Skip to main content

Privacera Documentation

Connect applications

A basic purpose of Privacera to meet your business need is to protect your data from undesirable access by users. You accomplish this goal by writing access management policies.

To manage access to your data, you need to allow Privacera to distribute your policies to your third-party applications. This distribution of policies requires that you connect your applications to Privacera and configure them to give Privacera sufficient permission to manage the policies that you write.

You can connect applications to Privacera using the following methods:

  • PolicySync

  • Plugins

  • Data Access Server

Which mechanism you use to connect depends on the application and your own business and security requirements.

PolicySync

PolicySync synchronizes your policies by directly distributing them to the target applications.

To implement PolicySync, you configure property files on Privacera and set their configuration to poiint to the application and the authentication needed for Privacera to connect and send your policies.

Relationships: policy repository, connector, and datasource

The mechanics of PolicySync involve a Privacera connector with its Privacera policy repository to distribute your defined policies from that repository to a third-party datasource:

  • An internal-to-Privacera policy repository stores the access management policies you create via the Privacera UI at Access Management > Resource Policies. These are the policies distributed by the connector to the datasource.

  • An internal-to-Privacera instance of a connector to that third-party system is configured by YAML files on Privacera Platform that contain properties or fields in PrivaceraCloud. Properties and fields are name/value pairs to set various features or characteristics of the connector and third-party system.

  • An external-to-Privacera instance of a third-party application's database or file or other object is called a datasource. This is your application.

PolicySync syncs Apache Ranger access policies at three second intervals by default, and this interval is configurable per PolicySync connector. In addition to the sync interval, PolicySync reconciles any access policy changes with the datasource, and this requires additional time that varies with the complexity of the reconciliation required, such as adding and removing grants.

Plugins

A Privacera plugin is a small piece of Privacera software that you embed directly on your third-party system. The underlying mechanism of a plugin for policy enforcement is Apache Ranger.

The plugins enforce authorization using resource and tag-based policies and centralized auditing.

Privacera inserts itself into the authentication control flow using a plug-in module. Authentication for data access requests are directed to the Privacera system plug-in component by the repository system itself.

Data Access Server

In this model, all data goes through Privacera’s Data Access Server, which enforces data authorization using resource and tag-based policies and centralized auditing based on Ranger Plugins.

The Data Access Server integration method redirects data access requests to a Privacera data authentication broker inserted into the control and data flow.