Skip to main content

Privacera Documentation

AWS Lake Formation FAQs for Pull mode

Does the Privacera Lake Formation pull mode integration work with the following solutions?

  • Unity Catalog- No, this solution has not yet been tested.

  • EMR Spark plugin- Yes.

  • Databricks Spark plugin- Yes.

  • Databricks SQL- No, this solution has not yet been tested.

What are the prerequisites for setup?

Are Tag Policies supported?

  • Yes, the tag policies are supported. Tags and Tag policies created in AWS Lake Formation will be pulled into Privacera in pull mode, and while pushing the same policies into the Hive repo, it transforms them into an access policy.

Can AWS Lake Formation policies be modified?

  • No, you can't modify policies through the Privacera Portal UI. The AWS Lake Formation will always be the source of truth, and those policies are imported into Ranger.

Can an audit log be enabled?

Is S3 data location supported?

  • Yes.

Is Row Level Filtering supported?

  • Yes.

Is Column Masking supported?

  • No, column masking is not supported by the AWS Lake Formation.

Are “Include/exclude column policies” supported?

  • Yes.

Are database resource link/table resource link supported?

  • Yes.

What Privacera features are supported in the AWS Lake Formation pull mode?

  • See the supported feature matrix in the table below.

    Tip

    Table abbreviations:

    GA: General Availability

    NA: Not Applicable

    NS: Not Supported

    MP: Mission Possible

Table 8. Privacera Features support Matrix for pull mode

Feature

Availability

Database Access Control

Catalog Level

GA

Database Level

GA

Table Level

GA

View Level

NA

Native Column Level

GA

Other objects

Data locations

GA

Database Resource links

GA

Table Resource links

GA

Cross account Resource links

GA

Tag

GA

Row Filter

Native Row Filter on Table

GA

Native Row Filter on View

NA

Masking

Native Masking on Table

NA

Native Masking on View

NA

Tag Based Access Control

Allow Condition

GA

Tag Based Masking

Allow Condition

NA

Attribute Based Access Control (ABAC)

Allow Condition

NS

Audits

Access Audits

GA

Principals

IAM Users

GA

IAM Role

GA

SAML Users

GA

SAML Groups

GA

External Accounts

GA

Native Public Group

GA

Extended Privacera Plugin Support

Hive Plugin

GA

Spark Plugin

GA

Databricks SQL Analytics with Glue Metastore

GA