- Platform Release 6.5
- Privacera Platform Release 6.5
- Enhancements and updates in Privacera Access Management 6.5 release
- Enhancements and updates in Privacera Discovery 6.5 release
- Enhancements and updates in Privacera Encryption 6.5 release
- Deprecation of older version of PolicySync
- Upgrade Prerequisites
- Supported versions of third-party systems
- Documentation changelog
- Known Issues 6.5
- Platform - Supported Versions of Third-Party Systems
- Platform Support Policy and End-of-Support Dates
- Privacera Platform Release 6.5
- Privacera Platform Installation
- About Privacera Manager (PM)
- Install overview
- Prerequisites
- Installation
- Default services configuration
- Component services configurations
- Access Management
- Data Server
- UserSync
- Privacera Plugin
- Databricks
- Spark standalone
- Spark on EKS
- Portal SSO with PingFederate
- Trino Open Source
- Dremio
- AWS EMR
- AWS EMR with Native Apache Ranger
- GCP Dataproc
- Starburst Enterprise
- Privacera services (Data Assets)
- Audit Fluentd
- Grafana
- Ranger Tagsync
- Discovery
- Encryption & Masking
- Privacera Encryption Gateway (PEG) and Cryptography with Ranger KMS
- AWS S3 bucket encryption
- Ranger KMS
- AuthZ / AuthN
- Security
- Access Management
- Reference - Custom Properties
- Validation
- Additional Privacera Manager configurations
- Upgrade Privacera Manager
- Troubleshooting
- How to validate installation
- Possible Errors and Solutions in Privacera Manager
- Unable to Connect to Docker
- Terminate Installation
- 6.5 Platform Installation fails with invalid apiVersion
- Ansible Kubernetes Module does not load
- Unable to connect to Kubernetes Cluster
- Common Errors/Warnings in YAML Config Files
- Delete old unused Privacera Docker images
- Unable to debug error for an Ansible task
- Unable to upgrade from 4.x to 5.x or 6.x due to Zookeeper snapshot issue
- Storage issue in Privacera UserSync & PolicySync
- Permission Denied Errors in PM Docker Installation
- Unable to initialize the Discovery Kubernetes pod
- Portal service
- Grafana service
- Audit server
- Audit Fluentd
- Privacera Plugin
- How-to
- Appendix
- AWS topics
- AWS CLI
- AWS IAM
- Configure S3 for real-time scanning
- Install Docker and Docker compose (AWS-Linux-RHEL)
- AWS S3 MinIO quick setup
- Cross account IAM role for Databricks
- Integrate Privacera services in separate VPC
- Securely access S3 buckets ssing IAM roles
- Multiple AWS account support in Dataserver using Databricks
- Multiple AWS S3 IAM role support in Dataserver
- Azure topics
- GCP topics
- Kubernetes
- Microsoft SQL topics
- Snowflake configuration for PolicySync
- Create Azure resources
- Databricks
- Spark Plug-in
- Azure key vault
- Add custom properties
- Migrate Ranger KMS master key
- IAM policy for AWS controller
- Customize topic and table names
- Configure SSL for Privacera
- Configure Real-time scan across projects in GCP
- Upload custom SSL certificates
- Deployment size
- Service-level system properties
- PrestoSQL standalone installation
- AWS topics
- Privacera Platform User Guide
- Introduction to Privacera Platform
- Settings
- Data inventory
- Token generator
- System configuration
- Diagnostics
- Notifications
- How-to
- Privacera Discovery User Guide
- What is Discovery?
