- Platform Release 6.5
- Privacera Platform Release 6.5
- Enhancements and updates in Privacera Access Management 6.5 release
- Enhancements and updates in Privacera Discovery 6.5 release
- Enhancements and updates in Privacera Encryption 6.5 release
- Deprecation of older version of PolicySync
- Upgrade Prerequisites
- Supported versions of third-party systems
- Documentation changelog
- Known Issues 6.5
- Platform - Supported Versions of Third-Party Systems
- Platform Support Policy and End-of-Support Dates
- Privacera Platform Release 6.5
- Privacera Platform Installation
- About Privacera Manager (PM)
- Install overview
- Prerequisites
- Installation
- Default services configuration
- Component services configurations
- Access Management
- Data Server
- UserSync
- Privacera Plugin
- Databricks
- Spark standalone
- Spark on EKS
- Portal SSO with PingFederate
- Trino Open Source
- Dremio
- AWS EMR
- AWS EMR with Native Apache Ranger
- GCP Dataproc
- Starburst Enterprise
- Privacera services (Data Assets)
- Audit Fluentd
- Grafana
- Ranger Tagsync
- Discovery
- Encryption & Masking
- Privacera Encryption Gateway (PEG) and Cryptography with Ranger KMS
- AWS S3 bucket encryption
- Ranger KMS
- AuthZ / AuthN
- Security
- Access Management
- Reference - Custom Properties
- Validation
- Additional Privacera Manager configurations
- Upgrade Privacera Manager
- Troubleshooting
- How to validate installation
- Possible Errors and Solutions in Privacera Manager
- Unable to Connect to Docker
- Terminate Installation
- 6.5 Platform Installation fails with invalid apiVersion
- Ansible Kubernetes Module does not load
- Unable to connect to Kubernetes Cluster
- Common Errors/Warnings in YAML Config Files
- Delete old unused Privacera Docker images
- Unable to debug error for an Ansible task
- Unable to upgrade from 4.x to 5.x or 6.x due to Zookeeper snapshot issue
- Storage issue in Privacera UserSync & PolicySync
- Permission Denied Errors in PM Docker Installation
- Unable to initialize the Discovery Kubernetes pod
- Portal service
- Grafana service
- Audit server
- Audit Fluentd
- Privacera Plugin
- How-to
- Appendix
- AWS topics
- AWS CLI
- AWS IAM
- Configure S3 for real-time scanning
- Install Docker and Docker compose (AWS-Linux-RHEL)
- AWS S3 MinIO quick setup
- Cross account IAM role for Databricks
- Integrate Privacera services in separate VPC
- Securely access S3 buckets ssing IAM roles
- Multiple AWS account support in Dataserver using Databricks
- Multiple AWS S3 IAM role support in Dataserver
- Azure topics
- GCP topics
- Kubernetes
- Microsoft SQL topics
- Snowflake configuration for PolicySync
- Create Azure resources
- Databricks
- Spark Plug-in
- Azure key vault
- Add custom properties
- Migrate Ranger KMS master key
- IAM policy for AWS controller
- Customize topic and table names
- Configure SSL for Privacera
- Configure Real-time scan across projects in GCP
- Upload custom SSL certificates
- Deployment size
- Service-level system properties
- PrestoSQL standalone installation
- AWS topics
- Privacera Platform User Guide
- Introduction to Privacera Platform
- Settings
- Data inventory
- Token generator
- System configuration
- Diagnostics
- Notifications
- How-to
- Privacera Discovery User Guide
- What is Discovery?
