Table Properties#
PolicySync#
Common Properties#
| Property | Description | Default Value |
|---|---|---|
| ranger.policysync.connector.<id> | To Set the Unique Connection name for the policysync connector | |
| ranger.policysync.connector.<id>.enabled | Toggle to Enable/Disable the Connector | |
| ranger.policysync.connector.<id>.jdbc.url | JDBC Connection URL | |
| ranger.policysync.connector.<id>.jdbc.username | Database Username to be used with jdbc connection | |
| ranger.policysync.connector.<id>.jdbc.password | Database Password to be used with jdbc connection | |
| ranger.policysync.connector.<id>.jdbc.db | Database Name to be used with jdbc connection | |
| ranger.policysync.connector.<id>.master.database | Master Database | |
| ranger.policysync.connector.<id>.new.user.password | password that will be set for all the new users after sync | |
| ranger.policysync.connector.<id>.switch.ownership.role | role name which policysync can switch to | |
| ranger.policysync.connector.<id>.manage.service.user | Enable/Disable Toggle for creating ranger user | TRUE |
| ranger.policysync.connector.<id>.manage.service.group | Enable/Disable Toggle for creating ranger group | TRUE |
| ranger.policysync.connector.<id>.manage.service.role | Enable/Disable Toggle for creating ranger role | TRUE |
| ranger.policysync.connector.<id>.User.role.prefix | Prefix will be appended while creating user | priv_user_ |
| ranger.policysync.connector.<id>.Group.role.prefix | Prefix will be appended while creating group | priv_group_ |
| ranger.policysync.connector.<id>.Role.role.prefix | Prefix will be appended while creating role | priv_role_ |
| ranger.policysync.connector.<id>.manage.table.list |
Table name/s which needs to be managed Notes:
|
|
| ranger.policysync.connector.<id>.manage.view.list |
View name/s which needs to be managed Notes:
|
|
| ranger.policysync.connector.<id>.ignore.schema.list |
Schema name/s where policies should not be enforced or ignored. Notes:
|
|
| ranger.policysync.connector.<id>.ignore.table.list |
Table name/s where policies should not be enforced or ignored Notes:
|
|
| ranger.policysync.connector.<id>.manage.user.list |
User names to be manged by Policysync Notes:
|
|
| ranger.policysync.connector.<id>.manage.group.list |
Group names to be manged by Policysync
|
|
| ranger.policysync.connector.<id>.manage.role.list |
Role names to be manged by Policysync Notes:
|
|
| ranger.policysync.connector.<id>.perform.grant.updates | Policy-sync will manage users specified in “manage.user.list” prop only if they are associated with any group specified in “manage.group.list” | TRUE |
| ranger.policysync.connector.<id>.manage.user.filterby.group | If: True Policy-sync will manage users specified in “manage.user.list” prop only if they are associated with any group specified in “manage.group.list” |
FALSE |
| ranger.policysync.connector.<id>.manage.user.filterby.role | If: True Policy-sync will manage users specified in “manage.user.list” prop only if they are associated with any group specified in “manage.role.list” |
FALSE |
| ranger.policysync.connector.<id>.masked.number.value | Masking Value for Numbers in policies | 0 |
| ranger.policysync.connector.<id>.masked.double.value | Masking Value for Numbers in policies | 0 |
| ranger.policysync.connector.<id>.masked.text.value | Masking Value for Texts in policies | <MASKED>' |
| ranger.policysync.connector.<id>.masked.varchar.value | Masking Value for Characters in policies | <MASKED>' |
| ranger.policysync.connector.<id>.enable.row.filter | Toggle to Enable/Disable Row Filter | TRUE |
| ranger.policysync.connector.<id>.enable.view.based.row.filter | Toggle to Enable/Disable Row Filter on Views | FALSE |
| ranger.policysync.connector.<id>.enable.view.based.masking | Toggle to Enable/Disable Masking on Views | TRUE |
| ranger.policysync.connector.<id>.secure.view.schema.name | Schema name where secure view/s needs to be created Note: By default view based row filter and masking related secure views are created in the same schema as the original table schema. |
|
| ranger.policysync.connector.<id>.secure.view.schema.name.prefix | Add Prefix to the secured view/s in the schema Note: By default view based row filter and masking related secure views have the same schema name as the table schema name. |
|
| ranger.policysync.connector.<id>.secure.view.schema.name.postfix | Add Postfix to the secured view/s in the schema Note: By default view based row filter and masking related secure views have the same schema name as the table schema name. |
|
| ranger.policysync.connector.<id>.secure.view.name.prefix | Add Prefix to the secured view/s Note: By default view based row filter and masking related secure views have the same schema name as the table schema name. |
|
| ranger.policysync.connector.<id>.secure.view.name.postfix | Add Postfix to the secured view/s Note: By default view based row filter and masking related secure views have the same schema name as the table schema name. |
_secure |
| ranger.policysync.connector.<id>.secure.view.schema.name.remove.suffix.list | To Remove any suffix from the secured view/s in the schema Note: By default view based row filter and masking related secure views have the same schema name as the table schema name. |
|
| ranger.policysync.connector.<id>.secure.view.name.remove.suffix.list | To Remove any Suffix from the secured view/s Note: By default view based row filter and masking related secure views have the same schema name as the table schema name. |
|
| ranger.policysync.connector.<id>.secure.view.create.for.all | Toggle to create secure views regardless of masking/row filter policies | FALSE |
