Release 9.0.17.1¶

Added a set of instructions to verify the pod status after successfully running an install or upgrade.

Otel Receiver¶

• The default Ingress URL for the Otel receiver has been updated from otel-collector.<MONITOIRNG_NAMESPACE>.<DNS> to otel-receiver.<MONITOIRNG_NAMESPACE>.<DNS>

Grafana Alerts and Contact Points¶

• Privacera now provides a default set of alerts pre-configured in Grafana. For more details on these alerts and steps to configure custom alerts, refer Alerting.
• You can now create custom contact points for Privacera-provisioned alerts in Grafana. To learn how to configure custom contact points, refer to the Configuring Custom Alert Contact Points.

Streamlined Prometheus Metrics Scraping for Ranger Pods¶

Privacera has introduced an automated Kubernetes cron job that runs every 15 minutes. This cron job annotates a single Ranger pod (from multiple replicas) to enable Prometheus to scrape Ranger DB-related metrics. This enhancement ensures reliable and precise monitoring by preventing manual effort and eliminating the risk of duplicated metrics.

Automated Azure Resource Creation for Discovery¶

Privacera Manager now simplifies the setup process for Discovery by automatically creating required Azure resources, such as CosmosDB and Storage Accounts. This eliminates the need for users to configure these resources manually.

Support for Masking Options in Tag-Based Masking for BigQuery Connector¶

Privacera's BigQuery connector now includes support for a defined set of native masking options, along with enhanced security controls. The following masking options are now available for column-level security:

• Custom UDF (User-Defined Function)
• EMAIL Mask
• Date-Year Mask
• Default Masking

Support for Service Account and Google Workspace Domain Service Principals in BigQuery Connector¶

This release introduces support for Service Account and Google Workspace Domain service principals in the BigQuery connector.

• Service Account: Supports resource-based access control, as well as native tag-based access control and masking.
• Google Workspace Domain: Supports native tag-based access control and masking.

These enhancements offer increased flexibility in managing access and enforcing masking policies within BigQuery.

Enhanced Exception Logging in ResourceLoader, AuditLoader, and PermissionLoader Components¶

This release enhances exception logging in the ResourceLoader, AuditLoader, and PermissionLoader components of the Unity Catalog and DBX SQL connector. These improvements facilitate more effective error tracking and debugging.

Enhanced Functionality for Google BigQuery Connector¶

The Google BigQuery connector now supports dynamic onboarding of resources such as projects, datasets, and tables. Previously, updating managed resources required manual modifications in the Privacera Manager (PM) environment, a process that was both tedious and time-consuming.

With this update, users can now update the connector configuration directly through the Privacera Portal UI, enabling the connector to automatically detect and onboard resources. This enhancement streamlines the process and significantly reduces manual effort.

Improved On-Demand Task Processing Time for Databricks SQL Connector¶

This update enhances the Databricks SQL connector, significantly improving the processing speed of on-demand tasks. The connector now executes these tasks more efficiently, resulting in reduced overall processing time.

Optimized PolicySync Permission Loader for Non-Existent Resources¶

The PolicySync Permission Loader has been optimized by minimizing unnecessary processing cycles, ensuring more efficient operation when handling non-existent resources.

Fixed ops-server.out Log File Growth and Redundant Log Entry¶

This release addresses an issue where the ops-server.out log file was growing excessively due to redundant log entries.

• Improved log clarity and reduced unnecessary log growth.

Fixed Ops Server JWT Token Population Issue in policysync.properties¶

This release resolves an issue where the Ops Server JWT token was not populated in policysync.properties after running post-install. The fix ensures seamless authentication for on-demand task synchronization in PolicySync connector, enhancing both reliability and security for customers.

Fixed Ops Connector Issue Due to Recent Changes in the Release Process¶

This release addresses an issue in the Ops connector caused by recent changes in the release process. The fix ensures that the connector functions as expected and operates smoothly.

Fix for Privacera Diagnostics Error Log Filtering¶

A fix has been implemented to enable filtering of pod-level error logs based on error levels such as Critical and Warning.

Support for EMR & EMR-SERVERLESS Versions 7.6.0 and 7.7.0¶

This release introduces support for EMR and EMR-Serverless with versions 7.6.0 and 7.7.0.

Default Access Check for External Locations in EMR OLAC with EHM¶

Access checks are now enabled by default in EMR OLAC with EHM for CREATE TABLE, CREATE DATABASE, and ALTER TABLE operations involving an external location.

Fixed EMR OLAC Issue - Query Failures Due to 'AssumeRole' sessionName Limit¶

This release resolves an issue in EMR OLAC where queries failed due to the AssumeRole session name exceeding AWS’s 64-character limit. With this fix, queries involving long bucket names can now execute successfully.

Fixed EMR OLAC Issue - Query Failure Due to 'AssumeRole' Exception in CTAS Operations¶

This release resolves an issue in EMR OLAC where queries failed due to an AssumeRole exception in spark-submit. Previously, when both INSERT and CTAS operations were performed in the same session, the STS token generated for the INSERT operation’s PUT requests was reused. Since CTAS requires a different request type, this caused an exception. The fix ensures that CTAS PUT requests are mapped to WRITE_COPY operations, triggering the generation of a new STS token.