- Platform Release 6.5
- Privacera Platform Installation
- About Privacera Manager (PM)
- Install overview
- Prerequisites
- Installation
- Default services configuration
- Component services configurations
- Access Management
- Data Server
- PolicySync
- Snowflake
- Redshift
- Redshift Spectrum
- PostgreSQL
- Microsoft SQL Server
- Databricks SQL
- RocksDB
- Google BigQuery
- Power BI
- UserSync
- Privacera Plugin
- Databricks
- Spark standalone
- Spark on EKS
- Trino Open Source
- Dremio
- AWS EMR
- AWS EMR with Native Apache Ranger
- GCP Dataproc
- Starburst Enterprise
- Privacera services (Data Assets)
- Audit Fluentd
- Grafana
- Access Request Manager (ARM)
- Ranger Tagsync
- Discovery
- Encryption & Masking
- Privacera Encryption Gateway (PEG) and Cryptography with Ranger KMS
- AWS S3 bucket encryption
- Ranger KMS
- AuthZ / AuthN
- Security
- Access Management
- Reference - Custom Properties
- Validation
- Additional Privacera Manager configurations
- CLI actions
- Debugging and logging
- Advanced service configuration
- Increase Privacera portal timeout for large requests
- Order of precedence in PolicySync filter
- Configure system properties
- PolicySync
- Databricks
- Table properties
- Upgrade Privacera Manager
- Troubleshooting
- Possible Errors and Solutions in Privacera Manager
-
- Unable to Connect to Docker
- Terminate Installation
- 6.5 Platform Installation fails with invalid apiVersion
- Ansible Kubernetes Module does not load
- Unable to connect to Kubernetes Cluster
- Common Errors/Warnings in YAML Config Files
- Delete old unused Privacera Docker images
- Unable to debug error for an Ansible task
- Unable to upgrade from 4.x to 5.x or 6.x due to Zookeeper snapshot issue
- Storage issue in Privacera UserSync & PolicySync
- Permission Denied Errors in PM Docker Installation
- Unable to initialize the Discovery Kubernetes pod
- Portal service
- Grafana service
- Audit server
- Audit Fluentd
- Privacera Plugin
-
- Possible Errors and Solutions in Privacera Manager
- How-to
- Appendix
- AWS topics
- AWS CLI
- AWS IAM
- Configure S3 for real-time scanning
- Install Docker and Docker compose (AWS-Linux-RHEL)
- AWS S3 MinIO quick setup
- Cross account IAM role for Databricks
- Integrate Privacera services in separate VPC
- Securely access S3 buckets ssing IAM roles
- Multiple AWS account support in Dataserver using Databricks
- Multiple AWS S3 IAM role support in Dataserver
- Azure topics
- GCP topics
- Kubernetes
- Microsoft SQL topics
- Snowflake configuration for PolicySync
- Create Azure resources
- Databricks
- Spark Plug-in
- Azure key vault
- Add custom properties
- Migrate Ranger KMS master key
- IAM policy for AWS controller
- Customize topic and table names
- Configure SSL for Privacera
- Configure Real-time scan across projects in GCP
- Upload custom SSL certificates
- Deployment size
- Service-level system properties
- PrestoSQL standalone installation
- AWS topics
- Privacera Platform User Guide
- Introduction to Privacera Platform
- Settings
- Data inventory
- Token generator
- System configuration
- Diagnostics
- Notifications
- How-to
- Privacera Discovery User Guide
- What is Discovery?