- Discovery Dashboard
- Scan Techniques
- Processing order of scan techniques
- Add and scan resources in a data source
- Start or cancel a scan
- Tags
- Dictionaries
- Patterns
- Scan status
- Data zone movement
- Models
- Disallowed Tags policy
- Rules
- Types of rules
- Example rules and classifications
- Create a structured rule
- Create an unstructured rule
- Create a rule mapping
- Export rules and mappings
- Import rules and mappings
- Post-processing in real-time and offline scans
- Enable post-processing
- Example of post-processing rules on tags
- List of structured rules
- Supported scan file formats
- Data Source Scanning
- Data Inventory
- TagSync using Apache Ranger
- Compliance Workflow
- Data zones and workflow policies
- Workflow Policies
- Alerts Dashboard
- Data Zone Dashboard
- Data zone movement
- Workflow policy use case example
- Discovery Health Check
- Reports
- How-to
- Privacera Encryption Guide
- Overview of Privacera Encryption
- Install Privacera Encryption
- Encryption Key Management
- Schemes
- Encryption with PEG REST API
- Privacera Encryption REST API
- PEG API endpoint
- PEG REST API encryption endpoints
- PEG REST API authentication methods on Privacera Platform
- Common PEG REST API fields
- Construct the datalist for the /protect endpoint
- Deconstruct the response from the /unprotect endpoint
- Example data transformation with the /unprotect endpoint and presentation scheme
- Example PEG API endpoints
- /authenticate
- /protect with encryption scheme
- /protect with masking scheme
- /protect with both encryption and masking schemes
- /unprotect without presentation scheme
- /unprotect with presentation scheme
- /unprotect with masking scheme
- REST API response partial success on bulk operations
- Audit details for PEG REST API accesses
- Make encryption API calls on behalf of another user
- Troubleshoot REST API Issues on Privacera Platform
- Privacera Encryption REST API
- Encryption with Databricks, Hive, Streamsets, Trino
- Databricks UDFs for encryption and masking on PrivaceraPlatform
- Hive UDFs for encryption on Privacera Platform
- StreamSets Data Collector (SDC) and Privacera Encryption on Privacera Platform
- Trino UDFs for encryption and masking on Privacera Platform
- Privacera Access Management User Guide
- Privacera Access Management
- How Polices are evaluated
- Resource policies
- Policies overview
- Creating Resource Based Policies
- Configure Policy with Attribute-Based Access Control
- Configuring Policy with Conditional Masking
- Tag Policies
- Entitlement
- Service Explorer
- Users, groups, and roles
- Permissions
- Reports
- Audit
- Security Zone
- Access Control using APIs
- AWS User Guide
- Overview of Privacera on AWS
- Configure policies for AWS services
- Using Athena with data access server
- Using DynamoDB with data access server
- Databricks access manager policy
- Accessing Kinesis with data access server
- Accessing Firehose with Data Access Server
- EMR user guide
- AWS S3 bucket encryption
- Getting started with Minio
- Plugins
- How to Get Support
- Coordinated Vulnerability Disclosure (CVD) Program of Privacera
- Shared Security Model
- Privacera Platform documentation changelog
PrevNext
PolicySync
:
PolicySync properties
This topic covers how to configure additional system properties for multiple connectors for Privacera PolicySync.
You can add properties for the following connectors in the configuration file rangersync-custom-v2.properties, which is described below for the following datasources:
PostgreSQL
Microsoft SQL Server
Snowflake
Redshift
PolicySync and scalability
Each configured connector consumes memory and processing resources based on factors like the number of data objects, policies, and users. You may need to increase the memory or processing available to PolicySync as your usage grows.
The preferred strategy for scaling to large numbers of datasources for PolicySync is to add PolicySync repositories. Use of multiple PolicySync repositories is supported only in Kubernetes. Privacera Manager only supports deployment of a single PolicySync repository, so you may need to modify Helm charts directly.
In Docker, the only option is to use a larger node and add multiple connectors as described above.
PostgreSQL
Create
rangersync-custom-v2.propertiesfile and add the base properties.vi ~/privacera/privacera-manager/config/custom-properties/rangersync-custom-v2.properties
Example to add another PostgreSQL connection with connector ID 5. For information about each property, click here.
