- Platform Release 6.5
- Privacera Platform Release 6.5
- Enhancements and updates in Privacera Access Management 6.5 release
- Enhancements and updates in Privacera Discovery 6.5 release
- Enhancements and updates in Privacera Encryption 6.5 release
- Deprecation of older version of PolicySync
- Upgrade Prerequisites
- Supported versions of third-party systems
- Documentation changelog
- Known Issues 6.5
- Platform - Supported Versions of Third-Party Systems
- Platform Support Policy and End-of-Support Dates
- Privacera Platform Release 6.5
- Privacera Platform Installation
- About Privacera Manager (PM)
- Install overview
- Prerequisites
- Installation
- Default services configuration
- Component services configurations
- Access Management
- Data Server
- UserSync
- Privacera Plugin
- Databricks
- Spark standalone
- Spark on EKS
- Portal SSO with PingFederate
- Trino Open Source
- Dremio
- AWS EMR
- AWS EMR with Native Apache Ranger
- GCP Dataproc
- Starburst Enterprise
- Privacera services (Data Assets)
- Audit Fluentd
- Grafana
- Ranger Tagsync
- Discovery
- Encryption & Masking
- Privacera Encryption Gateway (PEG) and Cryptography with Ranger KMS
- AWS S3 bucket encryption
- Ranger KMS
- AuthZ / AuthN
- Security
- Access Management
- Reference - Custom Properties
- Validation
- Additional Privacera Manager configurations
- Upgrade Privacera Manager
- Troubleshooting
- How to validate installation
- Possible Errors and Solutions in Privacera Manager
- Unable to Connect to Docker
- Terminate Installation
- 6.5 Platform Installation fails with invalid apiVersion
- Ansible Kubernetes Module does not load
- Unable to connect to Kubernetes Cluster
- Common Errors/Warnings in YAML Config Files
- Delete old unused Privacera Docker images
- Unable to debug error for an Ansible task
- Unable to upgrade from 4.x to 5.x or 6.x due to Zookeeper snapshot issue
- Storage issue in Privacera UserSync & PolicySync
- Permission Denied Errors in PM Docker Installation
- Unable to initialize the Discovery Kubernetes pod
- Portal service
- Grafana service
- Audit server
- Audit Fluentd
- Privacera Plugin
- How-to
- Appendix
- AWS topics
- AWS CLI
- AWS IAM
- Configure S3 for real-time scanning
- Install Docker and Docker compose (AWS-Linux-RHEL)
- AWS S3 MinIO quick setup
- Cross account IAM role for Databricks
- Integrate Privacera services in separate VPC
- Securely access S3 buckets ssing IAM roles
- Multiple AWS account support in Dataserver using Databricks
- Multiple AWS S3 IAM role support in Dataserver
- Azure topics
- GCP topics
- Kubernetes
- Microsoft SQL topics
- Snowflake configuration for PolicySync
- Create Azure resources
- Databricks
- Spark Plug-in
- Azure key vault
- Add custom properties
- Migrate Ranger KMS master key
- IAM policy for AWS controller
- Customize topic and table names
- Configure SSL for Privacera
- Configure Real-time scan across projects in GCP
- Upload custom SSL certificates
- Deployment size
- Service-level system properties
- PrestoSQL standalone installation
- AWS topics
- Privacera Platform User Guide
- Introduction to Privacera Platform
- Settings
- Data inventory
- Token generator
- System configuration
- Diagnostics
- Notifications
- How-to
- Privacera Discovery User Guide
- What is Discovery?
- Discovery Dashboard
- Scan Techniques
- Processing order of scan techniques
- Add and scan resources in a data source
- Start or cancel a scan
- Tags
- Dictionaries
- Patterns
- Scan status
- Data zone movement
- Models
- Disallowed Tags policy
- Rules
- Types of rules
- Example rules and classifications
- Create a structured rule
- Create an unstructured rule
- Create a rule mapping
- Export rules and mappings
- Import rules and mappings
- Post-processing in real-time and offline scans
- Enable post-processing
- Example of post-processing rules on tags
- List of structured rules
- Supported scan file formats
- Data Source Scanning
- Data Inventory
- TagSync using Apache Ranger
- Compliance Workflow
- Data zones and workflow policies
- Workflow Policies
- Alerts Dashboard
- Data Zone Dashboard
- Data zone movement
- Workflow policy use case example
- Discovery Health Check
- Reports
- How-to
- Privacera Encryption Guide
- Overview of Privacera Encryption
- Install Privacera Encryption
- Encryption Key Management
- Schemes
- Encryption with PEG REST API
- Privacera Encryption REST API
- PEG API endpoint
- PEG REST API encryption endpoints
- PEG REST API authentication methods on Privacera Platform
- Common PEG REST API fields
- Construct the datalist for the /protect endpoint
- Deconstruct the response from the /unprotect endpoint
- Example data transformation with the /unprotect endpoint and presentation scheme
- Example PEG API endpoints
- /authenticate
- /protect with encryption scheme
- /protect with masking scheme
- /protect with both encryption and masking schemes
