Databricks SQL PolicySync Fields

Parameter Field Name Allowable Values Default Description
Service* Supplied by the system No default
Service name* String No default Your freeform name for this service
Service enabled* true | false true Enable the feature
Service type* databricks.sql.analytics databricks.sql.analyics The only allowable service type
Service class* com.privacera.
policysync.connector.
PSDatabricksSQLAnalyticsConnector
com.privacera.
policysync.connector.
PSDatabricksSQLAnalyticsConnector
The only allowable Java class
Service jdbc driver*
Service database name* Name of Databricks database to connect to No default The service database name
Service jdbc username Name of Databricks SQL user No default The master/admin database user for the PolicySync process to perform all database activities and apply permissions on entities.
Process includes user, role, group creation, access policies, masking and RLF policies, and for retrieving access audits
Service jdbc password* Endpoint sccess token from Databricks No default Databricks endpoint access token
Service jdbc url* Jdbc://-style URL to Databricks endpoint No default Jdbc://-style URL to Databricks endpoint
Service base url* URL to connect to Databricks SQL host No default The databricks host URL
Persist database connection* true | false Keep the network connection the Databricks endpoint open
System config*
Manage service user* true | false No default When true, the system processes entries the "Manage user list*" field.
Manage service group* true | false No default When true, the system processes entries the "Manage group list*" field.
Manage service role* true | false No default When true, the system processes entries the "Manage role list*" field.
Ignore user list* User names No default Comma-separated list of users that should be ignored by PolicySync.
Role role prefix String No default A string value prefixed on role names that are auto-created during policy synchronization. If empty no prefix is added.
Load unmanaged resources* true | false
Load unmanaged users* true | false
Load unmanaged roles* true | false
Load unmanaged groups* true | false
Enable access audit* true | false Enables Access Audit coming from Databricks SQL. This fetches all the access permission granted by the database to its entities.
Enable policysync audit* true | false Enables PolicySync audit, which logs all the queries issued by PolicySync process.
Manage database list* See description. No default Comma-separated list of names of databases you want to manage.
Format: databasename,databasename,databasename,...
If specified as none, no databases are managed.
Manage view list* See description. No default Comma-separated list of names of views you want to manage.
Format: databasename.viewname,databasename.viewname,databasename.viewname,...
Manage user list* See description. No default Comma-separated list of users you want to manage.
If specified as none, no users are managed.
Manage group list* See description. No default Comma-separated list of groups you want to manage.
If specified as none, no groups are managed.
Manage role list* See description. No default Comma-separated list of roles you want to manage.
If specified as none, no roles are managed.
Enable view based masking true | false Field to enable view-based masking
Default Mask text value String No default Specify the text value to be displayed in columns of text datatype of secure views.
Default Mask number value String No default Specify the text value to be displayed in columns of number datatype of secure views.
Enable view based row filter true | false Field to enable view-based row filtering
Manage user filterby group true | false No default When set true, perform the PolicySync operations only on the users that are part of certain specified groups.
Manage user filterby role true | false No default When set true, perform the PolicySync operations only on the users that have certain specified roles.
Secure view schema name suffix to be removed String No default Comma-separated list of suffixes of schema names that will be removed when the secure view is created. For example, if there is a schema named customer_t, and this field is set to _t, the created schema is named customer.
Secure view name suffix to be removed String No default Comma-separated list of suffixes of table names that will be removed when the secure view is created. For example, if there is a table named a_t, and this field is set to _t, the created view is named a.
Sync interval in seconds* Number Synchronization interval of Portal user records in seconds.
Ownership role* Any defined user name No default Note: This value is the same as Service jdbc username.

The owner for all new resources created in Databricks. This ensures admins know exactly the owner of all new resources.

This value is case-sensitive.
Secure View Database Name String No default By default, view-based row filters and masking-related secure views are created in the same database as the original table database. If you want to keep these secure views in a separate database, specify that separate database name in this field.
Secure View Database Name Prefix String No default By default view-based row filters and masking related secure views have the same database name as the table database name. If you want to change the secure view database name prefix, set this field to the desired string. After the prefix is specified, the view database name is in this format: {prefix}{view_database_name}.
Secure View Database Name Postfix String No default By default view-based row filters and masking related secure views have the same database name as the table database name. If you want to change the secure view database name prefix, set this field to the desired string. After the postfix is specified, the view database name is in this format: {view_database_name}{postfix}.
Secure View Name Prefix String No default By default view-based row filters and masking related secure views have the same name as the table. If you want to change the secure view name prefix, set this field to the desired string. After the prefix is specified, the view name is in this format: {prefix}{table_name}.
Secure View Name Postfix String No default By default view-based row filter- and masking-related secure views have the same name as the table. If you want to change the secure view name postfix, set this field to the desired string. After the postfix is specified, the view name is in this format: {table_name}{postfix}.
Secure view create for all true | false No default If set true, create secure views regardless of the masking/row filter policy that exists in Privacera Ranger
Secure view Access By Table policies true | false No default Apply policies associated with the table to the view if that view is generated from underlying table.
Column Level Access Control true | false false Enable/disable column-level access control
Replacing name from regex Regular expression [^a-zA-Z0-9._\-\\s+] Allow special characters in user, group and role names in Databricks SQL.
It takes a regular expression as input, finds the matching characters in the user, group, and role names and replaces them with the characters specified in the Replace to string field.
  • By default, period, underscore, and hyphen are supported.
  • If any characters other than the default are needed, modify the regex value.
Replace to string Any characters Underscore This value replaces the characters included in the regex specified in the Replacing name from regex field.
If empty, this field is ignored.
Example: If a group is named is test@group , because @ is not supported in the regex in Replacing name from regex, the resulting group name is test_group.
Persist case sensitivity true | false True If set true, preserves the case sensitivity of user, group, and role names.


Last update: September 8, 2021