Release 9.2.9.1¶

All Privacera 9.2.x versions support Kubernetes versions up to 1.34. For more information, see Compatibility & Versions.

Added Reconciliation Support for Ranger Tag Permission In GBQ Connector¶

Added reconciliation support for Ranger tag permissions in the BigQuery connector, enabling automatic synchronization and consistency of tag-based policies between Ranger and BigQuery.

Added Dedicated Queue Support for On-Demand Changelog Processing¶

• Added support for dedicated changelog queue processing for on-demand tasks in PolicySync connectors. This feature is available for connectors that support on-demand processing. When enabled, on-demand changelogs are processed in a separate queue with a dedicated processor thread, ensuring faster processing and preventing delays from offline synchronization events. This feature improves responsiveness and isolation for time-sensitive on-demand operations.
• Enable by setting CONNECTOR_ON_DEMAND_CHANGELOG_DUAL_QUEUE_ENABLED: "true" in the connector configuration file. For more details, see On-Demand Sync Configuration.

Fixed Issue of Writing in RocksDB¶

Addresses a concurrency issue where multiple threads were writing to the RocksDB.

Databricks Unity Catalog Principal Sync Performance Optimizations¶

• Optimized principal change processing (users, groups, and roles added/updated/deleted) to avoid per-item RocksDB mutations and unnecessary HashSet copies.
• Reduced CPU and GC overhead and improved throughput for large principal syncs while preserving existing behavior.

Databricks Unity Catalog Masking and RLF Permission Loader Fix¶

• Fixed an issue where the Unity Catalog PermissionLoader did not load masking and Row-Level Filter (RLF) permissions from the service when they were not already present in RocksDB.
• Ensures permissions are correctly fetched and applied after connector restart or RocksDB cleanup.

Databricks Unity Catalog Fixed Masking Policy Order Processing¶

• Fixed an issue where masking policies were applied in an incorrect order, causing users to see masked data when unmasked access should have been allowed based on policy precedence.
• This fix ensures masking policies are consistently evaluated in the same order as defined.
• Masking behavior is now deterministic and remains consistent across policy enable/disable operations.

Added Metrics for PolicySync Internal Queues¶

Added metrics to monitor PolicySync internal queues for changelog processing and on-demand resource sync processing, improving visibility into queue performance and processing activity.

Enhanced Connector Common Dashboard with RocksDB Memory and Disk Size Metrics¶

• Enhanced the Connector-Common dashboard with new RocksDB memory and disk size metrics panels for improved monitoring and visibility.
• Added a RocksDB Total Memory Usage alert to monitor total RocksDB memory usage for PolicySync Connectors.

Databricks Unity Catalog Support for Updated Row Level Filter Merging Logic with Omni¶

The updated RLF (Row Level Filter) merging logic follows these rules:

• Same Column → OR: If multiple RLF expressions reference the same column for the same principal, they are merged using the OR operator.
• Different Columns → AND: If RLF expressions reference different columns for the same principal, they are merged using the AND operator.

Metadata Sync Agent: Graceful Handling of 404 Responses from the Omni Metadata Service for Delete Requests¶

• The Metadata Sync Agent now gracefully handles 404 Not Found responses returned by the Omni Metadata Service during delete operations. This change prevents unnecessary retry attempts and provides clearer error reporting when the target metadata resource does not exist.
• Supported connectors:
  • Databricks Unity Catalog
  • Snowflake

Federated Resource Recreation Handling for Lake Formation Connector¶

• Added support for federated resource recreation handling in the Lake Formation connector.
• During on-demand sync events, permissions are reapplied for all federated resources to restore access after federated resources are recreated.
• To know more, check Federated Resource Recreation Handling

Updated PolicySync Dependencies¶

Upgraded PolicySync dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) report.

Updated Connectors:

• Databricks Unity Catalog
• Databricks SQL Analytics
• Snowflake

PolicySync Base Image Upgraded¶

Updated the PolicySync base image to a newer Debian version to address known security vulnerabilities identified in CVE report.

Updated Connectors:

• Databricks Unity Catalog
• Databricks SQL Analytics
• Snowflake
• Vertica
• S3
• Powerbi
• Oracle
• MSSQL

Updated PEG Dependencies¶

Upgraded PEG dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) report.

