Release 9.0.6.1¶
These are the rolling release notes for Release 9.0.6.1. These notes apply specifically to Privacera's Self-Managed version.
Breaking Changes¶
Breaking Changes Introduced in dynamic Onboarding of Resources in Google BigQuery
Breaking Changes Introduced in dynamic Onboarding of Resources in Google BigQuery¶
You can ignore this warning if you're not using BigQuery connectors and don’t intend to use this feature.
With the introduction of support for
1. Changes in Dynamic Onboarding of Resources in Google BigQuery¶
-
While the dynamic onboarding feature simplifies resource management, additional manual steps are required for:
- Follow migration steps if you have running bigquery connectors.
-
Action Required: Follow the updated procedures in the documentation for managing these cases.
PolicySync Connector Updates¶
Introducing Support for BigQuery Column-Level Security with Native Column Masking Options
Introducing Support for BigQuery Column-Level Security with Native Column Masking Options¶
- Update: BigQuery Native Masking Options and Configuration Updates
- Details: With this release, the BigQuery connector supports a defined set of native masking options, as well as some behavior changes compared to other connectors. The following masking options are now available for column-level security:
- Custom UDF
- EMAIL Mask
- Dat-Year Mask
- Default Masking
- Additionally, the end-user access behavior has been updated. Users needing access to columns with tag-based masking policies in BigQuery must either be included in the tag-based masking policy or have permission through a tag-based access policy. This change ensures stricter security controls for sensitive data. For more information on how column-level security is managed in BigQuery, please refer to the official documentation here.
- Benefits:
- Improved Data Security: The new native masking options provide more flexibility in how sensitive data is exposed while maintaining strict security policies.
- Stronger Access Controls: The behavior change requiring users to be part of tag-based masking or access policies ensures that only authorized users can view or manipulate sensitive columns.
- Customizable Taxonomies: By supporting manual taxonomy creation, users have more control over how their data is categorized and secured.
- Limitations:
- Limited Multi-Location Support: Currently, the connector only manages resources in a US location, which may require additional planning for users managing resources across multiple locations.
- Limited Multi-Project Support: Currently, the connector only manages resources in a single project, which may require additional planning for users managing resources across multiple projects.
- Wildcards are not supported in resource names: When creating a tag-resource mapping in the Privacera portal, ensure that the resource name does not contain any wildcards.
- Example:
- Valid: Table name:
customer_data - Invalid: Table name:
customer_*
- Valid: Table name:
- Example:
- Tag with the same name in multiple taxonomies is not supported: When creating tags in the Privacera portal, make sure that a tag is not duplicated across different taxonomies.
- BigQuery’s limitation: A single column cannot have multiple tags assigned to it: When creating a tag-resource mapping in the Privacera portal, ensure that each column is associated with only one tag.
For further information on managing resources and taxonomies, please visit the BigQuery column-level security documentation.
Dynamic Onboarding of Resources in Google BigQuery
Dynamic Onboarding of Resources in Google BigQuery¶
- Update: Dynamic onboarding of resources
-
Details: This release introduces enhanced functionality for the Google BigQuery connector, enabling dynamic onboarding of resources such as projects, datasets, and tables. Previously, updating managed resources required manual modifications in the Privacera Manager (PM) environment, which was both tedious and time-consuming. With this update, the Privacera portal UI allows us to update the connector configuration, enabling the connector to automatically detect and onboard resources. This streamlines the process and significantly reduces manual effort.
-
Benefits:
- Time-saving: Eliminates the need for manual configuration, accelerating the onboarding process.
- Simplified management: Resources are automatically onboarded, eliminating the need for any manual intervention.
- Seamless scalability: Effortlessly supports the addition, updating, and deletion of projects, datasets, and tables directly through the intuitive portal UI.
- Limitations:
- Manual updates for non-managed properties: This onboarding feature is only supported for managed resources properties (e.g., manage.project, manage.dataset). For other properties, users must first update them in the portal, then download and copy the updated zip to the PM environment, and finally run PM setup followed by a Helm upgrade.
- Connector deletion process: Deleting a connector through the portal only removes it from the ops-server. To ensure a complete cleanup, you must also manually delete the connector from the Privacera Manager environment.
- Resource removal limitation: If the tag-resource mapping is not cleared from the portal before removing a resource from the managed list, the mapping will continue to persist in BigQuery.
Scheme Server Support for RDS IAM Authentication
Scheme Server Support for RDS IAM Authentication¶
This release introduces support for AWS RDS IAM Authentication. This enables secure, password-less database access using IAM roles. The update includes steps to configure IAM authentication, create the necessary roles and policies, and integrate Privacera services with external RDS databases for enhanced security and simplified credential management.
For detailed instructions on setting up this module, refer IAM Authentication for AWS RDS
- Prev topic: Releases