ranger.policysync.connector.5=Postgres-dev ranger.policysync.connector.5.enabled=true ranger.policysync.connector.5.servicetype=postgres ranger.policysync.connector.5.jdbc.url=jdbc:postgresql://<connection_url>:5432 ranger.policysync.connector.5.jdbc.username=postgres ranger.policysync.connector.5.jdbc.password= ranger.policysync.connector.5.jdbc.db= ranger.policysync.connector.5.master.database= ranger.policysync.connector.5.manage.database.list= ranger.policysync.connector.5.manage.schema.list= ranger.policysync.connector.5.manage.table.list= ranger.policysync.connector.5.manage.view.list= #Ignore Resource Lists ranger.policysync.connector.5.ignore.schema.list= ranger.policysync.connector.5.ignore.table.list= ranger.policysync.connector.5.new.user.password= ranger.policysync.connector.5.switch.ownership.role= ranger.policysync.connector.5.manage.service.user=true ranger.policysync.connector.5.manage.service.group=true ranger.policysync.connector.5.manage.service.role=true ranger.policysync.connector.5.perform.grant.updates=true #Filter User/Group ranger.policysync.connector.5.manage.user.filterby.group=false ranger.policysync.connector.5.manage.user.filterby.role=false ranger.policysync.connector.5.User.role.prefix=priv_user_ ranger.policysync.connector.5.Group.role.prefix=priv_group_ ranger.policysync.connector.5.Role.role.prefix=priv_role_ #Enable Row Filter ranger.policysync.connector.5.enable.row.filter=true #Masked Value for Masking ranger.policysync.connector.5.masked.number.value=0 ranger.policysync.connector.5.masked.double.value=0 ranger.policysync.connector.5.masked.text.value='<MASKED>' ranger.policysync.connector.5.masked.varchar.value='<MASKED>' ranger.policysync.connector.5.manage.user.list= ranger.policysync.connector.5.manage.group.list= ranger.policysync.connector.5.manage.role.list= #View Based Masking and Row Filter ranger.policysync.connector.5.enable.view.based.row.filter=false ranger.policysync.connector.5.enable.view.based.masking=true ranger.policysync.connector.5.secure.view.schema.name= ranger.policysync.connector.5.secure.view.schema.name.prefix= ranger.policysync.connector.5.secure.view.schema.name.postfix= ranger.policysync.connector.5.secure.view.name.prefix= ranger.policysync.connector.5.secure.view.name.postfix=_secure ranger.policysync.connector.5.secure.view.schema.name.remove.suffix.list= ranger.policysync.connector.5.secure.view.name.remove.suffix.list= ranger.policysync.connector.5.secure.view.create.for.all=false #Audit Properties #Make this property true for audits ranger.policysync.connector.5.enable.audit=true ranger.policysync.connector.5.audit.sqs.queue.name= ranger.policysync.connector.5.region=
Run the following command.
cd ~/privacera/privacera-manager/ ./privacera-manager.sh update
Microsoft SQL Server
Create
rangersync-custom-v2.propertiesfile and add the base properties.vi ~/privacera/privacera-manager/config/custom-properties/rangersync-custom-v2.properties
Example to add another Microsoft SQL Server connection with connector ID 7. For information about each property, click here.
ranger.policysync.connector.7=Mssql # Enable below property to enable the mssql connector ranger.policysync.connector.7.enabled=false ranger.policysync.connector.7.servicetype=mssql ranger.policysync.connector.7.class=com.privacera.policysync.connector.PSMSSQLConnector ranger.policysync.connector.7.jdbc.driver=com.microsoft.sqlserver.jdbc.SQLServerDriver # DB Connection Properties ranger.policysync.connector.7.jdbc.url={{MSSQL_JDBC_URL}} ranger.policysync.connector.7.jdbc.db={{MSSQL_DEFAULT_DB}} ranger.policysync.connector.7.jdbc.username={{MSSQL_SYNC_USER_NAME}} ranger.policysync.connector.7.jdbc.password={{MSSQL_SYNC_USER_PASSWORD}} # ranger.policysync.connector.7.jdbc.authentication= (SqlPassword/ActiveDirectoryPassword) # Use ActiveDirectoryPassword in case of your jdbc admin is Azure AD User ranger.policysync.connector.7.jdbc.authentication=SqlPassword ranger.policysync.connector.7.master.database=master ranger.policysync.connector.7.database.list.format=database ranger.policysync.connector.7.schema.list.format=database.schema ranger.policysync.connector.7.table.list.format=database.schema.table ranger.policysync.connector.7.view.list.format=database.schema.view # Manage Lists #Database name which needs to be managed, Accepts : single name or multiple database names with comma separation. #Regex