Skip to main content

Privacera Documentation

Table of Contents

Policy configuration settings

Policies contain access rules associated with a particular data source or a subset of it. Specific policy attributes differ depending on the policy type, but all policies contain the following attributes:

  • Policy Type: The basis for controlling access. For example, a policy can be based on the resource, on a tag, or on a scheme.

  • Policy Name: Policies are assigned a name, either by the system or when created by a portal user. Default, system-created policies can be renamed. The policy name should be unique and can not be duplicated across the system.

  • Normal/Override: This option allows you to select policy type whether it is a 'Normal' or 'Override' policy. If you select 'Override', access permissions in the policy override the access permissions in existing policies.

  • Enable/Disable: By default, the policy is enabled. If the policy is not required, you can disable it by switching to 'Disabled' mode.

  • Policy Id: Each policy is assigned a numeric identifier. These IDs are incremented and unique within each account. Policy identifiers are referenced in the audit trail event messages, so that action taken and recorded to the audit trail is associated with a specific policy.

  • Policy Label: A descriptive label that helps users find this policy when searching for policies and filtering policy lists.

  • Resource Specifier: These will be different for each type of resource, and the set of specifiers will change depending on the top down choices.

    The autocomplete feature is available only if you have defined PolicySync connectors for the following services:

    • Postgres

    • Redshift

    • MSSQL

    • Snowflake

    • Databricks SQL

  • Validity Period: A policy can be defined to be effective only for a period of time. Start and End date/times (defined to the minute), with a selectable Time zone.

  • Description: This field required description of policy which can be used to identify among others policies.

  • Audit Logging: Enable/disable Audit Logging. Toggle to 'No', if this policy doesn't need to be audited. By default, it is selected as 'Yes'.

  • Condition Sets: The rules that allow or deny access to a resource. Available permissions are specific to the type of service. There are four access conditions:

    • Allow Conditions

    • Exclude from Allow Conditions

    • Deny Conditions

    • Exclude from Deny Conditions

At least one rule must be defined. One or more default 'all...' policies are automatically created for any default created services (those named as "privacera_<service_type>"). Policy names reflect the type of service.