Azure ADLS Data Server#
This topic covers integration of Azure Data Lake Storage (ADLS) with the Privacera Platform using Privacera Dataserver.
Ensure that the following prerequisites are met:
You have access to an Azure Storage account along with required credentials.
For more information on how to set up an Azure storage account, refer to Azure Storage Account Creation.
Get the values for the following Azure properties: Application (client) ID, Client secrets
Go to the privacera-manager folder in your virtual machine. Open the config folder, copy the sample vars.dataserver.azure.yml file to the custom-vars/ folder, and edit it.
cp config/sample-vars/vars.dataserver.azure.yml config/custom-vars/ vi custom-vars/vars.dataserver.azure.yml
Enter the following Azure-related information. For property details and description, click here.
AZURE_TENANTID : "<PLEASE_CHANGE>" AZURE_APP_CLIENT_ID : "<PLEASE_CHANGE>" AZURE_SUBSCRIPTION_ID: "<PLEASE_CHANGE>" AZURE_RESOURCE_GROUP: "<PLEASE_CHANGE>" BASE64_APP_CLIENT_SECRET: "<PLEASE_CHANGE>" DATASERVER_AZURE_GEN2_SHARED_KEY_AUTH: "<PLEASE_CHANGE>" AZURE_ACCT_SHARED_KEY_PAIRS: "<PLEASE_CHANGE>"
You can also add custom properties that are not included by default. See Dataserver.
Run the following command.
These validate steps require the use of the Privacera Portal Access Management: Resource Policies and Data Inventory: Data Explorer functions. See Privacera Portal Users' Guide for more information.
All-access or attempted access (Allowed and Denied) for Azure ADLS resources will now be recorded to the audit stream. This Audit stream can be reviewed in the Audit page of the Privacera Access Manager. Default access for a data repository is 'Denied' so all data access will be denied.
To verify Privacera Data Management control, perform the following steps:
Login to Privacera Portal, as a portal administrator, open Data Inventory: Data Explorer, and attempt to view the targeted ADLS files or folders. The data will be hidden and a Denied status will be registered in the Audit page.
In Privacera Portal, open Access Management: Resource Policies. Open System 'ADLS' and 'application' (data repository) 'privacera_adls'. Create or modify an access policy to allow access to some or all of your ADLS storage.
Return to Data Inventory: Data Explorer and re-attempt to view the data as allowed by your new policy or policy change. Repeat step 1.
You should be able to view files or folders in the account, and an Allowed status will be registered in the Audit page.
To check the log in the Audit page in Privacera Portal, perform the following steps:
On the Privacera Portal page, expand Access Management and click the Auditfrom the left menu.
The Audit page will be displayed with Ranger Audit details.