Skip to main content

Privacera Documentation

Table of Contents

Propagate Privacera Discovery Tags to Ranger

Privacera Discovery allows you to classify information in files as tags when you scan files in a application. The tags can be used in access policies to configure access control for the application.

Apache Ranger requires the tagged information while applying a policy. This topic describes how you can propagate the tag details from Discovery to Apache Ranger.

This feature is supported for the following applications:

  • Databricks SQL

  • Microsoft SQL Server

  • MySQL

  • Redshift

  • S3

  • Snowflake

  • Google Cloud Storage

General process for configuring an application

You need to configure some advanced properties for the application where all the data to be scanned are stored.

Determine which of the supported applications you want to configure.

For each application:

  1. Enable Access Management and Data Discovery for the application.

  2. For Data Discovery, on the ADVANCED tab, enter the following properties in the Add New Custom Properties text box, where

    • ranger.writer.enable=true

    • cluster_name=privacera

    • service_name=privacera_<name_of_application>

where service_name=privacera_<name_of_application> depends on the application you are configuring:

  • Databricks SQL: service_name=privacera_hive

  • Microsoft SQL Server: service_name=privacera_mssql

  • MySQL: service_name=privacera_hive

  • Redshift: service_name=privacera_redshift

  • S3: service_name=privacera_s3

  • Snowflake: service_name=privacera_snowflake

  • Google Cloud Storage: service_name=privacera_gcs

Validate the configuration

To validate the configuration, you run a scan to create the classification tags and then use curl with the Ranger API to see the results.

To create the tags, perform an offline or online scan. For more information, see "Start a scan" in Privacera Discovery scan targets.

You can use the following Ranger API to retrieve the pushed tagged information:

curl -i -L -k -u <username>:<password> -H "Content-type: application/json" -X GET <hostname-of-ranger>/service/tags/types

where:

Create user

  1. Go to Settings > User Management > and click Add.

  2. Enter the required details. Select role as Admin from the dropdown.

  3. Click Save.

Get Ranger Admin URL

  1. Go to Settings > Api Key and click the API Key info icon. The Api Key Info dialog appears.

  2. For the Ranger Admin URL, click Copy URL. This is the endpoint to connect to Ranger.