can be used i.e *_database (This will manage all the database named as company_database, products_database .etc). #Set the value as blank, to manage all the database. #Set the value as : none, to skip all the database. ranger.policysync.connector.7.manage.database.list={{MSSQL_DATABASES_LIST}} #schema name which needs to be managed, Accepts : single name or multiple schema names with comma separation. #Regex can be used i.e *_schema (This will manage all the schema named as company_schema, products_schema .etc). #Set the value as blank, to manage all the schema. #Set the value as : none, to skip all the schema. ranger.policysync.connector.7.manage.schema.list= # Ignore Lists ##Set list of database to be ignored and not managed by policy-sync, Accepts : single name or multiple names with comma separation. ##Regex can be used i.e *_database (This will manage all the database named as admin_database, testing_database .etc). ##Set the value as blank, to manage all the database. ##Set the value as : none, to skip all the database. ranger.policysync.connector.7.ignore.database.list= ##Set list of schema to be ignored and not managed by policy-sync, Accepts : single name or multiple names with comma separation. ##Regex can be used i.e *_schema (This will manage all the schema named as admin_schema, testing_schema .etc). ##Set the value as blank, to manage all the schema. ##Set the value as : none, to skip all the schema. ranger.policysync.connector.7.ignore.schema.list=*.sys,*.privacera_security,*.guest,*.db_denydatareader,*.db_denydatawriter,*.db_datareader,*.db_datawriter,*.db_ddladmin,*.db_backupoperator,*.db_accessadmin,*.db_securityadmin,*.db_owner ##Set list of user to be ignored and not managed by policy-sync, Accepts : single name or multiple names with comma separation. ##Regex can be used i.e *_user (This will manage all the role named as admin_user, testing_user .etc). ##Set the value as blank, to manage all the user. ##Set the value as : none, to skip all the user. ranger.policysync.connector.7.ignore.user.list={{MSSQL_IGNORE_USERS}} # New User Password #ranger.policysync.connector.7.new.user.password= # New Resource Ownership ranger.policysync.connector.7.switch.ownership.role=dbo # Ranger Plugin Properties ranger.policysync.connector.7.ranger.service.type=mssql ranger.policysync.connector.7.ranger.service.appid=privacera_mssql ##Set prefix to create internal role for policy-sync ranger.policysync.connector.7.User.role.prefix=priv_user_ ranger.policysync.connector.7.Group.role.prefix=priv_group_ ranger.policysync.connector.7.Role.role.prefix=priv_role_ ##To perform dry run when value is set as false, Default value : false ranger.policysync.connector.7.perform.grant.updates=false ranger.policysync.connector.7.ranger.resource.matching.scope=SELF #set value as true to perform grant update in a separate thread / Default Value : true ranger.policysync.connector.7.apply.perms.with.separate.thread=true ranger.policysync.connector.7.ranger.resource.zone.matching.scope=SELF_OR_ANCESTOR # Masking #The masking will not be applied to mentioned entities (User, Group, Role). Accepts : single name or multiple names with comma separation. ranger.policysync.connector.7.masking.unmasked.users= ranger.policysync.connector.7.masking.unmasked.groups= ranger.policysync.connector.7.masking.unmasked.roles= ranger.policysync.connector.7.load.resources=load ranger.policysync.connector.7.load.users=load ranger.policysync.connector.7.load.policies=load ranger.policysync.connector.7.sync.interval.sec=60 ranger.policysync.connector.7.manage.service.user=true ranger.policysync.connector.7.manage.service.group=true ranger.policysync.connector.7.manage.service.role=true # Audits ranger.policysync.connector.7.enable.audit=false ranger.policysync.connector.7.audit.storage.url= ranger.policysync.connector.7.audit.initial.pull.min=30 # set 'load_synapse' in case of synapse. # eg.ranger.policysync.connector.7.load.audits=load_synapse ranger.policysync.connector.7.load.audits=loadRun the following command.
cd ~/privacera/privacera-manager/ ./privacera-manager.sh update
Snowflake
Create
rangersync-custom-v2.propertiesfile and add the base properties.vi ~/privacera/privacera-manager/config/custom-properties/rangersync-custom-v2.properties
Example to add another Snowflake connection with connector ID 6. For information about each property, click here.
