XXX, 1234*

This setting supersedes any values specified by manage catalog list to set access control policies.

FALSE

ADVANCED

Common

Data Locations to ignore for access control policies

CONNECTOR_LAKEFORMATION_IGNORE_DATA_LOCATION_LIST

Specifies a comma-separated list of data locations that PolicySync does not provide access control for. You can specify wildcards. Names are case-sensitive. If not specified, all data locations specified in manage data locations list are subject to access control.

Example: 123456789XXX.us-east-1.demo-s3-bucket/test_data*.

This setting supersedes any values specified by manage data location list to set access control policies.

FALSE

ADVANCED

Common

Databases to ignore for access control policies

CONNECTOR_LAKEFORMATION_IGNORE_DATABASE_LIST

Specifies a comma-separated list of database names that PolicySync does not provide access control for. You can specify wildcards. Names are case-sensitive. If not specified, all manage database list are subject to access control.

Syntax: <CATALOG_ID>.<REGION>.<DATABASE>

Example: 123456789XXX.us-east-1.testdb1, 123456789XXX.us-east-1.testdb2, 123456789XXX.us-east-1.sales_db*

This setting supersedes any values specified by manage database list to set access control policies.

FALSE

CUSTOM

Common

Database Resource Links to ignore for access control policies

CONNECTOR_LAKEFORMATION_IGNORE_DATABASE_RESOURCE_LINK_LIST

Specifies a comma-separated list of database resource links that PolicySync does not provide access control for. You can specify wildcards. Names are case-sensitive. If not specified, all from manage database resource link list are subject to access control.

Example: 123456789XXX.us-east-1.testdb1, 123456789XXX.us-east-1.testdb2, 123456789XXX.us-east-1.sales_db*

This setting supersedes any values specified by manage database resource link list to set access control policies.

FALSE

ADVANCED

Common

Tables to ignore for access control policies

CONNECTOR_LAKEFORMATION_IGNORE_TABLE_LIST

Specifies a comma-separated list of table names that PolicySync does not provide access control for. You can specify wildcards. Names are case-sensitive. If not specified, all tables are subject to access control.

Syntax: <CATALOG_ID>.<REGION>.<DATABASE>.<TABLE>

Example: 123456789XXX.us-east-1.testdb1.test_table1, 123456789XXX.us-east-1.testdb2.test_table2, 123456789XXX.us-east-1.sales_db.sales_data*.

This setting supersedes any values specified by Tables to set access control policies.

FALSE

CUSTOM

Common

Tables resource links to ignore for access control policies

CONNECTOR_LAKEFORMATION_IGNORE_TABLE_RESOURCE_LINK_LIST

Specifies a comma-separated list of table resource links that PolicySync does not provide access control for. You can specify wildcards. Names are case-sensitive. If not specified, all table resource links are subject to access control.

Example: 123456789XXX.us-east-1.testdb1.test_table1, 123456789XXX.us-east-1.testdb2.test_table2, 123456789XXX.us-east-1.sales_db.sales_data*

This setting supersedes any values specified by Table resource links to set access control policies.

FALSE

CUSTOM

Common

Tags to ignore for access control policies

CONNECTOR_LAKEFORMATION_IGNORE_TAG_LIST

Specifies a comma-separated list of tag names that PolicySync does not provide access control for. You can specify wildcards. Names are case-sensitive. If not specified, all tags are subject to access control.

Syntax: <CATALOG_ID>.<REGION>.<AG>

Example: 123456789XXX.us-east-1.test_tag1, 123456789XXX.us-east-1.test_tag2, 123456789XXX.us-east-1.sales_db_tag*

This setting supersedes any values specified by Tags to set access control policies.

FALSE

CUSTOM

Push mode

Database names to set access control policies

CONNECTOR_LAKEFORMATION_LF_MANAGE_DATABASE_LIST

Specifies a comma-separated list of database names for which PolicySync manages access control across the specified regions. If unset, access control is managed for all databases. If specified, use the following format. You can use wildcards. Names are case-sensitive.

