Description of Snowflake Properties

These are properties for configuring a Snowflake data source.

Properties Description Example
Service name Policy Sync connector name used while configuration Policy Sync connector for Snowflake service. Service name: Snowflake
Service JDBC URL JDBC URL connection required for connecting to Snowflake repository. Service JDBC URL: "jdbc:snowflake://testsnowflake.prod.us-west-2.aws.snowflakecomputing.com"
Service JDBC Username The master/admin database user used by the Policy Sync process, for performing all database activities and applying the permissions on entities.

Process includes User/Role/Group creation process, Access policies, Masking and RLF policies and for retrieving Access Audits.

Service JDBC Username: PRIVACERA_SYNC

Service JDBC Password Password used while creating the database user Service JDBC Password: ####
Service database name This database is used for creating the master connection to the Snowflake service. Service database name: privacera_db
Service warehouse name
Warehouse which will be used by Policy Sync Service warehouse name: "PRIVACERA_POLICYSYNC_WH"
Service managed global list This is used for access control of global policies like createDB , create WH. But can be skipped if not required. Service managed global list: none

Manage database list

Manage schema list

Manage view list

These three properties follow the same format.

Specify a list of zero or more names of databases, list of schemas, list of users, or list of views to be naged by PrivaceraCloud.

If left blank, all targets {databases, schemas, users} in the repository are managed.

If set to none, no databases is managed.

Accepts single name or multiple names separated by commas.

Regular expressions (Regex) can be used. (E.g. *_xx will match to names company_xx, products_xx, and so on.

Formats:

Database list format: database

Schema list format: database.schema

Table list format: database.schema.table

View list format: database.schema.view

Manage database list: privdb

Manage schema list: privdb.saasdb

Manage table list: privdb.saasdb.*

Manage view list: privdb.saasdb.*

Manage user list

Manage groups list

Manage roles list

These three properties follow the same format. For each:

Specify a list of zero or more names of databases, list of schemas, list of users, or list of views to be PrivaceraCloud managed.

If left blank, all targets {databases, schemas, users} in the repository will be managed.

Accepts single name or multiple names with comma separation.

Regular expressionscan be used; for example, *_xx matches names company_xx or products_xx.

Manage user list: privuser*

Manage groups list: priv1,priv2

Manage roles list: privrole

Create service user This property allows the creation of new users during policy synchronization. Create service user: true
Service new user password The password value to be assigned to any new user created during policy synchronization. Every default new user is assigned this password. Service new user password: welcome1
Manage service user, group, or role This property manages service users, groups, and roleis. Manage service user / group / role: true
Ignore user list Data access user ignore list. Comma-separated names of data access users to be ignored (non-managed) by PrivaceraCloud. This list is seeded with the list of standard data access service and administrator user names normally created by PrivaceraCloud for each account. It can be edited or augmented with additional site-specific names to be excluded from PrivaceraCloud control. Ignore user list:

"admin,rangerusersync,keyadmin,rangertagsync,hive,s3,

dynamodb,athena,glue,redshift,kinesis,lambda,mssql, adls,postgres,kafka,snowflake,powerbi,padmin"

Prefix for User, Role, or Group

A string value to be prefixed to Users, Roles, or Groups that are auto-created during synchronization. If empty no prefix will be added.

User role prefix: "pc_user_"

Group role prefix: "pc_role_"

Role role prefix: "pc_group_"

Perform grant updates

Enable/Disable Perform Grant and Revokes. If set to true, all grants will be executed.

If false - grant updates will be dry-run and not actually executed.

Perform grant updates: true


Last update: August 19, 2021