ranger.policysync.connector.6=Snowflake ranger.policysync.connector.6.enabled=false #ranger.policysync.connector.6.jdbc.url=jdbc:snowflake://${YOURHOST} ranger.policysync.connector.6.jdbc.url={{SNOWFLAKE_JDBC_URL}} ranger.policysync.connector.6.switch.ownership.role={{SNOWFLAKE_OWNER_ROLE}} ranger.policysync.connector.6.jdbc.username={{SNOWFLAKE_SYNC_USER_NAME}} ranger.policysync.connector.6.jdbc.password={{SNOWFLAKE_SYNC_USER_PASSWORD}} #Database name which needs to be managed, Accepts : single name or multiple database names with comma separation. #Regex can be used i.e *_database (This will manage all the database named as company_database, products_database .etc). #Set the value as blank, to manage all the database. #Set the value as : none, to skip all the database. ranger.policysync.connector.6.manage.database.list={{SNOWFLAKE_DATABASES_LIST}} #Warehouse which need to be used, Accepts : single value i.e COMPUTE_WH ranger.policysync.connector.6.warehouse={{SNOWFLAKE_WAREHOUSE_TO_USE}} #Role which need to be used by policy-sync, Accepts : single value i.e PRIVACERA_SYNC_ROLE ranger.policysync.connector.6.role={{SNOWFLAKE_ROLE_TO_USE}} #need to set simple OR advance property as true for audit ranger.policysync.connector.6.audit.source.simple=false ranger.policysync.connector.6.audit.source.advance=false ranger.policysync.connector.6.advance.audit.db.name=PRIVACERA_ACCESS_LOGS_DB ranger.policysync.connector.6.audit.initial.pull.min=30 ##Set value true to create managed users at end service , Default value : False ranger.policysync.connector.6.manage.service.user=false ##Set list of users to be managed by policy-sync, Accepts : single name or multiple names with comma separation. ##Regex can be used i.e *_user (This will manage all the user named as admin_user, clerk_user .etc). ##Set the value as blank, to manage all the users. ##Set the value as : none, to skip all the users. #ranger.policysync.connector.6.manage.user.list= ##Set value true to create managed groups at end service , Default value : False ranger.policysync.connector.6.manage.service.group=false ##Set list of groups to be managed by policy-sync, Accepts : single name or multiple names with comma separation. ##Regex can be used i.e *_groups (This will manage all the groups named as admin_groups, clerk_groups .etc). ##Set the value as blank, to manage all the groups. ##Set the value as : none, to skip all the groups. #ranger.policysync.connector.6.manage.group.list= ##Set value true to create managed roles at end service , Default value : False ranger.policysync.connector.6.manage.service.role=false ##Set list of roles to be managed by policy-sync, Accepts : single name or multiple names with comma separation. ##Regex can be used i.e *_role (This will manage all the role named as admin_role, testing_role .etc). ##Set the value as blank, to manage all the roles. ##Set the value as : none, to skip all the roles. #ranger.policysync.connector.6.manage.role.list= ##To perform dry run when value is set as false, Default value : false ranger.policysync.connector.6.perform.grant.updates=false ##Set list of roles to be ignored and not managed by policy-sync, Accepts : single name or multiple names with comma separation. ##Regex can be used i.e *_role (This will manage all the role named as admin_role, testing_role .etc). ##Set the value as blank, to manage all the roles. ##Set the value as : none, to skip all the roles. ranger.policysync.connector.6.ignore.role.list=SYSADMIN,ACCOUNTADMIN,SECURITYADMIN ##Set list of schema to be ignored by policy-sync, Accepts : single name or multiple names with comma separation. ##Regex can be used i.e *_schema (This will manage all the schema named as finance_schema, dev_schema .etc). ##Set the value as blank, to manage all the schema. ##Set the value as : none, to skip all the schema. ranger.policysync.connector.6.ignore.schema.list=*.information_schema ranger.policysync.connector.6.ranger.service.appid=privacera_snowflake ranger.policysync.connector.6.servicetype=snowflake ranger.policysync.connector.6.class=com.privacera.policysync.connector.PSSnowflakeConnector ranger.policysync.connector.6.jdbc.driver=net.snowflake.client.jdbc.SnowflakeDriver ranger.policysync.connector.6.jdbc.db=snowflake ##Set list of database to be ignored by policy-sync, Accepts : single name or multiple names with comma separation. ##Regex can be used i.e *_database (This will manage all the database named as finance_database, dev_database .etc). ##Set the value as blank, to manage all the database. ##Set the value as : none, to skip all the database. ranger.policysync.connector.6.ignore.database.list=demo_db,snowflake,util_db,SNOWFLAKE_SAMPLE_DATA ranger.policysync.connector.6.database.list.format=database ranger.policysync.connector.6.schema.list.format=database.schema ranger.policysync.connector.6.table.list.format=database.schema.table ranger.policysync.connector.6.view.list.format=database.schema.view #ranger.policysync.connector.6.systemconfig=customSnowflakeConfig.json ranger.policysync.connector.6.load.resources=load #ranger.policysync.connector.6.load.resources=load_md ranger.policysync.connector.6.load.users=load_md ranger.policysync.connector.6.load.policies=load ##Set list of roles to be user and not managed by policy-sync, Accepts : single name or multiple names with comma separation. ##Regex can be used i.e *_user (This will manage all the user named as admin_user, testing_user .etc). ##Set the value as blank, to manage all the user. ##Set the value as : none, to skip all the user. ranger.policysync.connector.6.ignore.user.list=snowflake,privacera ranger.policysync.connector.6.sync.interval.sec=60 #ranger.policysync.connector.6.new.user.password= ##Set prefix to create internal role for policy-sync ranger.policysync.connector.6.User.role.prefix=priv_user_ ranger.policysync.connector.6.Group.role.prefix=priv_group_ ranger.policysync.connector.6.Role.role.prefix=priv_role_ # Set below property to true to enable column level access control ranger.policysync.connector.6.enable.column.level.access.control=false ##Database and schema to store masking policies, Accepts : single name ranger.policysync.connector.6.masking.policy.db.name=privacera_db ranger.policysync.connector.6.masking.policy.schema.name=privacera_db.public # For Masking ##Set true to enable masking, Default value : false ranger.policysync.connector.6.enable.masking=false # Masked Value for Column Access Control #ranger.policysync.connector.6.access.control.text.value='{{REDACTED}}'Run the following command.