| ranger.policysync.connector.<id>.enable.audit | Toggle to Enable/Disable Audits | TRUE |
| ranger.policysync.connector.<id>.audit.sqs.queue.name | AWS SQS Queue name to send the audit logs | |
| ranger.policysync.connector.<id>.region | AWS Region name |
MSSQL#
| Property | Description | Default Value |
|---|---|---|
| ranger.policysync.connector.<id>.class | Implementation class for mssql connector | com.privacera.policysync.connector.PSMSSQLConnector |
| ranger.policysync.connector.<id>.jdbc.driver | Jdbc driver | com.microsoft.sqlserver.jdbc.SQLServerDriver |
| ranger.policysync.connector.<id>.servicetype | Ranger service type | mssql |
| ranger.policysync.connector.<id>.service.appid | Ranger service appId | privacera_mssql |
Snowflake#
| Property | Description | Default Value |
|---|---|---|
| ranger.policysync.connector.<id>.class | Implementation class for snowflake connector | com.privacera.policysync.connector.PSSnowflakeConnector |
| ranger.policysync.connector.<id>.jdbc.driver | Jdbc driver | net.snowflake.client.jdbc.SnowflakeDriver |
| ranger.policysync.connector.<id>.servicetype | Ranger service type | snowflake |
| ranger.policysync.connector.<id>.service.appid | Ranger service appId | privacera_snowflake |
| ranger.policysync.connector.<id>.audit.source.timezone | Audit source timezone | US/Pacific |
| ranger.policysync.connector.<id>.enable.column.access.masking |
Toggle to enable/disable masking based column level access control in snowflake Policysync will be configured to return |
TRUE |
| ranger.policysync.connector.<id>.enable.column.access.exception |
Toggle to throw an exception if no column level access. This will cause the query to fail. If set to True, then also set enable.column.access.masking to false |
FALSE |
| ranger.policysync.connector.<id>.enable.column.access.exception.function | This property decides what function to call to throw an exception if no column level access is there in snowflake. | {database}.PUBLIC.ThrowColumnAccessException('{col}') |
| ranger.policysync.connector.<id>.enable.row.filter | Toggle to Enable Native Row Filter Functionality | FALSE |
| ranger.policysync.connector.<id>.user.login.name.use.email | When Set to True, Policysync will create Users Account with their email address as login in Snowflake | FALSE |
| ranger.policysync.connector.<id>.create.service.user | Toggle To Create User account in Snowflake | TRUE |
| ranger.policysync.connector.<id>.create.service.user.role | Toggle to allow policysync to create user roles in the snowflake | TRUE |
| ranger.policysync.connector.<id>.user.name.replace.from.regex | Takes the regular expression as input and finds the matching characters in user name and replaces them with the characters specified in user.name.replace.to.string variable. #Note #If set to blank, no find and replace operation is performed. |
|
| ranger.policysync.connector.<id>.user.name.replace.to.string | To replace the characters found by regex specified in user.name.replace.from.regex variable. #Note #If set to blank, no find and replace operation is performed. |
|
| ranger.policysync.connector.<id>.group.name.replace.from.regex | This takes the regular expression as input and finds the matching characters in the group name and replaces them with the characters specified in group.name.replace.to.string variable. #Note #If set to blank, no find and replace operation is performed. |
|
| ranger.policysync.connector.<id>.group.name.replace.to.string | To replace the characters found by regex specified in group.name.replace.from.regex variable. #Note: #If set to blank, no find and replace operation is performed. |
|
| ranger.policysync.connector.<id>.role.name.replace.from.regex | This takes the regular expression as input and finds the matching characters in role name and replaces them with the characters specified in role.name.replace.to.string variable. #Note If set to blank, no find and replace operation is performed. |
|
| ranger.policysync.connector.<id>.role.name.replace.to.string | To replace the characters found by regex specified in role.name.replace.from.regex variable. #Note If set to blank, no find and replace operation is performed. |
|
| ranger.policysync.connector.<id>.secure.view.schema.name.remove.suffix.list | Set the list of comma separated strings, which will be checked if it matches as a suffix for the schema name and if a match is found, suffix will be removed from the schema name. #Note if set to blank, no replacement will happen |
|
| ranger.policysync.connector.<id>.secure.view.name.remove.suffix.list | Set the list of comma separated strings, which will be checked if it matches as a suffix for the schema name and if a match is found, suffix will be removed from the schema name. #Note if set to blank, no replacement will happen |
Redshift#
| Property | Description | Default Value |
|---|---|---|
| ranger.policysync.connector.<id>.class | Implementation class for postgres connector | com.privacera.policysync.connector.PSRedshiftDBConnector |
| ranger.policysync.connector.<id>.jdbc.driver | Jdbc driver | org.postgresql.Driver |
| ranger.policysync.connector.<id>.servicetype | Ranger service type | redshift |
| ranger.policysync.connector.<id>.service.appid | Ranger service appId | privacera_redshift |
PostgreSQL#
| Property | Description | Default Value |
|---|---|---|
| ranger.policysync.connector.<id>.class | Implementation class for postgres connector | com.privacera.policysync.connector.PSPostgresBaseConnector |
| ranger.policysync.connector.<id>.jdbc.driver | Jdbc driver | org.postgresql.Driver |
| ranger.policysync.connector.<id>.servicetype | Ranger service type | postgres |
| ranger.policysync.connector.<id>.service.appid | Ranger service appId | privacera_postgres |