Setup Access Manager

Under Access Manager, service configurations are displayed in the multi-stepper depending on the services you've selected.

In each of the services, you can configure basic, advanced and custom configurations.

For a standard installation, the following services are enabled by default, if you configure Data Access Server, and are not required to be configured separately:

• DynamoDB
• Glue
• Kinesis
• Lambda

To set up the services, expand each configuration below and set their properties. After completing a configuration, click Save & Next to proceed further.

Configure Data Access Server

Expand

Configuration

1. Set Dataserver Enable.

2. To configure the properties in the Advanced tab, click here.

Configure S3

Expand

You can access an S3 bucket using IAM roles or API key.

To configure the properties in the Basic and Advanced tab, click here.

Configure Athena

Expand

You can configure access control for AWS Athena through Privacera Data Access Server.

Identify an existing S3 bucket or create one to store the Athena query results.

Set the bucket to the AWS Athena Result Storage URL to this property.

Configure ADLS

Expand

You can integrate Azure Data Lake Storage (ADLS) with the Privacera Platform using Privacera Dataserver.

Prerequisites

Ensure that the following prerequisites are met:

• Privacera Dataserver is enabled.

• You have access to an Azure Storage account along with required credentials.
  For more information on how to set up an Azure storage account, refer to Azure Storage Account Creation.

• Get the values for the following Azure properties: Application (client) ID, Client secrets

Configuration

In the Advanced tab, enter the value for each property. For more information on each property, click here.

Configure Policysync

Expand

You can enable/disable Policysync.

It is enabled by default.

Configure Postgres RDS

Expand

Prerequisites

Ensure the following basic prerequisites are met:

• Create a database in PostgreSQL. Get the database name and its URL. For more information, refer to Creating a PostgreSQL DB.
• Create a database user granting all privileges to fully access the database. Get the user credentials to connect to the database.

If you choose to enable audits for PolicySync, ensure the following prerequisites are met:

• Create an SQS queue with the name, privacera-postgres-${RDS_CLUSTER_NAME}-audits.fifo. For more information, refer to Creating an Amazon SQS queue.
• Create a Lamda function. For more information, refer to Lambda Setup for PostgreSQL Audits.
• Attach IAM Policy. For more information, refer to IAM Role for EC2.

Configuration

1. Set Enable Postgres as True.

2. Configure the properties. For more information, refer to PostgreSQL

Configure MSSQL

Expand

Prerequisites

Ensure the following basic prerequisites are met:

• MSSQL Server must already be installed and running. .

If you are installing an evaluation, you may need to install and configure an MSSQL Server with one or more databases to test against.

Configuration

1. Select MSSQL Enable.

2. Configure the properties. For more information, refer to MSSQL.

Configure Redshift

Expand

Configuration

1. Set Enable Redshift as True.

2. Configure the properties. For more information, refer to Redshift

Configure Snowflake

Expand

Prerequisites

Ensure the following:

• Create a Snowflake account that is accessible from the instance used for Privacera Manager installation.
• Add users, roles to the Snowflake account and give permissions. For more information, click here.

Configuration

1. Set Snowflake Enable as True.

2. Configure the properties. For more information, refer to Snowflake

Configure Databricks SQL

Expand

Prerequisites

Ensure the following prerequisites are met:​

• Create an endpoint in Databricks SQL with a user having admin privileges. For more information, refer to Create an endpoint in Databricks SQL.

• Get the following values of Databricks SQL:

  • Host URL

  • JDBC URL

  • JDBC password

  • Database List

Configuration

1. Set Enable Databricks SQL as True.

2. Configure the properties. For more information, refer to Databricks SQL.

Configure Databricks

Expand

Databricks is enabled by default for a standard installation.

Additionally, you can configure Databricks Scala and upload init scripts to a SQL and Scala Cluster.

Note

Ensure you've selected and configured Privacera AWS S3 Dataserver.

1. Set Databricks Enable as True.

2. Configure the properties. For more information, refer to Databricks.

Configure Spark Standalone

Expand

You can use Privacera Manager to generate the setup script and Spark custom configuration for SSL to install Privacera Plugin in an open-source Spark 3.0 environment.

Configuration

1. Set Spark Standalone Enable.

2. To configure the properties in the Basic tab, click here.

   After the installation is complete, the setup script (privacera_setup.sh) and Spark custom configurations (spark_custom_conf.zip) for SSL will be generated at the path, cd ~/privacera/privacera-manager/output/spark-standalone.

3. In your Spark environment, do the following:

   1. Copy privacera_setup.sh and spark_custom_conf.zip. Both the files should be placed under the same folder.

   2. Add permissions to execute the script.

      chmod +x privacera_setup.sh
      

   3. Run the script to install the Privacera plugin in your Spark environment.

      ./privacera_setup.sh
      

Configure Trino Open Source

Expand

You can use Privacera Manager to generate the setup script and Trino custom configuration for SSL to install Privacera Plugin in an open-source Trino environment.