- Discovery Dashboard
- Scan Techniques
- Processing order of scan techniques
- Add and scan resources in a data source
- Start or cancel a scan
- Tags
- Dictionaries
- Patterns
- Scan status
- Data zone movement
- Models
- Disallowed Tags policy
- Rules
- Types of rules
- Example rules and classifications
- Create a structured rule
- Create an unstructured rule
- Create a rule mapping
- Export rules and mappings
- Import rules and mappings
- Post-processing in real-time and offline scans
- Enable post-processing
- Example of post-processing rules on tags
- List of structured rules
- Supported scan file formats
- Data Source Scanning
- Data Inventory
- TagSync using Apache Ranger
- Compliance Workflow
- Data zones and workflow policies
- Workflow Policies
- Alerts Dashboard
- Data Zone Dashboard
- Data zone movement
- Workflow policy use case example
- Discovery Health Check
- Reports
- How-to
- Privacera Encryption Guide
- Overview of Privacera Encryption
- Install Privacera Encryption
- Encryption Key Management
- Schemes
- Encryption with PEG REST API
- Privacera Encryption REST API
- PEG API endpoint
- PEG REST API encryption endpoints
- PEG REST API authentication methods on Privacera Platform
- Common PEG REST API fields
- Construct the datalist for the /protect endpoint
- Deconstruct the response from the /unprotect endpoint
- Example data transformation with the /unprotect endpoint and presentation scheme
- Example PEG API endpoints
- /authenticate
- /protect with encryption scheme
- /protect with masking scheme
- /protect with both encryption and masking schemes
- /unprotect without presentation scheme
- /unprotect with presentation scheme
- /unprotect with masking scheme
- REST API response partial success on bulk operations
- Audit details for PEG REST API accesses
- Make encryption API calls on behalf of another user
- Troubleshoot REST API Issues on Privacera Platform
- Privacera Encryption REST API
- Encryption with Databricks, Hive, Streamsets, Trino
- Databricks UDFs for encryption and masking on PrivaceraPlatform
- Hive UDFs for encryption on Privacera Platform
- StreamSets Data Collector (SDC) and Privacera Encryption on Privacera Platform
- Trino UDFs for encryption and masking on Privacera Platform
- Privacera Access Management User Guide
- Privacera Access Management
- How Polices are evaluated
- Resource policies
- Policies overview
- Creating Resource Based Policies
- Configure Policy with Attribute-Based Access Control
- Configuring Policy with Conditional Masking
- Tag Policies
- Entitlement
- Service Explorer
- Users, groups, and roles
- Permissions
- Reports
- Audit
- Security Zone
- Access Control using APIs
- AWS User Guide
- Overview of Privacera on AWS
- Configure policies for AWS services
- Using Athena with data access server
- Using DynamoDB with data access server
- Databricks access manager policy
- Accessing Kinesis with data access server
- Accessing Firehose with Data Access Server
- EMR user guide
- AWS S3 bucket encryption
- Getting started with Minio
- Plugins
- How to Get Support
- Coordinated Vulnerability Disclosure (CVD) Program of Privacera
- Shared Security Model
- Privacera Platform documentation changelog
Ranger TagSync
Ranger Tagsync
The following table contains the list of custom properties that can be configured for Ranger Tagsync. To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:
vars.ranger.tagsync.yml
