Skip to main content

Privacera Documentation

Limitations of Redshift Spectrum on PrivaceraCloud

The following are the limitations with Redshift Spectrum:

  • If the USAGE permission is granted to EXTERNAL SCHEMA, the user gains access to all of its tables.

  • Access to any of the external tables cannot be explicitly granted or revoked.

  • The creation of Redshift managed tables (not EXTERNAL TABLES) is not permitted within an "EXTERNAL SCHEMA".

  • The creation of secure views is not permitted within an EXTERNAL SCHEMA.

Privacera has never managed external tables due to the limitations listed above. By default, we manage permissions for external schemas at the schema level.

Support for Row Level Filter and Column Masking on the basis of Secure Views on EXTERNAL SCHEMA is possible, but only with the user's CONSENT, as the user will also have direct access to the EXTERNAL TABLE If they query the table's data, neither the Row Level Filter nor the Column Masking will be applied.

Note

We do not recommend this solution, but if you agree that users will not query the data directly (via external tables), we can enable it by adding the REDSHIFT_ENABLE_EXTERNAL_SCHEMA_SUPPORT property (default behavior is set to false).