- Discovery Dashboard
- Scan Techniques
- Processing order of scan techniques
- Add and scan resources in a data source
- Start or cancel a scan
- Tags
- Dictionaries
- Patterns
- Scan status
- Data zone movement
- Models
- Disallowed Tags Policy
- Rules
- Types of rules
- Example rules and classifications
- Create a structured rule
- Create an unstructured rule
- Create a rule mapping
- Export rules and mappings
- Import rules and mappings
- Post-processing in real-time and offline scans
- Enable post-processing
- Example of post-processing rules on tags
- List of structured rules
- Supported scan file formats
- Data Source Scanning
- Data Inventory
- TagSync using Apache Ranger
- Compliance Workflow
- Data zones and workflow policies
- Workflow Policies
- Alerts Dashboard
- Data Zone Dashboard
- Data zone movement
- Example Workflow Usage
- Discovery health check
- Reports
- Built-in Reports
- Saved reports
- Offline reports
- Reports with the query builder
- How-to
- Privacera Encryption Guide
- Essential Privacera Encryption terminology
- Install Privacera Encryption
- Encryption Key Management
- Schemes
- Scheme Policies
- Encryption Schemes
- Presentation Schemes
- Masking schemes
- Encryption formats, algorithms, and scopes
- Deprecated encryption formats, algorithms, and scopes
- Encryption with PEG REST API
- PEG REST API on Privacera Platform
- PEG API Endpoint
- Encryption Endpoint Summary for Privacera Platform
- Authentication Methods on Privacera Platform
- Anatomy of the /protect API Endpoint on Privacera Platform
- About Constructing the datalist for protect
- About Deconstructing the datalist for unprotect
- Example of Data Transformation with /unprotect and Presentation Scheme
- Example PEG API endpoints
- /unprotect with masking scheme
- REST API Response Partial Success on Bulk Operations
- Audit Details for PEG REST API Accesses
- REST API Reference
- Make calls on behalf of another user
- Troubleshoot REST API Issues on Privacera Platform
- PEG REST API on Privacera Platform
- Encryption with Databricks, Hive, Streamsets, Trino
- Databricks UDFs for encryption and masking
- Hive UDFs
- Streamsets
- Trino UDFs
- Privacera Access Management User Guide
- Privacera Access Management
- How Polices are evaluated
- Resource policies
- Policies overview
- Creating Resource Based Policies
- Configure Policy with Attribute-Based Access Control
- Configuring Policy with Conditional Masking
- Tag Policies
- Entitlement
- Request Access
- Approve access requests
- Service Explorer
- User/Groups/Roles
- Permissions
- Reports
- Audit
- Security Zone
- Access Control using APIs
- AWS User Guide
- Overview of Privacera on AWS
- Set policies for AWS services
- Using Athena with data access server
- Using DynamoDB with data access server
- Databricks access manager policy
- Accessing Kinesis with data access server
- Accessing Firehose with Data Access Server
- EMR user guide
- AWS S3 bucket encryption
- S3 browser
- Getting started with Minio
- Plugins
- How to Get Support
- Coordinated Vulnerability Disclosure (CVD) Program of Privacera
- Shared Security Model
- Privacera documentation changelog
Supported validations
The following table contains all the supported validations for each Privacera service:
Service Name | Validation Type | Checks |
Privacera Portal tag : portal | pre_check | Validate External Database Properties |
Validate Properties for OKTA Login | ||
Validate Properties for LDAP Login | ||
Validate Properties for AAD Login | ||
Validate Properties for Portal SSL | ||
Check Portal padmin user password strength | ||
pre_validation | Check if external MySQL database is reachable | |
Check if external Postgres database is reachable | ||
Check if LDAP server is reachable | ||
service_check | Check if the portal is accessible | |
security_check | Check if all portal password property values are secured with JCEKS keystore | |
Verify Privacera Portal SSL Certificate | ||
Ranger tag : ranger | pre_check | Validate External Database Properties |
Validate Properties for Ranger SSL | ||
Check Ranger passwords strength | ||
pre_validation | Check if external MySQL database is reachable | |
Check if external Postgres database is reachable | ||
service_check | Check if ranger admin is accessible | |
security_check | Check if all ranger password property values are secured with JCEKS keystore | |
Verify Ranger Admin SSL Certificate | ||
Solr tag : solr | pre_check | Validate Properties for Solr Auth |
Check Solr auth user password strength | ||
service_check | Check if Solr is accessible | |
