- Platform Release 6.5
- Privacera Platform Release 6.5
- Enhancements and updates in Privacera Access Management 6.5 release
- Enhancements and updates in Privacera Discovery 6.5 release
- Enhancements and updates in Privacera Encryption 6.5 release
- Deprecation of older version of PolicySync
- Upgrade Prerequisites
- Supported versions of third-party systems
- Documentation changelog
- Known Issues 6.5
- Platform - Supported Versions of Third-Party Systems
- Platform Support Policy and End-of-Support Dates
- Privacera Platform Release 6.5
- Privacera Platform Installation
- About Privacera Manager (PM)
- Install overview
- Prerequisites
- Installation
- Default services configuration
- Component services configurations
- Access Management
- Data Server
- UserSync
- Privacera Plugin
- Databricks
- Spark standalone
- Spark on EKS
- Portal SSO with PingFederate
- Trino Open Source
- Dremio
- AWS EMR
- AWS EMR with Native Apache Ranger
- GCP Dataproc
- Starburst Enterprise
- Privacera services (Data Assets)
- Audit Fluentd
- Grafana
- Ranger Tagsync
- Discovery
- Encryption & Masking
- Privacera Encryption Gateway (PEG) and Cryptography with Ranger KMS
- AWS S3 bucket encryption
- Ranger KMS
- AuthZ / AuthN
- Security
- Access Management
- Reference - Custom Properties
- Validation
- Additional Privacera Manager configurations
- Upgrade Privacera Manager
- Troubleshooting
- How to validate installation
- Possible Errors and Solutions in Privacera Manager
- Unable to Connect to Docker
- Terminate Installation
- 6.5 Platform Installation fails with invalid apiVersion
- Ansible Kubernetes Module does not load
- Unable to connect to Kubernetes Cluster
- Common Errors/Warnings in YAML Config Files
- Delete old unused Privacera Docker images
- Unable to debug error for an Ansible task
- Unable to upgrade from 4.x to 5.x or 6.x due to Zookeeper snapshot issue
- Storage issue in Privacera UserSync & PolicySync
- Permission Denied Errors in PM Docker Installation
- Unable to initialize the Discovery Kubernetes pod
- Portal service
- Grafana service
- Audit server
- Audit Fluentd
- Privacera Plugin
- How-to
- Appendix
- AWS topics
- AWS CLI
- AWS IAM
- Configure S3 for real-time scanning
- Install Docker and Docker compose (AWS-Linux-RHEL)
- AWS S3 MinIO quick setup
- Cross account IAM role for Databricks
- Integrate Privacera services in separate VPC
- Securely access S3 buckets ssing IAM roles
- Multiple AWS account support in Dataserver using Databricks
- Multiple AWS S3 IAM role support in Dataserver
- Azure topics
- GCP topics
- Kubernetes
- Microsoft SQL topics
- Snowflake configuration for PolicySync
- Create Azure resources
- Databricks
- Spark Plug-in
- Azure key vault
- Add custom properties
- Migrate Ranger KMS master key
- IAM policy for AWS controller
- Customize topic and table names
- Configure SSL for Privacera
- Configure Real-time scan across projects in GCP
- Upload custom SSL certificates
- Deployment size
- Service-level system properties
- PrestoSQL standalone installation
- AWS topics
- Privacera Platform User Guide
- Introduction to Privacera Platform
- Settings
- Data inventory
- Token generator
- System configuration
- Diagnostics
- Notifications
- How-to
- Privacera Discovery User Guide
- What is Discovery?
- Discovery Dashboard
- Scan Techniques
- Processing order of scan techniques
- Add and scan resources in a data source
- Start or cancel a scan
- Tags
- Dictionaries
- Patterns
- Scan status
- Data zone movement
- Models
- Disallowed Tags policy
- Rules
- Types of rules
- Example rules and classifications
- Create a structured rule
- Create an unstructured rule
- Create a rule mapping
- Export rules and mappings
- Import rules and mappings
- Post-processing in real-time and offline scans
- Enable post-processing
- Example of post-processing rules on tags
- List of structured rules
- Supported scan file formats
- Data Source Scanning
- Data Inventory
- TagSync using Apache Ranger
- Compliance Workflow
- Data zones and workflow policies
- Workflow Policies
- Alerts Dashboard
- Data Zone Dashboard
- Data zone movement
- Workflow policy use case example
- Discovery Health Check
- Reports
- How-to
- Privacera Encryption Guide
- Overview of Privacera Encryption
- Install Privacera Encryption
- Encryption Key Management
- Schemes
- Encryption with PEG REST API
- Privacera Encryption REST API
- PEG API endpoint
- PEG REST API encryption endpoints
- PEG REST API authentication methods on Privacera Platform
- Common PEG REST API fields
- Construct the datalist for the /protect endpoint
- Deconstruct the response from the /unprotect endpoint
- Example data transformation with the /unprotect endpoint and presentation scheme
- Example PEG API endpoints
- /authenticate
- /protect with encryption scheme
- /protect with masking scheme
- /protect with both encryption and masking schemes
- /unprotect without presentation scheme
- /unprotect with presentation scheme
- /unprotect with masking scheme
- REST API response partial success on bulk operations
- Audit details for PEG REST API accesses
- Make encryption API calls on behalf of another user
- Troubleshoot REST API Issues on Privacera Platform
- Privacera Encryption REST API
- Encryption with Databricks, Hive, Streamsets, Trino
- Databricks UDFs for encryption and masking on PrivaceraPlatform
