Skip to main content

Privacera Platform

Table of Contents

Dremio user guide

Access control
Access control


The Privacera Plugin uses the privacera_dremio repository for access control.

Ensure the following prerequisites are met:

  • A Privacera Manager host with Privacera services running.

  • A Dremio host with Dremio Enterprise Edition installed. (The Community Edition is not supported.)

  • Need to onboard data-lake which user want to run query for supported datalake: 

    • s3

    • ADLS

    • Hive

    • Redshift

S3 Data-lake source

Access Control on a Create VDS

Access Control on a select VDS

Redshift Data-lake Source

ADLS Data-lake Source

Glue Data-lake Source

Dremio Ranger Based authorization
Dremio Ranger Based authorization
Dremio Ranger Based authorization

Dremio Ranger Based authorization is a Hive authorization client that checks your Ranger policy permissions and then allows or disallows access as defined by the Ranger policy. Connecting Dremio Ranger Based Hive authorization with Privacera’s Ranger-based data access governance extends Apache Ranger’s open source capabilities to take advantage of Privacera’s centralized enterprise-ready solution.

Install and set up the Privacera Dremio plugin.

For Privacera Platform see:

To configure the Dremio Hive source:

  1. Dremio dashboard home page in the Data Lakes section: click the Add Data Lake / Plus icon to add the source.

  2. Select Hive 2.x or Hive 3.x from Table Stores.

  3. Enter your Hive source Name, Hive Metastore Host, and Port Number.

  4. In Authorization > Client enter the following information: 

    1. Ranger Based Authorization

    2. Ranger Service name: privacera_hive

    3. Enter the Ranger Host URL:



      For information on obtaining an API key, see:

Continue with Advanced Options:

  1. Uncheck Enable external authorization plugin.

    Unchecking the box will use Ranger Base Authorization

    Checking the box will use the Privacera Dremio plugin

  2. Add the following Connection Properties for SSL and Audit server configuration:




    Path of ranger SSL cofig ranger-policymgr-ssl.xml file


    To enable auditing set to true.



    To use SOLR as auditing using server set to true



    URL of SOLR audit server.



    See API Key


    To use HDFS as an auditing service.



    Audit directory for HDFS



    Audit directory for SOLR



    To enable summarization set to true

  3. In Metadata > Authorization > Expire after set the authorization.

  4. Choose Save.

Run queries
Select data in table


The Privacera Plugin for Dremio supports access control only for SELECT queries on tables.

  1. Run the following command:


    In Privacera Portal, when you check Access Manager > Audits, access will be denied.

  2. In Privacera Portal, create an access policy in Access Management > Resource Policies > privacera_dremio for the table and grant the Select permission as shown in the image.

  3. Run the query again. Now, you will see access is granted.