PEG Base Image Upgraded¶

Updated the PEG base image to a newer Debian version to address known security vulnerabilities identified in CVE report.

Spark Plugin and EMR Enhancements for Feature Parity with PCloud¶

Enhanced Spark Plugin and EMR for Feature Parity with PCloud.

Added STS Signer Support for Boto3 S3 operation¶

STS-based request signing is now supported for Boto3 S3 operations, enabling authenticated S3 requests with temporary security credentials.

Updated DataServer Dependencies¶

Upgraded DataServer dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) report.

DataServer Base Image Upgraded¶

Updated the DataServer base image to a newer Debian version to address known security vulnerabilities identified in CVE report.

DataServer Enhancement for Feature Parity with PCloud¶

DataServer Enhancement for Feature Parity with PCloud

Known Issue | Attribute Based Access Control [ABAC] and Tag Based Attribute Control [TBAC] is not working as expected with the DataServer.¶

• In release 9.2.9.1, the Attribute Based Access Control [ABAC] and Tag Based Attribute Control [TBAC] policy evaluation is not working as expected with the Dataserver.
• Impact: This affects Attribute Based Access Control [ABAC] and Tag Based Attribute Control [TBAC] using Dataserver.
• Resolution: This issue will be fixed in the upcoming releases.

Audit Fluentd Base Image Upgraded¶

Updated the Audit Fluentd base image to a newer Debian version to address known security vulnerabilities identified in CVE report.

Added Tag Attributes Filter to Paginated Tagged Resources API¶

Added a new tagAttributes query parameter to the tags/resources/paginated endpoint, enabling you to filter tagged resources by specific tag attribute keys or values.

Updated Application Dependencies¶

Upgraded application and application dependencies to address known security vulnerabilities identified in the CVE (Common Vulnerabilities and Exposures) report.

Admin Audit Logs to Privacera Mananged Amazon S3¶

Added support for storing Apache Ranger Admin audit logs in Amazon S3 to meet long-term compliance and retention requirements. This provides durable and scalable storage for administrative activity and reduces dependency on local disk storage. You can now archive policy changes, user and role updates, and system events in Privacera Mananged Amazon S3 for easier auditing and governance.

Removed Unsupported Masking Types from BigQuery Service (Pcloud)¶

In Pcloud, unsupported masking types were removed from the BigQuery service definition to ensure that only valid masking types are available for masking policy configuration.

Note: For self-managed deployments, these changes were included in the 9.2.8.1 release.

Updated Default Annotation for AWS Ingress¶

Fixed AWS Application Load Balancer (ALB) health check failures caused by a missing HTTP 200 status code in the healthcheck annotation.

Debian Base Image Upgrade¶

Upgraded the base image to new Debian version for both Diagnostics Server and Diagnostics Client.

Added Support for Exporting Telemetry Data to Privacera Cloud¶

• Privacera now supports exporting telemetry data to Privacera Cloud.
• Exporting metrics to Privacera Cloud is enabled by default.
• To enable or disable telemetry data export, refer to the following documentation:
  • Exporting Telemetry Data to Privacera Cloud

Improved Asset Listing in Data Products¶

Resolved an issue in the data product creation flow where the Add Assets section displayed only the first 100 child resources. All child resources are now displayed. Additionally, resource tags now display correctly in Product Details → Assets.

Prevent Deletion of System Tags in Tags and Metadata Page¶

System-generated tags can no longer be deleted from the Tags and Metadata page in the Governance Hub. The delete option is now disabled for all SYSTEM tags to prevent accidental removal.

UI Improvements and Enhancements¶

This release includes several UI improvements and enhancements:

• Data Catalog Navigation: The Data Catalog now remembers your drill-down position when you navigate between menus.
• Column Masking Information: Masking information for columns now displays correctly.
• Data Product Purpose Field: You can now enter multi-line text in the Data Product purpose field.
• Data Product Deletion: The delete action flow on the Product Detail → Assets tab has been improved with an additional button to enable selection.
• Data Asset Icons: Service type icons now display correctly for assets added through the search method.

Fixed Group Deselection Issue For Ranger Users¶

Fixed an issue where Portal users created with the same username as Ranger users experienced unintended deselection of groups and attributes for Ranger notes.

Fixed RLF Tag Policy Expression Layout¶

Fixed layout issues in the RLF Tag Policy Expression editor where long expressions overlapped with other UI elements.