Global access control with the Privacera Platform#
The integration of the Privacera Platform, powered by Apache Ranger with Starburst Enterprise platform (SEP) enables global access control for all configured catalogs. It uses the same configuration properties as global access control with Apache Ranger, with a few exceptions:
ranger.wild-card-resource-matching-for-row-filteringis not supported
ranger.wild-card-resource-matching-for-column-maskingis not supported
Global access control with the Privacera Platform requires a valid Starburst Enterprise license.
Before you begin, verify you fulfill the Ranger requirements.
In addition, the SEP Ranger plugin must be manually installed on the Privacera Platform. Contact Starburst Support to obtain download access to the Ranger plugin.
With the Privacera Platform installed and configured, you are ready to configure
SEP with Privacera as the activated access control system. Set the path to your Privacera
Platform access control configuration file in
Subsequently, configure the following properties in the file:
access-control.name=privacera-starburst ranger.policy-rest-url=http://ranger-admin:6080 ranger.service-name=hive-service ranger.row-filtering.enabled=true ranger.username=admin ranger.password=welcome1 ranger.config-resources=/docker/starburst-product-tests/conf/ranger/ranger-audit.xml ranger.policy-cache-dir=/tmp/ranger
More details about the supported configuration properties is available in the Ranger overview.
Creation and management of policies in the Privacera Platform is powered by the SEP Ranger plugin and therefore identical to the usage for global access control with Apache Ranger.