Skip to content

Known Issues 6.4

Privacera Platform Release 6.4

Last updated: 2022-06-03

The following are known issues in the Privacera Platform 6.4 release.

DBX-FGAC-JWT access control failed to getUserInfo while running command (PRIV-12464)

Workaround: Set the following property in the Databricks cluster Spark configuration:

spark.hadoop.privacera.jwt.token.publickey /tmp/jwttoken.pub

Privacera UserSync is not working for Okta and LDAP connector (PRIV-12156)

UserSync operations are occasionally interrupted while loading data into Privacera Portal/Ranger. In most cases, UserSync will correctly load the User/Group when normal operations resume (i.e., when Portal/Ranger becomes available or on the next sync cycle).

In rare instances, however, the UserSync cache can become out of sync.

To correct this, the cache can be cleared or a full sync with force update can be triggered via REST (if enabled).

This problem appears to be limited to Privacera Platform installations conducted via Privacera Manager.

Problem with Trino Server release 379 and above, not with the Privacera plugin (PRIV-11838)

Column-level masking "Partial mask: show last 4" and "Partial mask: show first 4" are not working for the PostgreSQL DB and the Redshift catalog.

The same behaviors have been observed without the Privacera Trino plugin, with the same 'Compiler failed' error, hive working, Redshift not working, and PostgreSQL not working. As a result, the problem appears to be with Trino Server release 379 and above rather than the Privacera plugin.

Access Audit issue from the Starburst Enterprise plugin (DOC2-1316)

Access audits from the Starburst Enterprise plugin are not sent to SSL-enabled Solr.

Driver License Encryption Scheme Succeeds Even With Invalid Input (PRIV-12034)

The Driver License encryption scheme returns success even if the input is not a valid driver's license.

Problem in Snowflake Sequence Access audit (PRIV-11771)

When the result is denied, access audits for the snowflake Sequence do not work properly. When the result is denied, the Access Type is shown as UNKNOWN.

The Dremio Client IP is missing in audits (PRIV-11611)

Databricks: Python job on existing all purpose cluster failed to get user info (PRIV-11310)

The following error during a Python job indicates that it was unable to obtain user information from the Databricks user context.

An error occurred while calling z:com.databricks.backend.daemon.dbutils.FSUtils.head.
: java.lang.RuntimeException: Failed to getUserInfo

Workaround: Use the New/Automated cluster for Python job.

Unable to delete folder from File Explorer for Azure ADLS (PRIV-11002)

When a user attempts to delete a parent folder, only child files are deleted; child folders are not deleted.

CreateDatabase permission is only available for global policies (PRIV-9910)

In Databricks PolicySync, the CreateDatabase permission should be limited to global policies only.

CreateDB fails when the policy includes both a user and a public group for Redshift PolicySync

When a policy for "Create Database" permission is created for a User and the Public group, CreateDB is revoked for the user, resulting in access being denied for Create Database queries.

Note

In Apache Ranger, we currently do not support global permission to Create Database for the PUBLIC group.