Property | Description | Values | Default Value |
|---|---|---|---|
RANGER_TAGSYNC_INSTALL | To enable Tagsync, set this property to true. | false | |
RANGER_TAGSYNC_IMAGE_NAME | Privacera Tagsync image name | {{privacera_hub_url}}/ranger-tagsync | |
RANGER_TAGSYNC_IMAGE_TAG | Privacera Tagsync image tag name | PRIVACERA_IMAGE_TAG | |
TAGSYNC_RANGER_URL | Ranger URL for the Tagsync to sync the tags. | http://ranger:6080 | |
TAGSYNC_TAG_SOURCE_ATLASREST_ENDPOINT | Required only when you set the SOURCE as REST. | ${ATLAS_HOST}:21000 | |
TAGSYNC_RANGERTAGSYNC_PASSWORD | Password for Tagsync user to use an API to Ranger. | welcome1 | |
TAGSYNC_TAG_DEST_RANGER_ENDPOINT | Ranger URL for the Tagsync to sync the tags. | http://ranger:6080 | |
TAGSYNC_TAG_DEST_RANGER_SSL_CONFIG_FILENAME | SSL config file name is used by Tagsync to push tags to SSL-enabled Ranger and PolicyMgr files. It is required to be modified only when custom changes are made to the file. | /opt/ranger/ranger-tagsync/conf.dist/ranger-policymgr-ssl.xml | |
TAGSYNC_TAG_SOURCE_ATLAS_ENABLED | Enable Kafka as a SOURCE for Tagsync. | true | |
TAGSYNC_TAG_SOURCE_ATLAS_KAFKA_SERVICE_NAME | Service Name to be used while communicating with Kafka. | kafka | |
TAGSYNC_TAG_SOURCE_ATLAS_KAFKA_SECURITY_PROTOCOL | Protocol to be used to communicate to Kafka. | PLAINTEXTSASL | |
TAGSYNC_TAG_SOURCE_ATLAS_KERBEROS_PRINCIPAL | If Kafka is kerberos-enabled, then set the value to the principal name used by Tagsync to sync the tags. | ||
TAGSYNC_TAG_SOURCE_ATLAS_KERBEROS_KEYTAB | If Kafka is kerberos-enabled, then set the value to the keytab location used by Tagsync to sync the tags. | ||
TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED | Enable REST-based Tagsync to Ranger. This is not recommended as REST has limitation for number of tags it can push to Ranger. | false | |
TAGSYNC_TAG_SOURCE_ATLASREST_DOWNLOAD_INTERVAL_IN_MILLIS | Tagsync interval required only when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true. | 900000 | |
TAGSYNC_TAG_SOURCE_ATLASREST_USERNAME | Atlas user name required only when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true. | ||
TAGSYNC_TAG_SOURCE_ATLASREST_PASSWORD | Atlas password required only when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true. | ||
TAGSYNC_TAG_SOURCE_FILE_ENABLED | To enable file-based TagSync. | false | |
TAGSYNC_TAG_SOURCE_FILE_FILENAME | Location of the file required only when TAGSYNC_TAG_SOURCE_FILE_ENABLED is set to true. | /etc/ranger/data/tags.json | |
TAGSYNC_TAG_SOURCE_FILE_CHECK_INTERVAL_IN_MILLIS | Tagsync interval, required only when TAGSYNC_TAG_SOURCE_FILE_ENABLED is set to true. | 60000 | |
TAGSYNC_TAGSYNC_ATLAS_CUSTOM_RESOURCE_MAPPERS | Any custom mappers to be configured in Tagsync for mapping Atlas entities to Ranger type definitions. | org.apache.ranger.tagsync.source.atlas.AtlasS3ResourceMapper | |
TAGSYNC_TAGSYNC_KEYSTORE_FILENAME | File will be generated to store the credentials for Ranger password for rangerTagsync user. | /etc/ranger/tagsync/conf/rangertagsync.jceks | |
TAGSYNC_TAG_SOURCE_ATLASREST_KEYSTORE_FILENAME | File will be generated to store the password for Atlas when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true. | /etc/ranger/tagsync/conf/atlasuser.jceks | |
TAGSYNC_TAG_SOURCE_ATLASREST_SSL_CONFIG_FILENAME | SSL config file name to communicate to Atlas required when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true. | ||