cd ~/privacera/privacera-manager/ ./privacera-manager.sh update
Redshift
Create
rangersync-custom-v2.propertiesfile and add the base properties.vi ~/privacera/privacera-manager/config/custom-properties/rangersync-custom-v2.properties
Example to add another Redshift connection with connector ID 3. For information about each property, click here.
ranger.policysync.connector.3=Redshift ranger.policysync.connector.3.enabled=true ranger.policysync.connector.3.servicetype=redshift-db ranger.policysync.connector.3.jdbc.url=jdbc:postgresql://c8nwggihrpkl.us-east-1.redshift.amazonaws.com:5439 ranger.policysync.connector.3.jdbc.db=customer ranger.policysync.connector.3.jdbc.username=xxyyzz ranger.policysync.connector.3.jdbc.password=xxxxxxxx ranger.policysync.connector.3.master.database=customer ranger.policysync.connector.3.manage.database.list=customer ranger.policysync.connector.3.manage.schema.list= ranger.policysync.connector.3.manage.table.list= ranger.policysync.connector.3.manage.view.list= # Ignore Resource Lists ranger.policysync.connector.3.new.user.password=xxxxxxxxx ranger.policysync.connector.3.switch.ownership.role= ranger.policysync.connector.3.manage.service.user=true ranger.policysync.connector.3.manage.service.group=true ranger.policysync.connector.3.manage.service.role=true ranger.policysync.connector.3.perform.grant.updates=true ranger.policysync.connector.3.User.role.prefix=priv_user_ ranger.policysync.connector.3.Group.role.prefix=priv_group_ ranger.policysync.connector.3.Role.role.prefix=priv_role_ # Masked Value for Masking ranger.policysync.connector.3.masked.number.value=0 ranger.policysync.connector.3.masked.double.value=0 ranger.policysync.connector.3.masked.text.value='<MASKED>' ranger.policysync.connector.3.masked.varchar.value='<MASKED>' ranger.policysync.connector.3.manage.user.list= ranger.policysync.connector.3.manage.group.list= ranger.policysync.connector.3.manage.role.list= # Filter User/Group ranger.policysync.connector.3.manage.user.filterby.group=false ranger.policysync.connector.3.manage.user.filterby.role=false ranger.policysync.connector.3.user.name.replace.from.regex=[~`$&+:;=?@#|'<>.^*()_%\\[\\]!\\-\\/\\\\{}] ranger.policysync.connector.3.user.name.replace.to.string=_ ranger.policysync.connector.3.group.name.replace.from.regex=[~`$&+:;=?@#|'<>.^*()_%\\[\\]!\\-\\/\\\\{}] ranger.policysync.connector.3.group.name.replace.to.string=_ ranger.policysync.connector.3.role.name.replace.from.regex=[~`$&+:;=?@#|'<>.^*()_%\\[\\]!\\-\\/\\\\{}] ranger.policysync.connector.3.role.name.replace.to.string=_ # Ignore User/Group/Role Lists # View Based Masking and Row Filter ranger.policysync.connector.3.enable.view.based.row.filter=true ranger.policysync.connector.3.enable.view.based.masking=true ranger.policysync.connector.3.secure.view.schema.name= ranger.policysync.connector.3.secure.view.schema.name.prefix= ranger.policysync.connector.3.secure.view.schema.name.postfix= ranger.policysync.connector.3.secure.view.name.prefix= ranger.policysync.connector.3.secure.view.name.postfix=_secure ranger.policysync.connector.3.secure.view.schema.name.remove.suffix.list= ranger.policysync.connector.3.secure.view.name.remove.suffix.list= ranger.policysync.connector.3.secure.view.create.for.all=false ranger.policysync.connector.3.secure.view.access.by.table.policy=false # Audit Properties # Make this property true for audits ranger.policysync.connector.3.enable.audit=falseRun the following command.
