Skip to main content

Privacera Documentation

Table of Contents

Service/service group global actions on the Resource Policies page

On the Resource Policies page, you can filter the view and import/export policies.

Add a new resource-based service. Service types have some common attributes as well as attributes specific to that service type.

Export services in JSON-formatted policy sets.

Import a previously exported policy set.

View policy details

Click a service to open to the Policy definition and management page. Each policy definition row shows key attributes:

  • Policy ID: Each policy is assigned a numeric identifier. These ids are monotonically incremented and unique within each PrivaceraCloud account.Policy identifiers are referenced in the audit trail event messages, so that action taken and recorded to the audit trail is associated with a specific policy.

  • Policy Name: Policies are assigned a name, either by the system or by a user. System-created policy names can be changed.

  • Validity Period: A policy can be defined to be effective only for a period of time. Start and End date/times may be defined (to the minute) with a selectable Time Zone. Use the Add Validity Period button in the upper right to set a validity period for this policy.

  • Policy Label: Policies may be assigned a new or existing label. Labels assist in filtering and with search reports.

  • Resource Specifier: Underneath the Policy Label field are the Resource specifiers. These will be different for each type of resource, and the set of specifiers will change depending on the top down choices. For example, by default a Hive resource will display fields for 'database', 'table', and 'column'.

    The Autocomplete feature is available to add your resources. When you enter the first character in the resource field, the autocomplete feature displays the resources (databases, tables, or columns) available in the data source. The autocomplete feature supports the Wildcard character "*" to add the resources.

    Note

    Autocomplete feature is supported on the resource fields of the PolicySync connectors only.

  • Condition Sets: The rules used to allow or deny access to resources. Condition sets are made up of permissions, users, groups, and roles. The permission selection list will be specific to the type of service. (For example, for the ADLS service, the permission set is {read, write, delete, metadata read, metadata write, admin}.) There are four sets of access conditions (rules):

    • Allow Conditions

    • Exclude from Allow Conditions

    • Deny Conditions

    • Exclude from Deny Conditions

At least one rule should be defined. Rules for the other condition sets may be omitted.

One or more default 'all...' policies are automatically created for any default created services (those named as "privacera_<service_type>"). (The actual policy names are adjusted for each type of service. For example, for 'hive' services, the 'all' policy is named 'all - database'. For database repository oriented services, the default policy name is: 'all - database, schema, table, column', and so on.).