TAGSYNC_UNIX_USER | User to run the process. | ranger | |
TAGSYNC_UNIX_GROUP | File permission group. | ranger | |
TAGSYNC_LOGDIR | Log location for Tagsync application. | log | |
TAGSYNC_PID_DIR_PATH | Location to store the PID file for the Java process. | /var/run/ranger | |
TAGSYNC_IS_SECURE | Property to check whether Tagsync Is secure (kerberos-enabled). | false | |
TAGSYNC_PRINCIPAL | Tagsync principal required only when the TAGSYNC_IS_SECURE is set to true. | ||
TAGSYNC_KEYTAB | Tagsync keytab location required only when the TAGSYNC_IS_SECURE is set to true. | ||
TAGSYNC_HADOOP_CONF | Hadoop Conf location. | /etc/hadoop/conf | |
TAGSYNC_FILE_PERMISSION | File permission on the PM host for the templates generated by PM. For example, file permissions on the file, install.properties. | 700 | |
TAGSYNC_K8S_SERVICE_ACCOUNT | Service Account Name to be used during installation in a Kubernetes environment. | privacera-sa | |
TAGSYNC_ROOT_LOG_LEVEL | Log-level for the root. | info | |
TAGSYNC_RANGER_LOG_LEVEL | Log-level for the org.apache.ranger.tagsync package. | info | |
Memory Variables | |||
TAGSYNC_SMALL_MEMORY_MB | TAGSYNC MEMORY in MB for Java process if deployment size is set to SMALL. | 1024 | |
TAGSYNC_MEDIUM_MEMORY_MB | TAGSYNC MEMORY in MB for Java process if deployment size is set to MEDIUM. | 4096 | |
TAGSYNC_LARGE_MEMORY_MB | TAGSYNC MEMORY in MB for Java process if deployment size is set to LARGE. | 8192 | |
TAGSYNC_HEAP_MIN_MEMORY_MB | Depending upon the DEPLOYMENT SIZE the value will be calculated above properties. | 1024 | |
TAGSYNC_HEAP_MIN_MEMORY | Minimum Java Heap memory used by Ranger Tagsync. Setting this value will override TAGSYNC_HEAP_MIN_MEMORY_MB. For example, TAGSYNC_HEAP_MIN_MEMORY: "1g" | 1024M | |
TAGSYNC_HEAP_MAX_MEMORY_MB | Maximum Java Heap memory in MB used by Ranger Tagsync. For example, TAGSYNC_HEAP_MAX_MEMORY_MB: "1024" | 1024 | |
TAGSYNC_HEAP_MAX_MEMORY | Maximum Java Heap memory used by Ranger Tagsync. Setting this value will override TAGSYNC_HEAP_MAX_MEMORY_MB. For example, TAGSYNC_HEAP_MAX_MEMORY: "1g" | 1024M | |
TAGSYNC_K8S_MEM_REQUESTS_MB | Minimum amount of Kubernetes memory in MB to be requested by Ranger Tagsync. For example, TAGSYNC_K8S_MEM_REQUESTS_MB: "1024" | 1024 | |
TAGSYNC_K8S_MEM_REQUESTS | Minimum amount of Kubernetes memory to be used by Ranger Tagsync. Setting this value will override TAGSYNC_K8S_MEM_REQUESTS_MB. For example, TAGSYNC_K8S_MEM_REQUESTS: "1G" | 1024M | |
TAGSYNC_K8S_MEM_LIMITS_MB | Maximum amount of Kubernetes memory in MB to be requested by Ranger Tagsync. For example, TAGSYNC_K8S_MEM_LIMITS_MB: "1024" | 1024 | |
TAGSYNC_K8S_MEM_LIMITS | Maximum amount of Kubernetes memory to be used by Ranger Tagsync. Setting this value will override TAGSYNC_K8S_MEM_LIMITS_MB. For example, TAGSYNC_K8S_MEM_LIMITS: "1G" | 1024M | |
TAGSYNC_CPU_MIN | Minimum amount of Kubernetes CPU to be requested by Ranger Tagsync. For example, TAGSYNC_CPU_MIN: "0.5" | 0.5 | |
TAGSYNC_CPU_MAX | Maximum amount of Kubernetes CPU to be used by Ranger Tagsync. For example, TAGSYNC_CPU_MAX: "0.5" | 0.5 | |
TAGSYNC_K8S_CPU_REQUESTS | Minimum amount of Kubernetes CPU to be requested by Ranger Tagsync. For example, TAGSYNC_CPU_MIN: "0.5" | 0.5 | |
TAGSYNC_K8S_CPU_LIMITS | Maximum amount of Kubernetes CPU to be used by Ranger Tagsync. For example, TAGSYNC_CPU_MAX: "0.5" | 0.5 | |
TAGSYNC_HELM_CHART_VERSION | Tagsync Helm Chart Version | 4.3.0 | |