Example list of databases: testdb1, testdb2, sales_db*

If specified, Databases to ignore while setting access control policies takes precedence over this setting.

FALSE

BASIC

Common

Database names to ignore for access control policies

CONNECTOR_LAKEFORMATION_LF_IGNORE_DATABASE_LIST

Specifies a comma-separated list of database names that PolicySync does not provide access control across specified regions. You can specify wildcards. Names are case-sensitive. If not specified, all manage database list are subject to access control.

Example list of databases: testdb1, testdb2, sales_db*

This setting supersedes any values specified by manage database list to set access control policies.

FALSE

ADVANCED

Common



Table 50. User/Group Management

PrivaceraCloud property field name

PM Connector property name

Description

Mandatory

PrivaceraCloud property type

Property mode

Manage users from portal

CONNECTOR_LAKEFORMATION_MANAGE_SERVICE_USER

Set to true for PolicySync to handle AWS Lake Formation roles create/update/delete based on portal roles create/update/delete.

FALSE

CUSTOM

Common

Manage groups from portal

CONNECTOR_LAKEFORMATION_MANAGE_SERVICE_GROUP

Set to true for PolicySync to handle AWS Lake Formation role members create/update/delete based on portal role members create/update/delete.

FALSE

CUSTOM

Common

Manage group members from portal

CONNECTOR_LAKEFORMATION_MANAGE_SERVICE_GROUP_MEMBERS

Specifies a comma-separated list of user names for which PolicySync manages access control. You can use wildcards. Names are case-sensitive.

Example user list: user1,user2,dev_user*

If not specified, PolicySync manages access control for all users. If specified, Users to be ignored by access control policies takes precedence over this setting.

FALSE

CUSTOM

Common

Manage roles from portal

CONNECTOR_LAKEFORMATION_MANAGE_SERVICE_ROLE

Specifies a comma-separated list of group names for which PolicySync manages access control. You can use wildcards. Names are case-sensitive.

Example group list: group1, group2, dev_group*

If not specified, PolicySync manages access control for all groups. If specified, Groups to be ignored by access control policies takes precedence over this setting.

FALSE

CUSTOM

Common

Manage role members from portal

CONNECTOR_LAKEFORMATION_MANAGE_SERVICE_ROLE_MEMBERS

Specifies a comma-separated list of role names for which PolicySync manages access control. You can use wildcards. Names are case-sensitive.

Example role list: role1, role2, dev_role*

If not specified, PolicySync manages access control for all roles. If specified, Roles to be ignored by access control policies takes precedence over this setting.

FALSE

CUSTOM

Common

Users to set access control policies

CONNECTOR_LAKEFORMATION_MANAGE_USER_LIST

Specifies a comma-separated list of user names of which PolicySync does not provide access control. You can specify wildcards. Names are case-sensitive. If not specified, all from manage user list are subject to access control.

An example user list: user1,user2,dev_user*

This setting supersedes any values specified by Users to set access control policies.

FALSE

ADVANCED

Common

Groups to set access control policies

CONNECTOR_LAKEFORMATION_MANAGE_GROUP_LIST

Specifies a comma-separated list of group names of which PolicySync does not provide access control. You can specify wildcards. Names are case-sensitive. If not specified, all from manage group list are subject to access control.

Example group list: group1, group2, dev_group*

This setting supersedes any values specified by Groups to set access control policies.

FALSE

ADVANCED

Common

Roles to set access control policies

CONNECTOR_LAKEFORMATION_MANAGE_ROLE_LIST

Specifies a comma-separated list of role names of which PolicySync does not provide access control. You can specify wildcards. Names are case-sensitive. If not specified, all from manage role list are subject to access control.

Example role list: role1, role2, dev_role*

This setting supersedes any values specified by Roles to set access control policies.

