Release 9.0.23.1¶

New API Endpoint to Fetch Groups and Roles Using Username as Query Parameter¶

New APIs have been introduced to retrieve groups and roles based on the username provided as a query parameter. These APIs are currently accessible via Python and cURL REST clients.

Fixed an issue in the user lookup API¶

Fixed an issue in the user lookup API where the response did not include the user's associated groups.

OpenTelemetry (OTel) Support Added¶

Privacera Ranger now supports OpenTelemetry tracing, offering enhanced visibility into API response times and database interactions. Traces are exported using the OTLP protocol and can be integrated with observability platforms such as Grafana Tempo for comprehensive, end-to-end trace analysis.

Ranger Plugin Metrics Support Added¶

The Ranger plugin now includes support for client-side metrics to enhance observability and debugging. A key improvement is the ability to inject an external metrics reporter, allowing the plugin or connector to control how metrics are reported without being tied to any specific library. MetricThe Ranger plugin now supports client-side metrics to improve observability and simplify debugging. A major enhancement is the ability to inject an external metrics reporter, enabling the plugin or connector to manage metric reporting independently of any specific library. Metrics are now collected for critical operations, such as API calls related to policy, role, and tag downloads, with timers and counters for successes and failures. Additionally, access evaluation methods like isAllowed and getResourceACLs are instrumented to track execution time, invocation count, and failure rates. These enhancements provide deeper visibility into plugin behavior, making it easier to monitor performance and troubleshoot issues.

Resolved Databricks FGAC Unexpected Access Invocation for Select Query.¶

Previously, when spark.databricks.delta.catalog.update.hiveSchema.enabled was set to true, executing a SELECT query on a Delta table with uppercase or camelcase column names could trigger unnecessary ALTER operations and unexpected READ/MREAD access checks. This fix ensures that such queries now executed correctly with expected SELECT permission checks.

Support for Apache Spark Version 3.5.5¶

This release adds support for Apache Spark Version 3.5.5.

Resolved Databricks FGAC Unexpected Access Check For Non Existing Table¶

Previously, executing a SELECT query on non existing table could trigger an unexpected READ access check on dbfs:/<table_name>. This fix ensures that SELECT query now correctly fail with an appropriate error message, avoiding unintended access checks.

Resolved Unexpected Access Denied Exception Issue for 'SET SESSION'¶

Resolved an issue in Trino Plugin where SET SESSION statements were incorrectly failing with AccessDeniedException, despite appropriate permissions being present in the resource policy. This fix ensures proper execution of session settings across all catalogs.

Fixed Policy Grant Failures When Preceded by Role Creation¶

Fixed an issue where policy enforcement would fail if a policy was created after a role was created in Ranger. This was caused by the system not verifying the existence of the role in the service before enforcing the policy. The fix ensures that the principal exists in the service before policy enforcement proceeds.

Support to disable Prometheus from Monitoring Stack¶

Added the ability to completely disable Prometheus in the Privacera Monitoring Stack. For configuration details, refer to the Customizing Prometheus Configurations section.

Added support for navigating to the previous directory.¶

In the Pod Explorer, users can now navigate to the previous directory using the Back button, and return to the home directory using the Home button. This enhancement improves navigation efficiency and user experience within the diagnostic interface.

Support Added for Downloading Individual Log Files from the Pod Explorer¶

In the Pod Explorer, users can now download individual log files directly using the Download button. This feature simplifies log access and improves troubleshooting efficiency.

Support Added for Downloading Consolidated Logs from Active Pods within the Service¶

A new Download Logs feature has been introduced, allowing users to consolidate logs from all active pods within a service into a single ZIP archive. This streamlines log access and troubleshooting by enabling one-click downloads.

Enhanced SSN Detection Model¶

Advanced validation mechanisms—such as entropy analysis, sequence pattern checks, and variance evaluation—have been implemented to reduce false positives. These enhancements significantly improve the accuracy of valid SSN detection, particularly in ambiguous datasets.

Enhanced Credit Card Detection Model¶

Enhanced validation capabilities by updating BIN ranges and introducing flexible configuration options to include or exclude specific credit card types. These improvements increase the range of valid credit card number detection and make the model more customizable.

Support for Inline Case-Insensitive Flag (?i) in Patterns and Dictionaries¶

Previously, the Portal’s regex checker used a different compiler that rejected certain valid Java regex patterns. This issue has been resolved; expressions are now validated using Java’s native regex compiler, ensuring full support for all valid Java patterns.

Enhanced Data Zone Policy Management with Bulk Actions¶

Support for bulk actions added to streamline Data Zone policy management:

1. Bulk Update: You can now select multiple Data Zones based on policy type and apply updates to tags, status, or alert levels in one action. This feature saves time and ensures consistency across policies.
2. Bulk Delete: Quickly remove multiple policies by selecting Data Zones based on policy type, making large-scale policy cleanup more efficient.

For additional information, see the Overview of Datazone Policy Bulk Updates section.

Improvements to Application Properties Form¶

The Access Management form now correctly displays Application Properties with their most recent active values when re-enabled, resolving a previously encountered display issue.

Resource-Level Tags Now Supported in Formatted View on Classification Resource Detail Page¶

Previously, resource-level tags were only visible in the unformatted view. This has now been resolved, and the tags are displayed in the formatted view for applicable resources. A contextual message will be displayed only when resource-level tags are present, ensuring users are aware of their availability.