- Hive UDFs for encryption on Privacera Platform
- StreamSets Data Collector (SDC) and Privacera Encryption on Privacera Platform
- Trino UDFs for encryption and masking on Privacera Platform
- Privacera Access Management User Guide
- Privacera Access Management
- How Polices are evaluated
- Resource policies
- Policies overview
- Creating Resource Based Policies
- Configure Policy with Attribute-Based Access Control
- Configuring Policy with Conditional Masking
- Tag Policies
- Entitlement
- Service Explorer
- Users, groups, and roles
- Permissions
- Reports
- Audit
- Security Zone
- Access Control using APIs
- AWS User Guide
- Overview of Privacera on AWS
- Configure policies for AWS services
- Using Athena with data access server
- Using DynamoDB with data access server
- Databricks access manager policy
- Accessing Kinesis with data access server
- Accessing Firehose with Data Access Server
- EMR user guide
- AWS S3 bucket encryption
- Getting started with Minio
- Plugins
- How to Get Support
- Coordinated Vulnerability Disclosure (CVD) Program of Privacera
- Shared Security Model
- Privacera Platform documentation changelog
Dictionaries
Dictionaries are lists of values used to identify data elements. Privacera Discovery matches dictionaries against your resources and data and can be applied to either content or metanames.
Example dictionaries include:
A dictionary of US person names used to identify names in a database.
A dictionary of common column name patterns used to identify a column of account IDs.
Dictionaries support multiple include/exclude patterns. This helps enable a longer transition from conventional patterns for pattern matching. For example, the 'email' conventional pattern and its associated structured and unstructured rules can be disabled and the same pattern value can be added as part of a new dictionary lookup. The resulting rules can then be configured just as conventional patterns.
Types of dictionaries
There are three types of dictionaries in Privacera Discovery:
Exact match: the value of the data must exactly match the value in the dictionary.
Fuzzy match: the matching is based on fuzzy logic instead of exact match.
Pattern match: the values in the dictionary are regular expressions.
Dictionary Keys
The key is used by Discovery rules to associate a tag with a resource element. Because a dictionary can be applied to either content or metaname, a naming convention is used for the key:
Content dictionary: LOOKUP suffix.
Metaname dictionary: KEYWORD suffix.
Manage dictionaries
Privacera Discovery comes pre-loaded with a set of useful dictionaries. You can also create your own custom dictionaries and configure rules to use them.
The values in a dictionary can come from a text file that can be uploaded through the portal or directly copied into your installation. For smaller dictionaries, you can add values using the Privacera portal either one by one or with the bulk input interface. For dictionaries that are file-based, you can add additional values or exclude existing values using the Privacera portal.
When a dictionary is created or modified, the updated dictionary becomes available for use within a few minutes.
Add a dictionary
To add a dictionary, follow these steps:
On the Dictionaries page, click the + sign.
The Add Dictionary dialog is displayed
Enter the following details:
The Name of the dictionary (required)
The Description of the dictionary.
The Key field is not editable because it is populated by the system. You have the option to add IPv4 and IPv6 address regexes as an option under Key description for regexes and used to lookup dictionary content.
The required File name.
Select the required Type: Exact, Pattern, or Fuzzy match.
Note
For pattern dictionaries, see Pattern Validation.
Select Apply For. The choices are content or metaname. If you select metaname, for pattern type dictionaries, you have the choice to apply the input tags directly to the resource. See Add Meta Tags Directly to Dictionary.
Select the Status (enabled by default).
Click Save.
The dictionary is added.
Add meta tags directly to a dictionary
When you create a new dictionary of type pattern, you can apply meta tags directly to a data source. The option appears after you select the combination of pattern and metaname.
Upload a dictionary
To upload a dictionary, follow these steps:
In the Dictionaries page, click Upload Dictionary.
The Upload Dictionary dialog is displayed.
Select the .txt file of the dictionary you want to upload.
Click Save.
The dictionary file is uploaded.
Edit a dictionary
To edit a dictionary, follow these steps:
In the Dictionaries page, select a dictionary from the dictionary list and click Edit.
The Edit Dictionary Info dialog is displayed.
Update the required fields.
Click Save.
The dictionary is updated.
Copy a dictionary
To make a copy of a dictionary, follow these steps:
On the Dictionary page, select a dictionary from the dictionary list and click Create Copy.
The Copy Dictionary Info dialog is displayed with selected Type and Apply For** values.
Enter the following details:
Enter the Name dictionary (required).
Enter the Description of dictionary.
Enter the File name (required).
Select the Type (required).
Select the Apply For (required).
Select the Status (enabled by default)
Click Save.
A copy of the dictionary is created.