Configuration

1. Set Trino Open Source Enable.

2. To configure the properties in the Basic tab, click here.

   After the update is complete, the setup script (privacera_trino_setup.sh) and Trino custom configurations (privacera_trino_plugin_conf.zip) for SSL will be generated at the path, cd ~/privacera/privacera-manager/output/trino-standalone.

3. In your Trino environment, do the following:

   1. Copy privacera_trino_setup.sh and privacera_trino_plugin_conf.zip. Both the files should be placed under the same folder.

   2. Add permissions to execute the script.

      chmod +x privacera_trino_setup.sh
      

   3. Run the script to install the Privacera plugin in your Trino environment.

      ./privacera_trino_setup.sh
      

Note

To learn more about Trino, see Trino User Guide.

Configure Usersync

Expand

You can configure the Privacera Platform to attach and import users and groups defined in an external Active Directory (AD), LDAP, or LDAPS (LDAP over SSL)) directory as data access users and groups.

LDAP

Privacera requires a certificate to connect to an SSL-enabled LDAP-S server. To configure this, you can do one of the following:

• Allow Privacera Manager to download and create the certificate based on the LDAP-S server URL.

Configuration

1. Set Usersync Enable.

2. Select LDAP in Usersync Source.

3. Configure the properties. For more information, refer to LDAP.

Azure AD

You can synchronize users, groups, and service principals from your existing Azure Active Directory (AAD) domain.

*Prerequisites

Ensure the following pre-requisites are met:​

• Create an Azure AD application.

• Get the values for the following Azure properties: Application (client) ID,  Client secrets.

Configuration

1. Set Usersync Enable.

2. Select AzureAD in Usersync Source.

3. Configure the properties. For more information, refer to Azure AD.

Configure Access Request Manager (ARM)

Expand

Using Access Request Manager, you can provide access to data for specific users based on roles or projects.

Configuration

ARM is enabled by default. To disable it, set it to false.

Note: You can also add custom properties that are not included by default. See Access Request Manager.

Configure Audits Export (Using Fluentd)

Expand

You can store the audits from AuditServer locally, or on a cloud, for example, AWS S3, Azure blob, and Azure ADLS Gen 2.

A) Enable/Disable Audit Fluentd

Pre-Installation

If you're installing Privacera Platform for the first time, then do the following:

In the Setup Environment page, go to Setup Environment > Products and Services > Access Manager, and select Enable Audits Export (Fluentd)?.

In the left navigation, Audits Export (Fluentd) will be displayed under Setup Access Manager.

Post-Installation

If you have already installed Privacera Platform, then do the following:

In the Dashboard page, go to System Settings > Setup Environment > Products and Services > Access Manager, and select Enable Audits Export (Fluentd)?.

In the left navigation, Audits Export (Fluentd) will be displayed under Setup Access Manager.

B) Prerequisites

Ensure you've selected and configured AuditServer. For more information, refer to AuditServer.

C) Configuration

S3

For S3, the default time interval to publish the audits is 3600s (1hr). To configure S3 as the audit destination, do the following:

1. Select Enable Audits to Fluentd.
2. Select S3 as Destination Storage.
3. Configure the properties. For more information, refer to Audit Fluentd.

Azure Blob

1. Select Enable Audits to Fluentd.
2. Select Azure Blob as Destination Storage.
3. Configure the properties. For more information, refer to Audit Fluentd.

Azure ADLS

1. Select Enable Audits to Fluentd.
2. Select Azure ADLS as Destination Storage.
3. Configure the properties. For more information, refer to Audit Fluentd.

Configure Privacera Services (Data Assets)

Expand

You can enable/disable Data Sets menu on Privacera Portal.

Data Sets allows you to create logical data assets from various data sources such Snowflake, PostgreSQL and so on, and share the data assets with users, groups or roles. You can assign an owner to a data asset who has the privileges to control access to the data within the data asset.

A) Enable/Disable Privacera Services

Pre-Installation

If you're installing Privacera Platform for the first time, then do the following:

In the Setup Environment page, go to Setup Environment > Products and Services > Access Manager, and select Enable Privacera Services?.

In the left navigation, Privacera Services will be displayed under Setup Access Manager.

Post-Installation

If you have already installed Privacera Platform, then do the following:

In the Dashboard page, go to System Settings > Setup Environment > Products and Services > Access Manager, and select Enable Privacera Services?.

In the left navigation, Privacera Services will be displayed under Setup Access Manager.

B) Configuration

To enable/disable the Privacera Services, select Privacera Services Enable.

You can import/export the configuration of each default service. On the service page, do the following:

• To import, click Import.
• To export, click Export.