- Platform Release 6.5
- Privacera Platform Installation
- Privacera Platform User Guide
- Privacera Discovery User Guide
- Privacera Encryption Guide
- Privacera Access Management User Guide
- AWS User Guide
- Overview of Privacera on AWS
- Configure policies for AWS services
- Using Athena with data access server
- Using DynamoDB with data access server
- Databricks access manager policy
- Accessing Kinesis with data access server
- Accessing Firehose with Data Access Server
- EMR user guide
- AWS S3 bucket encryption
- Getting started with Minio
- Plugins
- How to Get Support
- Coordinated Vulnerability Disclosure (CVD) Program of Privacera
- Shared Security Model
- Privacera Platform documentation changelog
Dremio user guide
This user guide describes how to validate access control on Dremio data sources. For more information about Dremio installation, see Dremio Plugin.
Note
The Privacera Plugin uses the privacera_dremio repository for access control.
Prerequisites
A Privacera Manager host with Privacera services running.
A Dremio host with Dremio Enterprise Edition installed. (The Community Edition is not supported.)
A data lake. Supported data lakes include::
s3
ADLS
Hive
Redshift
Dremio Ranger Based authorization
Dremio Ranger Based authorization is a Hive authorization client that checks your Ranger policy permissions and then allows or disallows access as defined by the Ranger policy. Connecting Dremio Ranger Based Hive authorization with Privacera’s Ranger-based data access governance extends Apache Ranger’s open source capabilities to take advantage of Privacera’s centralized enterprise-ready solution.
Install and set up the Privacera Dremio plugin.
To configure the Dremio Hive source:
Dremio dashboard home page in the Data Lakes section: click the Add Data Lake / Plus icon to add the source.
Select Hive 2.x or Hive 3.x from Table Stores.
Enter your Hive source Name, Hive Metastore Host, and Port Number.
In Authorization > Client enter the following information:
Ranger Based Authorization
Ranger Service name:
privacera_hiveEnter the Ranger Host URL:
Platform:
https://ranger-plugin-my-eks.mydomain.comCloud:
https://privacera.com/api/api-key.
Continue with advanced options
Uncheck Enable external authorization plugin.
Unchecking the box will use Ranger Base Authorization
Checking the box will use the Privacera Dremio plugin
Add the following Connection Properties for SSL and Audit server configuration:
Property
Description
Example
ranger.plugin.hive.policy.rest.ssl.config.file
Path of ranger SSL cofig ranger-policymgr-ssl.xml file
/opt/privacera/conf/ranger-policymgr-ssl.xml
xasecure.audit.is.enabled
To enable auditing set to true.
true
xasecure.audit.destination.solr
To use SOLR as auditing using server set to true.
true
xasecure.audit.destination.solr.urls
URL of SOLR audit server
Platform:https://auditserver-plugin-mydomain.com/solr/ranger_audits
PCloud: https://privacera.com/api/<api-key>/solr/ranger_audits
See API Key
xasecure.audit.destination.hdfs
To use HDFS as an auditing service.
false
xasecure.audit.destination.file.dir
Audit directory for HDFS
ranger/audit/file
xasecure.audit.destination.solr.batch.filespool.dir
Audit directory for SOLR
ranger/audit/solr/spool
xasecure.audit.provider.summary.enabled
To enable summarization set to true
true
In Metadata > Authorization > Expire after set the authorization.
Choose Save.
Run a sample query
Note
The Privacera Plugin for Dremio supports access control only for SELECT queries on tables.
To select data in a table:
Run the following command:
select*fromtest_catalog.test_db.test_tableIn Privacera Portal, when you check Access Manager > Audits, access will be denied.
In Privacera Portal, create an access policy in Access Management > Resource Policies > privacera_dremio for the table and grant Select permissions:
Run the query again.
You will see that access has been granted.