Skip to main content

Privacera Documentation

Configure Databricks SQL PolicySync on PrivaceraCloud

One purpose of connecting Databricks SQL is to limit users access to your entire Databricks data source or portions thereof, such as Delta external tables, views, entire tables, or only certain columns or rows.

Prerequisites

These prerequisites deal only with the most basic connection setup to Databricks SQL.

  1. In Databricks SQL, create a Databricks SQL endpoint for connecting from PrivaceraCloud.

    • The email address of the user defined in the endpoint. This is the value of the Databricks SQL JDBC username in PrivaceraCloud.

    • The Databricks-generated personal access token. This is the value of the Databricks SQL JDBC password for the defined JDBC username in PrivaceraCloud.

      This is a Databricks personal access token. The access token must belong to a Databricks SQL workspace administrator, but it doesn’t matter if it’s a user or service principal. That is, the user or service principal must be a workspace administrator.

    • In Databricks SQL, create the users with proper permissions to access the data you want to manage via Privacera.

    • The Databricks JDBC URL defined for the endpoint.

  2. Make note of or copy the following values for entering into the fields in PrivaceraCloud as detailed in Enable Access Management for MS SQL:

  3. Start by setting the BASIC fields described here and then examine the ADVANCED fields to determine which of these features you might want to enable.

    The fields in PrivaceraCloud are grouped by general function, such as JDBC URL, fields for user, group, and role management, and other functions. They are are categorized as BASIC or ADVANCED:

    • BASIC pertains to the most fundamental aspects of the connection, such as authentication.

    • ADVANCED indicates additional features beyond the BASICs, such as row-filtering or group member handling.

    For more information on the fields and their values, see Databricks SQL fields on PrivaceraCloud.

  4. After connecting and before you can create policies, make sure you have added your users to PrivaceraCloud as described in Connect users to PrivaceraCloud.

Enable Privacera Access Management for Databricks SQL

With the values for the basic fields you noted in Prerequisites, follow these steps to connect the Databricks SQL application to the PrivaceraCloud:

  1. Go to Setting > Applications.

  2. In the Applications screen, select Databricks SQL.

  3. Select the platform type (AWS or Azure) on which you want to configure the Databricks application.

  4. Enter the application Name and Description, and then click Save.

  5. You can see the Access Management and Data Discovery toggle buttons.

  6. Click the toggle button to enable Access Management for Databricks SQL.

    Note

    If you don't see Data Discovery in your application, enable it in Settings > Account > Discovery. For more information, see About the Account page on PrivaceraCloud.

  7. In the BASIC tab, enter values in the fields detailed in Prerequisites.

    • Databricks SQL JDBC url

    • Databricks SQL JDBC username

    • Databricks SQL JDBC password with the Databricks SQL personal access token

    • Databricks SQL default database

    • Databricks SQL workspace URL

  8. For the field Enable policy enforcements and user/group/role management, click Enable. This setting is required.

  9. Click Save.

Create resource policies on PrivaceraCloud

After you have established the basic connection, you can start to create access management policies. For more information, see the following:

Enable Data Discovery for Databricks SQL

Click the toggle button to enable the Data Discovery for your application.

  1. On the BASIC tab, enter values in the following fields.

    • JDBC URL

    • JDBC Username 

    • JDBC Password

  2. On the ADVANCED tab, you can add custom properties.

    You need to configure some advanced properties for the application where all the data to be scanned are stored. For more information, see General process for configuring an application.

  3. Using the IMPORT PROPERTIES button, you can browse and import application properties.

  4. Click the TEST CONNECTION button to check if the connection is successful, and then click Save.

Add Data Source

To add a resources using this connection as Privacera Discovery targets, see Privacera Discovery scan targets.