Skip to content

Redshift Connector User Guide

Preventing Revocation of Externally Applied Permissions

To prevent revoking externally applied permissions, perform the following steps:

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/redshift/instance1/vars.connector.redshift.yml
    
  3. Update the following property to disable grant and revoke updates for user, group, and role on Redshift.

    YAML
    CONNECTOR_REDSHIFT_GRANT_UPDATES: "false"
    

  4. After configuring the property, update the connector with:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    cd ~/privacera/privacera-manager
    ./privacera-manager.sh setup
    
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    cd ~/privacera/privacera-manager
    ./pm_with_helm.sh upgrade
    
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    cd ~/privacera/privacera-manager
    ./privacera-manager.sh post-install
    
  5. Manually create the necessary policies in Privacera to ensure that permissions remain intact and revocations do not occur.

  6. Update the following property to true in privacera/privacera-manager/config/custom-vars/connectors/redshift/instance1/vars.connector.redshift.yml file:

    YAML
    CONNECTOR_REDSHIFT_GRANT_UPDATES: "true"
    

  7. Re-run the following commands to update the connector with new configuration:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    cd ~/privacera/privacera-manager
    ./privacera-manager.sh setup
    
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    cd ~/privacera/privacera-manager
    ./pm_with_helm.sh upgrade
    
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    cd ~/privacera/privacera-manager
    ./privacera-manager.sh post-install
    

Comments