Skip to main content

Privacera Platform

Table properties
:
PolicySync
Common Properties

Property

Description

Default Value

ranger.policysync.connector.<id>

To Set the Unique Connection name for the policysync connector

ranger.policysync.connector.<id>.enabled

Toggle to Enable/Disable the Connector

ranger.policysync.connector.<id>.jdbc.url

JDBC Connection URL

ranger.policysync.connector.<id>.jdbc.username

Database Username to be used with jdbc connection

ranger.policysync.connector.<id>.jdbc.password

Database Password to be used with jdbc connection

ranger.policysync.connector.<id>.jdbc.db

Database Name to be used with jdbc connection

ranger.policysync.connector.<id>.master.database

Master Database

ranger.policysync.connector.<id>.new.user.password

password that will be set for all the new users after sync

ranger.policysync.connector.<id>.switch.ownership.role

role name which policysync can switch to

ranger.policysync.connector.<id>.manage.service.user

Enable/Disable Toggle for creating ranger user

TRUE

ranger.policysync.connector.<id>.manage.service.group

Enable/Disable Toggle for creating ranger group

TRUE

ranger.policysync.connector.<id>.manage.service.role

Enable/Disable Toggle for creating ranger role

TRUE

ranger.policysync.connector.<id>.User.role.prefix

Prefix will be appended while creating user

priv_user_

ranger.policysync.connector.<id>.Group.role.prefix

Prefix will be appended while creating group

priv_group_

ranger.policysync.connector.<id>.Role.role.prefix

Prefix will be appended while creating role

priv_role_

ranger.policysync.connector.<id>.manage.table.list

Table name/s which needs to be managed

Notes:

  • Provide Multiple Table names separated by comma.

  • Blank Value will manage all the databases.

  • "none" Value will skip all the databases.

  • Regex can be used (ex: *_dev)

ranger.policysync.connector.<id>.manage.view.list

View name/s which needs to be managed

Notes:

  • Provide Multiple Views separated by comma.

  • Blank Value will manage all the databases.

  • "none" Value will skip all the databases.

  • Regex can be used (ex: *_dev)

ranger.policysync.connector.<id>.ignore.schema.list

Schema name/s where policies should not be enforced or ignored.

Notes:

  • Provide Multiple Schema names separated by comma.

  • Blank Value will manage all the databases.

  • "none" Value will skip all the databases.

  • Regex can be used (ex: *_dev)

ranger.policysync.connector.<id>.ignore.table.list

Table name/s where policies should not be enforced or ignored

Notes:

  • Provide Multiple Table names separated by comma

  • Blank Value will manage all the databases.

  • "none" Value will skip all the databases.

  • Regex can be used (ex: *_dev)

ranger.policysync.connector.<id>.manage.user.list

User names to be manged by Policysync

Notes:

  • Provide Multiple usernames separated by comma

  • Blank Value will manage all the users.

  • "none" Value will skip all the users.

  • Regex can be used (ex: *_user)

ranger.policysync.connector.<id>.manage.group.list

Group names to be manged by Policysync

Notes:

  • Provide Multiple groupnames separated by comma

  • Blank Value will manage all the groups.

  • "none" Value will skip all the groups.

  • Regex can be used (ex: *_group)

ranger.policysync.connector.<id>.manage.role.list

Role names to be manged by Policysync

Notes:

  • Provide Multiple usernames separated by comma

  • Blank Value will manage all the roles.

  • "none" Value will skip all the roles.