FALSE

ADVANCED

Common

Users to be ignored by access control policies

CONNECTOR_LAKEFORMATION_IGNORE_USER_LIST

Specifies a comma-separated list of user names of which PolicySync does not provide access control. You can specify wildcards. Names are case-sensitive. If not specified, all from manage user list are subject to access control.

Example user list might resemble the following: user1,user2,dev_user*

This setting supersedes any values specified by Users to set access control policies.

FALSE

ADVANCED

Common

Groups to be ignored by access control policies

CONNECTOR_LAKEFORMATION_IGNORE_GROUP_LIST

Specifies a comma-separated list of group names of which PolicySync does not provide access control. You can specify wildcards. Names are case-sensitive. If not specified, all from manage group list are subject to access control.

An example group list: group1, group2, dev_group*

This setting supersedes any values specified by Groups to set access control policies.

FALSE

ADVANCED

Common

Roles to be ignored by access control policies

CONNECTOR_LAKEFORMATION_IGNORE_ROLE_LIST

Specifies a comma-separated list of role names of which PolicySync does not provide access control. You can specify wildcards. Names are case-sensitive. If not specified, all from manage role list are subject to access control.

An example role list: role1, role2, dev_role*

This setting supersedes any values specified by Roles to set access control policies.

FALSE

ADVANCED

Common

Use AWS Lake Formation native public group for public group access policies

CONNECTOR_LAKEFORMATION_USE_NATIVE_PUBLIC_GROUP

Set this property to true if you want PolicySync to use AWS Lake Formation's native public group for access grants whenever there is a policy created referring to the public group inside it. The native public group of the AWS Lake Formation has <aws-account-id>:IAMPrincipals as ARN.

FALSE

ADVANCED

Common



Table 51. Access control management

PrivaceraCloud property field name

PM Connector property name

Description

PM Default value

Mandatory

PrivaceraCloud property type

Property mode

Enforce lakeformation native row filter

CONNECTOR_LAKEFORMATION_ENABLE_ROW_FILTER

Specifies whether to use secure view based row filtering. The default value is true.

TRUE

FALSE

ADVANCED

Common

Enable policy enforcements and user/group/role management

CONNECTOR_LAKEFORMATION_ENABLE_GRANT_UPDATES

Specifies whether PolicySync performs grants and revokes for access control and creates, updates, and deletes api calls for users, groups, and roles. The default value is false.

FALSE

FALSE

BASIC

Push mode



Table 52. Access audits management

PrivaceraCloud property field name

PM Connector property

Description

Mandatory

PrivaceraCloud property type

Property mode

Enable access audits

CONNECTOR_LAKEFORMATION_ENABLE_ACCESS_AUDITS

Specifies whether Privacera should retrieve access audit data from the AWS Lake Formation.

Default value is false.

FALSE

BASIC

Common

Users to exclude when fetching access audits

CONNECTOR_LAKEFORMATION_AUDIT_EXCLUDED_USERS

Specifies a list of list of users to exclude when fetching access audits.

FALSE

ADVANCED

Common

Access Types to exclude when fetching access audits

CONNECTOR_LAKEFORMATION_AUDIT_EXCLUDED_ACCESS_TYPES

Specifies a list of list of access types to exclude when fetching access audits.

Example: StartQueryExecution, GetTable,DeleteTable, CreateTable, CreateDatabase

FALSE

CUSTOM

Common

AWS Athena region for JDBC connection to audit logs database

CONNECTOR_LAKEFORMATION_AWS_ATHENA_REGION

Specifies AWS Athena region to create JDBC connection for AWS Lake formation audit logs database.

If not specified, it will default to use the first region from AWS Regions property.

FALSE

CUSTOM

Common

AWS Athena endpoint for JDBC connection to audit logs database

CONNECTOR_LAKEFORMATION_AWS_ATHENA_ENDPOINT

Specifies AWS Athena endpoint to create JDBC connection for AWS Lake Formation audit logs database.