Enable or disable a dictionary
To enable or disable a dictionary, follow these steps:
On the Dictionaries page, select a dictionary from the Dictionary list
Click the Status toggle to enable or disable the dictionary.
Search for a dictionary
To search for a dictionary, navigate to the Dictionaries page and enter the dictionary name into the search bar.
Dictionary tour
To see an explanation of the different components of a dictionary, click Tour on the Dictionaries page.
Include a Dictionary
You can filter the list of included dictionaries using the search included dictionary option. This tab also displays the current count of records relying on the dictionary.
The Include Dictionary tab displays the following:
Name: Name of the dictionary.
Description: The lookup/keyword description.
Actions: Edit or delete dictionaries.
Bulk Edit/Delete: Select this to edit or delete the dictionary values in bulk. After selecting, click x to delete the values.
Add keywords to an included dictionary
To add a keyword or lookup under Include Dictionary, follow these steps:
On the Dictionaries page, select a dictionary from the dictionary list.
In the Include Dictionary tab, click ADD.
The Add Dictionary dialog is displayed.
Enter the name of the keyword or lookup, one name per line.
Add a Description for the dictionary name.
Click Save.
The keyword or lookup is added to the selected dictionary in the Include Dictionary tab.
Exclude a dictionary
You can filter the list of excluded dictionaries using the search excluded dictionary option. This tab also displays the total record count.
The Exclude Dictionary tab displays the following information:
Name: Indicates name of the dictionary.
Actions: Allows you to edit and delete the dictionary.
To add a lookup in the Exclude Dictionary tab, follow these steps:
On the Dictionaries page, select a dictionary from the Dictionary list.
Select the Exclude Dictionary tab and click +Add.
The Add Dictionary dialog displays.
In the Name field, enter the names of the dictionaries, one name per line.
In the Description field, enter a description for the dictionary.
Click Save.
The lookup is added to the selected dictionary.
Import a dictionary
To import a dictionary in JSON format, follow these steps:
On the Discovery page, click Import.
The Import dialog is displayed.
Select the JSON file of the dictionary you want to import and click Save.
The dictionary configuration file is imported.
Export a dictionary
To export a dictionary in JSON format, follow these steps:
On the Dictionaries page, click Export .
Check the checkbox of the required dictionary and click Export.
Note
You can select multiple dictionaries.
The dictionary file is exported.
Test dictionaries
Pattern validation
If the dictionary is of type pattern, you can validate its regexes.
To validate a pattern, follow these steps:
In the Dictionaries page, add a new dictionary of type 'Patterns'.
The Add Dictionary field for the pattern type is displayed.
Enter a complex Expression (regex).
Enter the Description for the expression.
Enter the Input Test Data.
Click Test Expression.
The message "Passed" or "Failed" appears in the Test Output field.
Test against a data source
To test changes to a dictionary, follow these steps:
Perform an offline scan of the data source that has sensitive fields you want to test.
Check the Scan Status.
After the scan is completed, open the resource to verify if the scan classified the tags correctly.
The tags are classified under Data Inventory > Classification.
List of Privacera-supplied dictionaries
The following is a list of the Privacera-supplied dictionaries. The name of a dictionary in general describes the purpose of the dictionary. For precise details, look at the dictionary itself in the Platform UI.
AU_BSB_LOOKUP
BINARY_MIME_KEYWORD
CC_KEYWORD
CC_PROTECTED_KEYWORDDisabled
CITY_KEYWORD
COUNTY_KEYWORD
CRIMINAL_RECORD_LOOKUP
DISALLOW_DOB_KEYWORDDisabled
DISALLOW_NAME_KEYWORDDisabled
DISALLOW_ZIP_KEYWORDDisabled
DOB_KEYWORD
ETHNICITY_LOOKUP
EXEC_MIME_KEYWORD
GEO_KEYWORD
GPS_KEYWORD
IMAGE_MIME_KEYWORD
ISO3166_CC_LOOKUP
MEDICAL_RECORD_LOOKUP
ORG_LOOKUP
PASSPORT_KEYWORD
PASSWORD_KEYWORD
PERSON_NAME_KEYWORD
PERSON_NAME_LOOKUP
PII_ID_KEYWORD
SSN_KEYWORD
STATE_KEYWORD
SWIFT_BIC_KEYWORDDisabled
SWIFT_BIC_LOOKUPDisabled
TAX_ID_KEYWORD
UK_ELECTORAL_ROLL_KEYWORDDisabled
UK_NHS_KEYWORDDisabled
UK_NINO_KEYWORDDisabled
UK_POSTAL_TOWN_LOOKUPDisabled
US_ABA_NUMBER_KEYWORDDisabled
US_ADDRESS_KEYWORD
US_CITY_KEYWORD
US_CITY_LOOKUP
US_COUNTY_KEYWORDDisabled
US_COUNTY_LOOKUPDisabled
US_DLICENSE_KEYWORD
US_DLICENSE_LOOKUP
US_STATE_KEYWORD
US_STATE_LOOKUP
US_ZIP_KEYWORD
US_ZIP_LOOKUP