Release 9.0.13.1¶

Improved UI For Resource Display in On-Demand Policy Sync¶

• Enhanced the UI to resolve inconsistencies when displaying a large number of resources in the On-Demand Policy Sync page (Access Management → View Policy Sync Status → On-Demand Policy Sync).
• When more than two resources are present, a resource details popup with a search option is now available for better visibility.
• If resource data is in an unstructured format, it will be displayed as raw JSON within the popup.

Enhanced Ops-Server Error Notifications¶

A snackbar notification now appears whenever the connection between the Portal and the Ops server fails, ensuring better visibility of connection issues.

Diagnostic Test Cases for SSL Properties¶

Introduced diagnostic test cases to verify that server SSL properties and Keystore alias details are correctly set in the configuration.

Observability Stack Upgrade¶

Privacera has upgraded its observability stack to improve monitoring, alerting, and performance insights. The updated stack now includes Grafana, Prometheus, and OpenTelemetry, offering comprehensive visibility into system health and performance.

The above services are enabled by default when Privacera is installed in an AWS environment. If you are upgrading from a lower version, re-run the command ./pm_with_helm.sh install-monitoring to access all the latest features. In addition to the above services, we also provide the option to enable Loki, Pyroscope, and Tempo in the stack. These are disabled by default. For more details, check the Privacera Monitoring section.

The FGAC plugin now supports the creation of privacera_hive policies with READ permissions on databases, tables, and columns, aligning its behavior with the Databricks SQL connector. Backward compatibility for read-metadata with SELECT permissions is still supported. To ensure audits reflect the read-metadata permission in the Audits UI, the following property needs to be added to the Databricks clusters' Spark configuration.

1

spark.hadoop.privacera.fgac.sql.metadata.read.denied.audit.enabled true

Support for Open Source Spark (OSS) 3.5.4 has been added.

Support has been added for Kubernetes Spark (k8s_spark) in the AWS SDK v2 implementation, ensuring successful Spark job execution with the Privacera Spark Plugin. This enhancement addresses previous failures caused by the lack of support.

The Spark plugin has been enhanced to provide more detailed and informative error messages, improving the debugging and issue resolution process. The updated error messages now include additional context to help identify the root cause more effectively.

A fix has been implemented to address the issue of REDACT masking failure with the Date datatype in DBR 12.2 LTS and higher versions.

An issue has been fixed that caused CTAS query failures when applying a specific Row Level Filtering (RLF)policy condition with an expression involving a SELECT query on a table. This issue unexpectedly required access to the underlying table on DBR 14.3 LTS, EMR, and OSS.

In EMR Serverless, if a spark-sql job is submitted to perform create-database or create-table use cases, job is failing when the EMR Serverless image is built with externalization of file privacera_spark.properties enabled. This fix ensures that the properties are correctly externalized and the job executes successfully.

In EMR Serverless, attempting to rename a CTAS table would result in a failure with an exception. This fix ensures the operation executes successfully without any exceptions.