- Platform Release 6.5
- Privacera Platform Installation
- Privacera Platform User Guide
- Privacera Discovery User Guide
- Privacera Encryption Guide
- Privacera Access Management User Guide
- AWS User Guide
- Overview of Privacera on AWS
- Configure policies for AWS services
- Using Athena with data access server
- Using DynamoDB with data access server
- Databricks access manager policy
- Accessing Kinesis with data access server
- Accessing Firehose with Data Access Server
- EMR user guide
- AWS S3 bucket encryption
- Getting started with Minio
- Plugins
- How to Get Support
- Coordinated Vulnerability Disclosure (CVD) Program of Privacera
- Shared Security Model
- Privacera Platform documentation changelog
Audit
Privacera Access Management’s audit facility preserves audit records for all data accesses and important access policy-related changes. Administrators can use the built-in audit store, and audit browser, and search capabilities to:
Track recent access control enforcement decisions.
View recent changes to policies, resources, security principals and entitlements.
Monitor policy and user synchronization operations across systems under management.
Privacera limits audit record retention to 90 days, to maintain performance and scalability of the Apache Solr service used as an audit store.
Open access to the underlying Apache Solr audit data store is available, so that audit records can be extracted and forwarded to systems that more closely fit a customer’s requirements for long-term audit management.
The Audit Page lets you browse, search and filter recent audit records by a variety of criteria. You can use these capabilities to check the effects of recent policy changes, or to browse or search recent activity against specific sets of data objects.
The Audit page includes information under the following categories:
Access: Each access (or denial) to a managed data repository.
Admin: Portal Administrative activity including revisions to policies.
Login Sessions: Logins to your PrivaceraCloud account web portal.
Plugin: Logged status for each synchronization exchange with a data access plug-in component.
Plugin Status: Logged updates with each data access plug-in component.
UserSync: The new provisioning of a user or group or modification of an already provisioned user or group, that has already been provisioned from the connected Identity Provider.
PolicySync: Logged queries to data resources integrated using 'policy sync' method.
Accessing the audit page
To access the audit page, you must be assigned either the ROLE_ADMIN or ROLE_AUDITOR role.
Anyone who can access the audit page can view all access audit log records for all data objects under management.
The Audit Page reports access to objects in all security zones to any user who has access to the audit page.
Some PolicySync connectors, when collecting audit records, are unable to annotate the audit record with the security zone(s) of tables referenced in each query. Audit records from those connectors do not specify security zone information. It may therefore be impractical to rely on filtering audit records based on security zone.
See the documentation for each connector for details on any audit limitations.
About PolicySync Access Audit Records and Policy ID
For datasources where Ranger plug-ins make policy decisions, those plug-ins can log the specific policy that was enforced, and the Policy ID column is populated with a link to the relevant policy.
For datasources where Ranger plug-ins make policy decisions, those plug-ins can log the specific policy that was enforced, and the Policy ID column is populated with a link to the relevant policy.
View audit logs
From the home page, click Access Management > Audit.
Select a tab to see events in the associated category.
Access
Admin
Login Sessions
Plugin
Plugin Status
User Sync
Policy Sync
(Optional) Select a time range for the events you want to see. The default is seven days.
PEG API access
On the Access tab, use the search filter pulldown menu to see Service is PEG (Privacera Encryption Gateway).
This shows access to a PEG encryption key when a PEG REST API request specifies an encryption scheme.
For more information about PEG, see the Privacera Encryption Guide.
Enable reason setting
The "reason" setting shows error codes and error messages on the Audit page that caused an audit record.
Set the following properties:
vi ~/privacera/privacera-manager/config/custom-properties/rangersync-custom.properties
ranger.policysync.connector.0.enable.audit=true
ranger.policysync.connector.0.audit.source.simple=true
ranger.policysync.connector.0.audit.source.advance=false
ranger.policysync.connector.0.custom.audit.db.name=${Database_Name}
ranger.policysync.connector.0.audit.initial.pull.min=30
Examples of audit search
These examples show using Search on the Audits page to find records of various kinds.
As you position your cursor in the Search box, the system guides you through refining your search. You can pick from various displayed menus as you refine.
Find policies deleted by an administrator
Click the ADMIN tab, and in the Search box, select User. This example shows the default administrative user padmin.
 |
For Actions, specify Delete.
 |
For Category, select Audit Type.
 |
For Audit Type, select Ranger Policy.
 |
The results are displayed.
Find statistics of a UserSync from LDAP
Click the USER SYNC tab, and in the Search box, for Category, select Sync Source.
For Sync Source, select LDAP/AD.
 |
The results are displayed. For details about a record, click the eye on the far right.
 |
 |