  • Regex can be used (ex: *_role)

ranger.policysync.connector.<id>.perform.grant.updates

Policy-sync will manage users specified in “manage.user.list” prop only if they are associated with any group specified in “manage.group.list”

TRUE

ranger.policysync.connector.<id>.manage.user.filterby.group

If: True

Policy-sync will manage users specified in “manage.user.list” prop only if they are associated with any group specified in “manage.group.list”

FALSE

ranger.policysync.connector.<id>.manage.user.filterby.role

If: True

Policy-sync will manage users specified in “manage.user.list” prop only if they are associated with any group specified in “manage.role.list”

FALSE

ranger.policysync.connector.<id>.masked.number.value

Masking Value for Numbers in policies

0

ranger.policysync.connector.<id>.masked.double.value

Masking Value for Numbers in policies

0

ranger.policysync.connector.<id>.masked.text.value

Masking Value for Texts in policies

<MASKED>'

ranger.policysync.connector.<id>.masked.varchar.value

Masking Value for Characters in policies

<MASKED>'

ranger.policysync.connector.<id>.enable.row.filter

Toggle to Enable/Disable Row Filter

TRUE

ranger.policysync.connector.<id>.enable.view.based.row.filter

Toggle to Enable/Disable Row Filter on Views

FALSE

ranger.policysync.connector.<id>.enable.view.based.masking

Toggle to Enable/Disable Masking on Views

TRUE

ranger.policysync.connector.<id>.secure.view.schema.name

Schema name where secure view/s needs to be created

Note:

By default view based row filter and masking related secure views are created in the same schema as the original table schema.

ranger.policysync.connector.<id>.secure.view.schema.name.prefix

Add Prefix to the secured view/s in the schema

Note:

By default view based row filter and masking related secure views have the same schema name as the table schema name.

ranger.policysync.connector.<id>.secure.view.schema.name.postfix

Add Postfix to the secured view/s in the schema

Note:

By default view based row filter and masking related secure views have the same schema name as the table schema name.

ranger.policysync.connector.<id>.secure.view.name.prefix

Add Prefix to the secured view/s

Note:

By default view based row filter and masking related secure views have the same schema name as the table schema name.

ranger.policysync.connector.<id>.secure.view.name.postfix

Add Postfix to the secured view/s

Note:

By default view based row filter and masking related secure views have the same schema name as the table schema name.

_secure

ranger.policysync.connector.<id>.secure.view.schema.name.remove.suffix.list

To Remove any suffix from the secured view/s in the schema

Note:

By default view based row filter and masking related secure views have the same schema name as the table schema name.

ranger.policysync.connector.<id>.secure.view.name.remove.suffix.list

To Remove any Suffix from the secured view/s

Note:

By default view based row filter and masking related secure views have the same schema name as the table schema name.

ranger.policysync.connector.<id>.secure.view.create.for.all

Toggle to create secure views regardless of masking/row filter policies

FALSE

ranger.policysync.connector.<id>.enable.audit

Toggle to Enable/Disable Audits

TRUE

ranger.policysync.connector.<id>.audit.sqs.queue.name

AWS SQS Queue name to send the audit logs

ranger.policysync.connector.<id>.region

AWS Region name

MSSQL

Property

Description

Default Value

ranger.policysync.connector.<id>.class

Implementation class for mssql connector

com.privacera.policysync.connector.PSMSSQLConnector

ranger.policysync.connector.<id>.jdbc.driver

Jdbc driver

com.microsoft.sqlserver.jdbc.SQLServerDriver

ranger.policysync.connector.<id>.servicetype

Ranger service type

mssql

ranger.policysync.connector.<id>.service.appid

Ranger service appId

privacera_mssql

Snowflake

Property

Description

Default Value

ranger.policysync.connector.<id>.class

Implementation class for snowflake connector

com.privacera.policysync.connector.PSSnowflakeConnector

ranger.policysync.connector.<id>.jdbc.driver

Jdbc driver

net.snowflake.client.jdbc.SnowflakeDriver

ranger.policysync.connector.<id>.servicetype

Ranger service type

snowflake

ranger.policysync.connector.<id>.service.appid

Ranger service appId

privacera_snowflake

ranger.policysync.connector.<id>.audit.source.timezone

Audit source timezone

US/Pacific

ranger.policysync.connector.<id>.enable.column.access.masking

Toggle to enable/disable masking based column level access control in snowflake

Policysync will be configured to return '<REDACTED>' for text columns and 0 for numeric columns on which a user does not have access to.

