Privacera Platform master publication



Concepts in access management

For conceptual background, see How Access Management Works.

Access Management stores audit records for all data access and key portal activity. Audit records are retained for 90 days.

The Audit page includes information under the following categories:

  • Access: Each access (or denial) to a managed data repository.

  • Admin: Portal Administrative activity including revisions to policies.

  • Login Sessions: Logins to your PrivaceraCloud account web portal.

  • Plugin: Logged status for each synchronization exchange with a data access plug-in component.

  • Plugin Status: Logged updates with each data access plug-in component.

  • UserSync: The new provisioning of a user or group or modification of an already provisioned user or group, that has already been provisioned from the connected Identity Provider.

  • PolicySync: Logged queries to data resources integrated using 'policy sync' method.

View audit logs

  1. From the home page, click Access Management > Audit.

  2. Select a tab to see events in the associated category.

    • Access

    • Admin

    • Login Sessions

    • Plugin

    • Plugin Status

    • User Sync

    • Policy Sync

  3. (Optional) Select a time range for the events you want to see. The default is seven days.

About PolicySync Access Audit Records and Policy ID

For datasources where Ranger plug-ins make policy decisions, those plug-ins can log the specific policy that was enforced, and the Policy ID column is populated with a link to the relevant policy.

For datasources where enforcement is provided by PolicySync, individual access control decisions are enforced by native database permissions, secure views, and other native application security mechanisms. It is not feasible to trace back from the interaction of those mechanisms to an individual Privacera access control policy. In such cases, the policy ID is set to zero.

PEG API access

On the Access tab, use the search filter pulldown menu to see Service is PEG (Privacera Encryption Gateway).

Image 283645

This shows access to a PEG encryption key when a PEG REST API request specifies an encryption scheme.

For more information about PEG, see the Privacera Encryption Guide.Core Ideas and Terminology

Enable reason setting

The "reason" setting shows error codes and error messages on the Audit page that caused an audit record.

Set the following properties:

vi ~/privacera/privacera-manager/config/custom-properties/