Release 9.0.2.1¶

Lake Formation to Unity Catalog Policy Transformation¶

This release introduces a significant enhancement that simplifies the integration of AWS Lake Formation (LF) permissions into Databricks Unity Catalog (UC). Many customers have tables registered in AWS Glue and use AWS Lake Formation to manage permissions. However, when these customers want to access the same tables using Databricks Unity Catalog, they face challenges because AWS Lake Formation permissions are not natively supported in Unity Catalog.

Privacera's Lake Formation connector addresses this gap by reading the existing Lake Formation permissions and transforming them into native Unity Catalog permissions. This enables seamless access to the underlying tables, whether accessed through AWS tools like Athena or Redshift Spectrum, or through Databricks Unity Catalog. With this solution, permissions remain consistent across all access methods, enhancing data governance and simplifying policy management.

Support for multiple policies with the same resource¶

In previous versions of Privacera, Ranger Admin did not allow multiple policies with the same resource. With this feature, you can enable creating multiple policies for same resource in Ranger. This is not a common scenario. For more information, see Allow Duplicate Policies For Resources.

Improved Tag Management: Filtering Parent Resource Tags¶

We’ve introduced a new feature that optimizes tag management by filtering out parent resource tags before they are pushed to Apache Ranger for child resources. Because Ranger inherently recognizes parent tags, there is no need set the same tag explicitly for each child resource. By enabling this feature, users can reduce data volume, lowers processing workload, and enhances overall system performance.

Batch Tag Resource Mapping for Faster Processing¶

This release introduces batch tag resource mapping to greatly enhance processing efficiency. By mapping resources in bulk, the system can handle multiple resources simultaneously, resulting in improved processing time and overall performance. Users can configure this feature by specifying a batch size, enabling faster and more efficient workflows.

Configurable Inline Transaction Commit for Tag Import¶

We have introduced a new property, ranger.admin.server.version.commit.inline, to manage inline transaction commits during the tag import process. By default, this property is set to true, enabling inline commits. For improved API performance when handling large transactions, you can set this property to false.

Boost Tag Download API Performance with V2 DBTagRetriever¶

The V2 DBTagRetriever has been introduced to enhance the performance of the tag download API. By default, the ranger.admin.tag.db.retriever.version property is set to v1 to ensure compatibility with existing systems. For better garbage collection (GC) efficiency, it is recommended to switch to v2. Additionally, the ranger.admin.dao.list.select.batch.size property defaults to 100000 but can be adjusted based on customer load. Keep in mind that smaller batch sizes may increase processing time.