TRUE

ranger.policysync.connector.<id>.enable.column.access.exception

Toggle to throw an exception if no column level access. This will cause the query to fail.

If set to True, then also set enable.column.access.masking to false

FALSE

ranger.policysync.connector.<id>.enable.column.access.exception.function

This property decides what function to call to throw an exception if no column level access is there in snowflake.

{database}.PUBLIC.ThrowColumnAccessException('{col}')

ranger.policysync.connector.<id>.enable.row.filter

Toggle to Enable Native Row Filter Functionality

FALSE

ranger.policysync.connector.<id>.user.login.name.use.email

When Set to True, Policysync will create Users Account with their email address as login in Snowflake

FALSE

ranger.policysync.connector.<id>.create.service.user

Toggle To Create User account in Snowflake

TRUE

ranger.policysync.connector.<id>.create.service.user.role

Toggle to allow policysync to create user roles in the snowflake

TRUE

ranger.policysync.connector.<id>.user.name.replace.from.regex

Takes the regular expression as input and finds the matching characters in user name and replaces them with the characters specified in user.name.replace.to.string variable.

#Note

#If set to blank, no find and replace operation is performed.

ranger.policysync.connector.<id>.user.name.replace.to.string

To replace the characters found by regex specified in user.name.replace.from.regex variable.

#Note

#If set to blank, no find and replace operation is performed.

ranger.policysync.connector.<id>.group.name.replace.from.regex

This takes the regular expression as input and finds the matching characters in the group name and replaces them with the characters specified in group.name.replace.to.string variable.

#Note

#If set to blank, no find and replace operation is performed.

ranger.policysync.connector.<id>.group.name.replace.to.string

To replace the characters found by regex specified in group.name.replace.from.regex variable.

#Note:

#If set to blank, no find and replace operation is performed.

ranger.policysync.connector.<id>.role.name.replace.from.regex

This takes the regular expression as input and finds the matching characters in role name and replaces them with the characters specified in role.name.replace.to.string variable.

#Note

If set to blank, no find and replace operation is performed.

ranger.policysync.connector.<id>.role.name.replace.to.string

To replace the characters found by regex specified in role.name.replace.from.regex variable.

#Note

If set to blank, no find and replace operation is performed.

ranger.policysync.connector.<id>.secure.view.schema.name.remove.suffix.list

Set the list of comma separated strings, which will be checked if it matches as a suffix for the schema name and if a match is found, suffix will be removed from the schema name.

#Note

if set to blank, no replacement will happen

ranger.policysync.connector.<id>.secure.view.name.remove.suffix.list

Set the list of comma separated strings, which will be checked if it matches as a suffix for the schema name and if a match is found, suffix will be removed from the schema name.

#Note

if set to blank, no replacement will happen

Redshift

Property

Description

Default Value

ranger.policysync.connector.<id>.class

Implementation class for postgres connector

com.privacera.policysync.connector.PSRedshiftDBConnector

ranger.policysync.connector.<id>.jdbc.driver

Jdbc driver

org.postgresql.Driver

ranger.policysync.connector.<id>.servicetype

Ranger service type

redshift

ranger.policysync.connector.<id>.service.appid

Ranger service appId

privacera_redshift

PostgreSQL

Property

Description

Default Value

ranger.policysync.connector.<id>.class

Implementation class for postgres connector

com.privacera.policysync.connector.PSPostgresBaseConnector

ranger.policysync.connector.<id>.jdbc.driver

Jdbc driver

org.postgresql.Driver

ranger.policysync.connector.<id>.servicetype

Ranger service type

postgres

ranger.policysync.connector.<id>.service.appid

Ranger service appId

privacera_postgres