If not specified, by default it will create endpoint with specified/default region from region property .

Example: athena.region.amazonaws.com:443

FALSE

CUSTOM

Common

AWS Athena workgroup for JDBC connection to audit logs database

CONNECTOR_LAKEFORMATION_AWS_ATHENA_WORKGROUP

Specifies AWS Athena workgroup to create JDBC connection for AWS Lake Formation audit logs database.

FALSE

CUSTOM

Common

AWS Lake Formation audit logs database

CONNECTOR_LAKEFORMATION_AUDIT_DB_NAME

Specifies AWS audit database to store AWS Lake Formation audit logs

FALSE

BASIC

Common

AWS Lake Formation audit logs table name

CONNECTOR_LAKEFORMATION_AUDIT_TABLE_NAME

Specifies AWS audit table to store AWS Lake Formation audit logs

FALSE

BASIC

Common

S3 output location for access audit logs query results

CONNECTOR_LAKEFORMATION_AUDIT_ATHENA_S3_OUTPUT_LOCATION

Specifies S3 location to store the access audit logs query results.

Example: s3://privacera-dev-XXX/<LF_audit_logs_folder>/athena_query_results/

FALSE

BASIC

Common



Table 53. Reverse sink properties

PrivaceraCloud property field name

PM Connector property name

Description

PM Default value

Mandatory

PrivaceraCloud property type

Property mode

Enable push policies to ranger (Only needed for push mode)

CONNECTOR_LAKEFORMATION_ENABLE_PUSH_POLICIES_TO_RANGER

Enable this to push the policies defined in AWS Lake Formation to other policy repositories.

FALSE

FALSE

ADVANCED

Push mode

AWS Lake Formation permissions sink type

CONNECTOR_LAKEFORMATION_PERMISSION_SINK_TYPE

Specifies AWS Lake Formation permissions sink type.

reverse_sink - all policies from AWS Lake Formation will be loaded into Ranger within configured services(Lake formation, Hive or Unity Catalog).

sink - policies from Privacera Ranger service will be applied into AWS Lake Formation.

sink

TRUE

BASIC

Common

AWS Lake Formation sink max index

CONNECTOR_LAKEFORMATION_SINK_MAX_INDEX

Specifies AWS Lake Formation sink max index is the number of max services. Can be configured for reverse sink

10

FALSE

CUSTOM

Common

Push AWS Lake Formation permissions to Hive

CONNECTOR_LAKEFORMATION_SINK_HIVE_ENABLED

Specifies whether to enable policy sink to Hive service.

FALSE

FALSE

ADVANCED

Common

Policy repository name for Hive service

CONNECTOR_LAKEFORMATION_SINK_HIVE_SERVICE_APP_ID

Specifies the policy repository name for Hive service.

privacera_hive

TRUE

ADVANCED

Common

Push Lake formation permissions to AWS Lake Formation policy repository

CONNECTOR_LAKEFORMATION_SINK_LAKEFORMATION_ENABLED

Enable this to push AWS Lake formation created policies, tags to lake formation in Privacera Ranger

TRUE

FALSE

ADVANCED

Pull mode

Policy repository name for AWS Lake Formation service

CONNECTOR_LAKEFORMATION_SINK_LAKEFORMATION_SERVICE_APP_ID

Specify the policy repository name for AWS Lake Formation service.

privacera_lakeformation

FALSE

ADVANCED

Pull mode

Policy repository name for tag service

CONNECTOR_LAKEFORMATION_SINK_TAG_SERVICE_APP_ID

Specify the policy repository name for tag service.

privacera_tag

FALSE

ADVANCED

Pull mode

Enable read-only policy creation

CONNECTOR_LAKEFORMATION_ENABLE_CREATE_READONLY_POLICIES

Specifies whether policies created by PolicySync are editable or read-only.

FALSE

FALSE

ADVANCED

Common