cd ~/privacera/privacera-manager/ ./privacera-manager.sh update
Configuring multiple connectors for a single PolicySync repository
A single PolicySync repository can be configured to serve more than one datasource. Add a section in rangersync-custom-v2.properties for each connector. Be sure to assign each connector its own unique integer connector ID.
For example:
# First, a PostgreSQL source with connector ID 5 named Postgres-dev ranger.policysync.connector.5=Postgres-dev ranger.policysync.connector.5.enabled=true ranger.policysync.connector.5.servicetype=postgres # additional properties for connector 5 as needed... # Next, an MSSQL source with connector ID 7 named MSSql-Dev ranger.policysync.connector.7=MSSql-Dev # Enable below property to enable the mssql connector ranger.policysync.connector.7.enabled=false ranger.policysync.connector.7.servicetype=mssql # additional properties for connector 7 as needed...
Configuring multiple connectors for multiple PolicySync repositories
By default, when you configure multiple connectors (datasources), they connect to the default PolicySync repository in Privacera Portal. All the policies defined in the default PolicySync repository get applied on the connectors.
However, it is recommended to configure a different PolicySync repository for each connector. Add the following two connectors properties and enter the name of the PolicySync repository. Where <CONNECTOR_ID> is the unique number assigned to the connector and <POLICYSYNC_INSTANCE> is the PolicySync repository name you have configured in Privacera Portal.
ranger.policysync.connector.<CONNECTOR_ID>.ranger.service.name=<POLICYSYNC_INSTANCE> ranger.policysync.connector.<CONNECTOR_ID>.ranger.service.appid=<POLICYSYNC_INSTANCE>
Example 1: The following configuration shows two Microsoft SQL Server connectors connected to the default PolicySync repository named privacera_mssql in Privacera Portal.
# MSSQL with connector ID 5 connected to default PolicySync ranger.policysync.connector.5=mssql-dev ranger.policysync.connector.5.enabled=true ranger.policysync.connector.5.servicetype=mssql # MSSQL with connector ID 7 connected to default PolicySync ranger.policysync.connector.7=mssql-prod ranger.policysync.connector.7.enabled=true ranger.policysync.connector.7.servicetype=mssql
Example 2: The following configuration shows one Microsoft SQL Server connector with ID 5 is connected to the default PolicySync repository named privacera_mssql in Privacera Portal, and the second connector with ID 7 is connected to the PolicySync repository named privacera_mssqltwo. Where privacera_mssqltwo is the newly created PolicySync repository in Privacera Portal.
# MSSQL with connector ID 5 connected to default PolicySync privacera_mssql ranger.policysync.connector.5=mssql-dev ranger.policysync.connector.5.enabled=true ranger.policysync.connector.5.servicetype=mssql # MSSQL with connector ID 7 connected to PolicySync privacera_mssqltwo ranger.policysync.connector.7=mssql-prod ranger.policysync.connector.7.enabled=true ranger.policysync.connector.7.servicetype=mssql ranger.policysync.connector.7.ranger.service.name=privacera_mssqltwo ranger.policysync.connector.7.ranger.service.appid=privacera_mssqltwo
Configure a PolicySync connector to run in a dedicated Kubernetes pod
If your Privacera installation is deployed to a Kubernetes cluster, you can configure each PolicySync connector to run in a dedicated Kubernetes pod. A dedicated pod runs an instance of PolicySync for a connector that you specify.
You might want to use a dedicated pod to optimize resource allocation in your cluster by scheduling the pod in a particular region or on a specific node type.
Privacera supports the following scenarios:
Deploying dedicated pods for different connector types
Deploying dedicated pods for multiple instances of the same connector type
If you enable this feature, you must configure a dedicated pod for every PolicySync connector in your current configuration.