- /unprotect without presentation scheme
- /unprotect with presentation scheme
- /unprotect with masking scheme
- REST API response partial success on bulk operations
- Audit details for PEG REST API accesses
- Make encryption API calls on behalf of another user
- Troubleshoot REST API Issues on Privacera Platform
- Privacera Encryption REST API
- Encryption with Databricks, Hive, Streamsets, Trino
- Databricks UDFs for encryption and masking on PrivaceraPlatform
- Hive UDFs for encryption on Privacera Platform
- StreamSets Data Collector (SDC) and Privacera Encryption on Privacera Platform
- Trino UDFs for encryption and masking on Privacera Platform
- Privacera Access Management User Guide
- Privacera Access Management
- How Polices are evaluated
- Resource policies
- Policies overview
- Creating Resource Based Policies
- Configure Policy with Attribute-Based Access Control
- Configuring Policy with Conditional Masking
- Tag Policies
- Entitlement
- Service Explorer
- Users, groups, and roles
- Permissions
- Reports
- Audit
- Security Zone
- Access Control using APIs
- AWS User Guide
- Overview of Privacera on AWS
- Configure policies for AWS services
- Using Athena with data access server
- Using DynamoDB with data access server
- Databricks access manager policy
- Accessing Kinesis with data access server
- Accessing Firehose with Data Access Server
- EMR user guide
- AWS S3 bucket encryption
- Getting started with Minio
- Plugins
- How to Get Support
- Coordinated Vulnerability Disclosure (CVD) Program of Privacera
- Shared Security Model
- Privacera Platform documentation changelog
Use Macros with Attribute-Based Access Control
Attribute-based access control (ABAC) supports a number of macros to make it easier to write frequently-used conditions.
The following table lists macros provided by Privacera for ABAC:
Name | Description | Sample Usage |
|---|---|---|
USER | User accessing the resource. |
|
TAG | Current tag - use only in tag-based policy | TAG.piiType == 'email' |
UGNAMES | Name of groups the user belongs to | UGNAMES.indexOf('interns') == -1 |
URNAMES | Name of roles the user belongs to | URNAMES.indexOf('admin') != -1 |
TAGNAMES | Name of tags associated with accessed resource | TAGNAMES.indexOf('PII') != -1 TAGNAMES.indexOf('FINANCE') |
UG_NAMES_Q_CSV | Quoted name of groups the user belong to, separated by comma. For example: 'grp1','grp2' | Row filter:group_name in (${{UG_NAMES_Q_CSV}}) |
UR_NAMES_Q_CSV | Quoted name of roles the user belong to, separated by comma. For example: 'role1','role2' | Row filter:role_name in (${{UR_NAMES_Q_CSV}}) |
GET_UG_ATTR_Q_CSV | Quoted attribute values of groups the user belongs to, separated by comma. For example: 'store1','store2' | Row filter:store_name in (${{GET_UG_ATTR_Q_CSV('managesStore'}}) |
IS_IN_GROUP | User accessing the resource belongs to a specific group | IS_IN_GROUP('sales') |
IS_IN_ROLE | User accessing the resource belongs to a specific role | IS_IN_ROLE('accounts') |
HAS_TAG | Resource being access has a specific tag | (HAS_TAG('PERSON_NAME')) |
HAS_USER_ATTR | User accessing the resource has a specific user attribute | HAS_USER_ATTR('activities') |
HAS_UG_ATTR | User accessing the resource has a specific group attribute | HAS_UG_ATTR('marketing') |
HAS_TAG_ATTR | Resource being access has a specific tag attribute | (HAS_TAG_ATTR('identification')) |
It is sometimes necessary to setup permissions for users who do or don't belong to any group or any role. The following macros will make it easier to create those permissions:
Name | Description | Sample usage |
|---|---|---|
IS_IN_ANY_GROUP | This macro can be used in policy conditions to ALLOW/DENY policy items. If the user who is accessing the resource is a member of any group, it returns true. | IS_IN_ANY_GROUP |
IS_IN_ANY_ROLE | This macro can be used in policy conditions to ALLOW/DENY policy items If the user who is accessing the resource has any role, it returns true. | IS_IN_ANY_ROLE |
IS_NOT_IN_ANY_GROUP | This macro can be used in policy conditions to ALLOW/DENY policy items If the user who is accessing the resource does not belong to any groups, it returns true. | IS_NOT_IN_ANY_GROUP |
IS_NOT_IN_ANY_ROLE | This macro can be used in policy conditions to ALLOW/DENY policy items If the user who is accessing the resource does not have any roles, it returns true. | IS_NOT_IN_ANY_ROLE |
The following macros will make it easier to check if current resource has any tags or not
Name | Description | Sample usage |
|---|---|---|
HAS_ANY_TAG | This macro can be used in policy conditions to ALLOW/DENY policy items If the user who is accessing the resource has any tags, this method returns true. | HAS_ANY_TAG |
HAS_NO_TAG | This macro can be used in policy conditions to ALLOW/DENY policy items If the user who is accessing the resource does not have any tags, it returns true. | HAS_NO_TAG |