Global access control with the Privacera Platform#

The integration of the Privacera Platform, powered by Apache Ranger with Starburst Enterprise platform (SEP) enables global access control for all configured catalogs. It uses the same configuration properties as global access control with Apache Ranger, with a few exceptions:

  • ranger.wild-card-resource-matching-for-row-filtering is not supported

  • ranger.wild-card-resource-matching-for-column-masking is not supported

Note

Global access control with the Privacera Platform requires a valid Starburst Enterprise license.

Requirements#

Before you begin, verify you fulfill the Ranger requirements.

In addition, the SEP Ranger plugin must be manually installed on the Privacera Platform. Contact Starburst Support to obtain download access to the Ranger plugin.

Configuration#

With the Privacera Platform installed and configured, you are ready to configure SEP with Privacera as the activated access control system. Set the path to your Privacera Platform access control configuration file in config.properties:

access-control.config-files=etc/access-control-privacera.properties

Subsequently, configure the following properties in the file:

access-control.name=privacera-starburst
ranger.policy-rest-url=http://ranger-admin:6080
ranger.service-name=hive-service
ranger.row-filtering.enabled=true
ranger.username=admin
ranger.password=welcome1
ranger.config-resources=/docker/starburst-product-tests/conf/ranger/ranger-audit.xml
ranger.policy-cache-dir=/tmp/ranger

More details about the supported configuration properties is available in the Ranger overview.

Policy management#

Creation and management of policies in the Privacera Platform is powered by the SEP Ranger plugin and therefore identical to the usage for global access control with Apache Ranger.