service_validation | Check if Solr Service is Functional | |
security_check | Verify Solr SSL Certificate | |
Zookeeper tag : zookeeper | service_check | Check if the Zookeeper container is running |
MariaDB tag : mariadb | pre_check | Check MariaDB root user password strength |
Audit Fluentd tag : audit-fluentd | pre_check | Validate audit-fluentd aws s3 properties |
Validate audit-fluentd azure properties | ||
service_check | Check if audit-fluentd is accessible | |
Audit Server tag : auditserver | pre_check | Validate AuditServer basic authentication properties |
Check AuditServer basic authetication password strength | ||
service_check | Check if auditserver is accessible | |
security_check | Check if all auditserver password property values are secured with JCEKS keystore | |
Crypto tag : crypto | service_validation | Check if Crypto is Functional |
Dataserver tag : dataserver | pre_check | Validate Properties for Azure Cloud |
Validate Properties for Shared Key Azure Cloud | ||
Validate Properties for GCP Cloud | ||
Validate Properties s3 Endpoint | ||
Validate Properties databricks scala | ||
Validate Properties For SSL | ||
Check strength of dataserver related passwords | ||
pre_validation | Check if able to connect to s3 using IAM role | |
Check if able to connect to s3 using keys | ||
Check if able to connect to s3 http endpoint | ||
Check if able to connect to s3 https endpoint | ||
Check if able to connect to adls gen2 shared_key_pairs | ||
Check if able to connect to adls gen2 storage | ||
Check if able to connect to gcp | ||
service_check | Check if non-ssl dataserver is accessible | |
Check if ssl dataserver is accessible | ||
service_validation | Check if S3 Service is Functional with Dataserver | |
Check if DynamoDB Service is Functional with Dataserver | ||
Check if Glue Service is Functional with Dataserver | ||
Check if Kinesis Service is Functional with Dataserver | ||
Check if Lambda Service is Functional with Dataserver | ||
security_check | Check if all dataserver password property values are secured with JCEKS keystore | |
Verify Dataserver SSL Certificate | ||
Discovery tag : discovery | pre_check | Validate Properties for External Database |
Validate Properties for AWS Resources | ||
Validate Properties for Azure Resources with terraform disabled | ||
Validate Properties for Azure Resources with Terraform enabled | ||
Validate Properties for GCP Resources | ||
Validate Properties for Discovery kubernetes | ||
Validate Properties for Discovery real time scan | ||
Validate Properties for Discovery Databricks | ||
Validate Properties for Discovery Databricks with managed script | ||
Validate Properties for Discovery Databricks Plugin | ||
pre_validation | Check if external mysql database is reachable | |
Check if external postgres database is reachable | ||
service_check | Check if discovery container is running | |
service_validation | Check if Discovery S3 Scanning is Functional | |
Grafana tag : grafana | service_check | Check if grafana container is running |
Graphite tag : graphite | service_check | Check if graphite container is running |
Kafka tag : kafka | service_check | Check if kafka container is running |
PEG tag : peg | pre_check | Validate Credentials for PEG to Privacera Portal Communication |
Validate PEG Basic Auth Properties | ||
Validate PEG Host Name | ||
Check PEG basic auth password strength | ||
service_check | Check if PEG is accessible | |
service_validation | Check if PEG is Functional | |
security_check | Check if PEG Privacera Portal password property values are secured with JCEKS keystore | |
Verify PEG SSL Certificate | ||
Pkafka tag : pkafka | service_check | Check if pkafka container is running |
PolicySync tag : policysync | service_check | Check if policysync container is running |
Ranger KMS tag : kms | pre_check | Validate Ranger KMS Master Key password property |
Validate Ranger KMS Host Name | ||
Check Ranger KMS Master key password strength | ||
service_check | Check if ranger kms container is running | |
security_check | Check Master key password used in Ranger KMS is stored in secure JCEKS keystore | |
Verify Ranger KMS SSL Certificate | ||
Ranger Usersync tag : usersync | pre_check | Validate Properties for LDAP Usersync |
Validate Properties for AAD Usersync | ||
Validate Properties for LDAP SSL Usersync | ||
Check strength of usersync passwords | ||
pre_validation | Check if ldap server is reachable | |
service_check | Check if ranger usersync container is running | |
security_check | Check if all ranger usersync password property values are secured with JCEKS keystore | |