Skip to content

Policies Overview

View and manage resource services. The Resource Policies page shows your services grouped by service type. A resource service consists of a connection to one or more data repositories and a set of policies that control access to data in those repositories. A service type is a collection of services sharing similar attributes and configuration parameters. 

Service/Service Group Global Actions#

On the Resource Policies page, you can filter the view and import/export policies.

Add a new resource-based service. Service types have some common attributes as well as attributes specific to that service type.

Export services in JSON-formatted policy sets.

Import a previously exported policy set.  

View Policy Details#

Click a service to open to the Policy definition and management page. Each policy defintion row shows key attributes.

  • Policy Id:  Each policy is assigned an immutable numeric identifier. These ids are monotonically incremented and unique within each PrivaceraCloud account.Policy identifiers are referenced in the audit trail event messages, so that action taken and recorded to the audit trail is associated with a specific policy.

  • Policy Name: Polices are assigned a name, either by the system or by a user.  System-created policy names can be changed.

  • Validity Period:  A policy can be defined to be effective only for a period of time. Start and End date/times may be defined (to the minute) with a selectable Time Zone. Use the Add Validity Period button in the upper right to set a validity period for this policy.

  • Policy Label: Policies may be assigned a new or existing label. Labels assist in filtering and with search reports.

  • Resource Specifier: Underneath the Policy Label field are the Resource specifiers. These will be different for each type of resource, and the set of specifiers will change depending on the top down choices. For example, by default a Hive resource will display fields for 'database', 'table', and 'column'.

    The Autocomplete feature is available to add your resources. When you enter the first character in the resource field, the autocomplete feature displays the resources (databases, tables, or columns) available in the data source. The autocomplete feature supports the Wildcard character "*" to add the resources.

    Note

    Autocomplete feature is supported on the resource fields of the PolicySync connectors only.

  • Condition Sets: The rules used to allow or deny access to resources. Conddition sets are made up of permissions, users, groups, and roles. The permission selection list will be specific to the type of service. (For example, for the ADLS service, the permission set is {read, write, delete, metadata read, metadata write, admin}.) There are four sets of access conditions (rules):

    • Allow Conditions
    • Exclude from Allow Conditions
    • Deny Conditions
    • Exclude from Deny Conditions

At least one rule should be defined.  Rules for the other condition sets may be omitted. 

One or more default 'all...' policies are automatically created for any default created services (those named as "privacera_<service_type>").  (The actual policy names are adjusted for each type of service. For example, for 'hive' services, the 'all' policy is named 'all - database'.  For database repository oriented services, the default policy name is:  'all - database, schema, table, column', and so on.).


Last update: August 24, 2021