Skip to main content

PrivaceraCloud Documentation

Data access methods

:

Data repositories are connected to PrivaceraCloud by configuring connections to applications.

PrivaceraCloud uses three different data access methods:

  • Data Access Server

  • PolicySync

  • Plug-in

The appropriate connector method depends on several factors, including the type of data resource and the type and level of control required.

Activation of the corresponding service also creates corresponding resource service and service group in Resource Policies.

A default set of resource policies is automatically created for each newly created resource service. This will include an all access default policy. Additional policies can be created and defined in Resource Policies.

Data access server

The Data Access Server integration method redirects data access requests to a Privacera data authentication broker inserted into the control and data flow. A maximum of one Data Access Server can be enabled at one time.

Data Access Server syncs Apache Ranger access policies at 5 second intervals.

PolicySync

A PolicySync integration works by mapping PrivaceraCloud defined Resource Policies to the native access controls functions provided by the target data repository system.

This approach is used for data repository systems providing a sufficient native level of data control.

PrivaceraCloud supports multiple concurrent PolicySync connections but only one PolicySync connector of each data resource type.

PolicySync syncs Apache Ranger access policies at 3 second intervals by default, and this interval is configurable per PolicySync connector. In addition to the sync interval, PolicySync reconciles any access policy changes with the data source, and this requires additional time that varies with the complexity of the reconciliation required, such as adding and removing grants.

Plug-in connections

Databricks Spark, EMR PrestoDB, and EMR Hive have built-in support for external authentication using Plug-In architecture.

Privacera inserts itself into the Databricks or EMR authentication control flow using a plug-in module. Authentication for data access requests are directed to the PrivaceraCloud plug-in component by the repository system itself.

For the following plug-ins, the sync interval for retrieving Apache Ranger policies applies:

  • Databricks fine-grained access control (FGAC) plug-in: 3 seconds

  • Amazon EMR Presto plug-in: 2 seconds

  • Amazon EMR Hive plug-in: 2 seconds

Each PrivaceraCloud allows multiple concurrent plug-in connections. This method is used for: