Dremio connector properties for PolicySync on Privacera

These Dremio connector properties can be set for PolicySync in Privacera.

The properties are grouped by general function, such as JDBC connection properties, properties for user, group, and role management, and other functions.

The properties are also categorized as BASIC or ADVANCED:

BASIC pertains to the most fundamental aspects of the connector, such as authentication.
ADVANCED indicates additional features beyond the BASICs, such as row-filtering or group member handling.

Start by setting the BASIC properties and then examine the ADVANCED properties to determine which of these features you might want to enable.

For a general process to migrate values from old YAML files to the new YAML files, see Migration to PolicySync v2 on Privacera Platform 7.2.

Category	Property name	Description	Default
JDBC configuration properties
BASIC	`CONNECTOR_DREMIO_JDBC_URL`	This property is used to set JDBC url which can be used to create a direct connection to a Dremio coordinator node. JDBC URL should follow below convention `jdbc:dremio:direct=<DREMIO_COORDINATOR>:31010` Example :- `jdbc:dremio:direct=example-12345fg.us-east-1.elb.amazonaws.com:31010`
BASIC	`CONNECTOR_DREMIO_JDBC_USERNAME`	This property is used to set JDBC Username to be used to make connection to Dremio coordinator. This is just an username used to log in to Dremio to manage the Authorization. (ex. adminUser)
BASIC	`CONNECTOR_DREMIO_JDBC_PASSWORD`	This property is used to set JDBC user's password to be used to make connection to Dremio coordinator.
BASIC	`CONNECTOR_DREMIO_OWNER_ROLE`	This property is used to set ownership for all the resources managed by policysync. The specified user will become owner for all managed resources and will have full control on those resources. We support changing owners of source, space, source folders, space folders, physical datasets and virtual datasets. Note :- If owner role is kept as blank, then ownership will not change and users who creates resources or any other object will be the owner of those objects and policysync won't be able to do access control on that objects.
BASIC	`CONNECTOR_DREMIO_URL`	This property is used to make a call to Dremio API for catalogs/users/groups/audits. For example `https://internal-dummy.us-east-1.elb.amazonaws.com:9047`
BASIC	`CONNECTOR_DREMIO_DEFAULT_USER_PASSWORD`	This property is used to set password which will be used as default password for every new user created by policysync.
Resources management
BASIC	`CONNECTOR_DREMIO_MANAGE_SPACE_LIST`	This property is used to set comma separated space names for which access control should be managed by policysync. If you want to manage all spaces then you can skip specifying this property. This supports wildcards as well. The ignore space list has precedence over manage space list. Eg. `testspace1,testspace2,space*` Note :- values for this property are case-sensitive.
BASIC	`CONNECTOR_DREMIO_MANAGE_SOURCE_LIST`	This property is used to set comma separated source names which access control should be managed by policysync. If you want to manage all sources then you can skip specifying this property. This supports wildcards as well. The ignore source list has precedence over manage source list. Eg. `testsource1,testsource2,source*` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_MANAGE_SOURCE_FOLDER_LIST`	This property is used to set comma separated source folder for which access control should be managed by policysync. If you want to manage all source folder then you can skip specifying this property. This supports wildcards as well. The ignore source folder list has precedence over manage source folder list. Eg. `source.sourcefolder,source.sales` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_MANAGE_SPACE_FOLDER_LIST`	This property is used to set comma separated space folder for which access control should be managed by policysync. If you want to manage all space folders then you can skip specifying this property. This supports wildcards as well. The ignore space folder list has precedence over manage space folder list. Eg. `space.spacefolder,space.sales` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_MANAGE_PHYSICAL_DATASET_LIST`	This property is used to set comma separated physical datasets for which access control should be managed by policysync. If you want to manage all physical datasets then you can skip specifying this property. This supports wildcards as well. The ignore physical dataset list has precedence over manage physical dataset list. Eg. `source.folder1.physicaldataset,source.sales.*` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_MANAGE_VIRTUAL_DATASET_LIST`	This property is used to set comma separated virtual datasets for which access control should be managed by policysync. If you want to manage all virtual datasets then you can skip specifying this property. This supports wildcards as well. The ignore virtual dataset list has precedence over manage virtual dataset list. Eg. `space.folder1.virtualdataset,space.sales.*` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_IGNORE_SOURCE_LIST`	This property is used to set comma separated source names for which you don't want access control to be managed by policysync. If you don't want to ignore any source then you can skip specifying this property. This supports wildcards as well. This has precedence over manage source list. Eg. `testsource,sales*` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_IGNORE_SPACE_LIST`	This property is used to set comma separated space names for which you don't want access control to be managed by policysync. If you don't want to ignore any space then you can skip specifying this property. This supports wildcards as well. This has precedence over manage space list. Eg. `testspace,sales*` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_IGNORE_SOURCE_FOLDER_LIST`	This property is used to set comma separated source folder names for which you don't want access control to be managed by policysync. If you don't want to ignore any source folder then you can skip specifying this property. This supports wildcards as well. This has precedence over manage source folder list. Eg. `source.sourcefolder,source.sales` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_IGNORE_SPACE_FOLDER_LIST`	This property is used to set comma separated space folder names for which you don't want access control to be managed by policysync. If you don't want to ignore any space folder then you can skip specifying this property. This supports wildcards as well. This has precedence over manage space folder list. Eg. `space.spacefolder,space.sales` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_IGNORE_PHYSICAL_DATASET_LIST`	This property is used to set comma separated physical dataset names for which you don't want access control to be managed by policysync. If you don't want to ignore any physical dataset then you can skip specifying this property. This supports wildcards as well. This has precedence over manage physical dataset list. Eg. `source.folder1.physicaldataset,source.sales.*` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_IGNORE_VIRTUAL_DATASET_LIST`	This property is used to set comma separated virtual dataset names for which you don't want access control to be managed by policysync. If you don't want to ignore any virtual dataset then you can skip specifying this property. This supports wildcards as well. This has precedence over manage virtual dataset list. Eg. `source.folder1.virtualdataset,source.sales.*` Note :- values for this property are case-sensitive.
Users/Groups/Roles management
ADVANCED	`CONNECTOR_DREMIO_USER_NAME_REPLACE_FROM_REGEX`	This takes the regular expression as input and finds the matching characters in a user name and replaces them with the characters specified in property. If kept blank, no find and replace operation is performed.	[~`$&+:;=?@#\|'<>.\\\\s^*()_%\\\\[\\\\]!\\\\-\\\\/\\\\\\\\{}]
ADVANCED	`CONNECTOR_DREMIO_USER_NAME_REPLACE_TO_STRING`	The value specified in this property is used to replace the characters found by the regex specified user name regex property. If kept blank, no find and replace operation is performed.	`_`
ADVANCED	`CONNECTOR_DREMIO_GROUP_NAME_REPLACE_FROM_REGEX`	This takes the regular expression as input and finds the matching characters in a group name and replaces them with the characters specified in property. If kept blank, no find and replace operation is performed.	[~`$&+:;=?@#\|'<>.\\\\s^*()_%\\\\[\\\\]!\\\\-\\\\/\\\\\\\\{}]
ADVANCED	`CONNECTOR_DREMIO_GROUP_NAME_REPLACE_TO_STRING`	The value specified in this property is used to replace the characters found by the regex specified group name regex property. If kept blank, no find and replace operation is performed.	`_`
ADVANCED	`CONNECTOR_DREMIO_ROLE_NAME_REPLACE_FROM_REGEX`	This takes the regular expression as input and finds the matching characters in a role name and replaces them with the characters specified in property. If kept blank, no find and replace operation is performed.	[~`$&+:;=?@#\|'<>.\\\\s^*()_%\\\\[\\\\]!\\\\-\\\\/\\\\\\\\{}]
ADVANCED	`CONNECTOR_DREMIO_ROLE_NAME_REPLACE_TO_STRING`	The value specified in this property is used to replace the characters found by the regex specified role name regex property. If kept blank, no find and replace operation is performed.	`_`
ADVANCED	`CONNECTOR_DREMIO_USER_NAME_PERSIST_CASE_SENSITIVITY`	After loading user from Ranger API's all users are converted into lowercase, but in some cases, you would need to have the users in the same case as they are in Ranger. When setting this value to true, it will maintain the case sensitivity of names as they are in Ranger.	`false`
ADVANCED	`CONNECTOR_DREMIO_GROUP_NAME_PERSIST_CASE_SENSITIVITY`	After loading group from Ranger API's all groups are converted into lowercase, but in some cases, you would need to have the groups in the same case as they are in Ranger. When setting this value to true, it will maintain the case sensitivity of names as they are in Ranger.	`false`
ADVANCED	`CONNECTOR_DREMIO_ROLE_NAME_PERSIST_CASE_SENSITIVITY`	After loading role from Ranger API's all roles are converted into lowercase, but in some cases, you would need to have the roles in the same case as they are in Ranger. When setting this value to true, it will maintain the case sensitivity of names as they are in Ranger.	`false`
	`CONNECTOR_DREMIO_USER_NAME_CASE_CONVERSION`	This property only applicable if `USER NAME PERSIST CASE SENSITIVITY` is set to false. Managed users name would be treated as lowercase by default. If the value is set to "upper" then the user name would be treated as uppercase. If the value is set to "none" then the user name case is preserved as present in ranger.	`lower`
ADVANCED	`CONNECTOR_DREMIO_CREATE_USER`	This property controls whether we should create user in dremio for users fetched from ranger.	`true`
ADVANCED	`CONNECTOR_DREMIO_CREATE_USER_ROLE`	This property controls whether we should create role over the end user in dremio for users fetched from ranger.	`true`
ADVANCED	`CONNECTOR_DREMIO_MANAGE_USERS`	This property controls whether we should create role in dremio for users fetched from ranger.	`true`
ADVANCED	`CONNECTOR_DREMIO_MANAGE_GROUPS`	This property controls whether we should create role in dremio for groups fetched from ranger.	`true`
CUSTOM	`CONNECTOR_DREMIO_MANAGE_GROUP_MEMBERS`		`true`
ADVANCED	`CONNECTOR_DREMIO_MANAGE_ROLES`	This property controls whether we should create role in dremio for roles fetched from ranger.	`true`
CUSTOM	`CONNECTOR_DREMIO_MANAGE_GROUP_MEMBERS`		`true`
ADVANCED	`CONNECTOR_DREMIO_MANAGE_USER_LIST`	This property is used to set comma separated user names which access control should be managed by policysync. If you want to manage all users then you can skip specifying this property. This supports wildcards as well. The ignore users list has precedence over manage users list. Eg. `user1,user2,dev_user*`
ADVANCED	`CONNECTOR_DREMIO_MANAGE_GROUP_LIST`	This property is used to set comma separated group names which access control should be managed by policysync. If you want to manage all group then you can skip specifying this property. This supports wildcards as well. The ignore group list has precedence over manage group list. Eg. `group1,group2,dev_group*`
ADVANCED	`CONNECTOR_DREMIO_MANAGE_ROLE_LIST`	This property is used to set comma separated role names which access control should be managed by policysync. If you want to manage all role then you can skip specifying this property. This supports wildcards as well. The ignore role list has precedence over manage role list. Eg. `role1,role2,dev_role*`
ADVANCED	`CONNECTOR_DREMIO_IGNORE_USER_LIST`	This property is used to set comma separated user names which access control you don't want to be managed by policysync. If you don't want to ignore any users then you can skip specifying this property. This supports wildcards as well. This has precedence over manage users list. Eg. `user1,user2,dev_user*`
ADVANCED	`CONNECTOR_DREMIO_IGNORE_GROUP_LIST`	This property is used to set comma separated group names which access control you don't want to be managed by policysync. If you don't want to ignore any groups then you can skip specifying this property. This supports wildcards as well. This has precedence over manage groups list. Eg. `group1,group2,dev_group*`
ADVANCED	`CONNECTOR_DREMIO_IGNORE_ROLE_LIST`	This property is used to set comma separated role names which access control you don't want to be managed by policysync. If you don't want to ignore any roles then you can skip specifying this property. This supports wildcards as well. This has precedence over manage roles list. Eg. `role1,role2,dev_role*`
ADVANCED	`CONNECTOR_DREMIO_USER_ROLE_PREFIX`	This property is used to set a prefix for role which we will be creating in Dremio for user from ranger. For example if you have user named john in ranger and you have defined prefix as test_user_ then the role which we create for john in Dremio will have name `test_user_john`	`priv_user_`
ADVANCED	`CONNECTOR_DREMIO_GROUP_ROLE_PREFIX`	This property is used to set a prefix for role which we will be creating in Dremio for group from ranger. For example if you have group named dev in ranger and you have defined prefix as test_group_ then the role which we create for dev in Dremio will have name `test_group_dev`.	`priv_group_`
ADVANCED	`CONNECTOR_DREMIO_ROLE_ROLE_PREFIX`	This property is used to set a prefix for role which we will be creating in Dremio for role from ranger. For example if you have role named finance in ranger and you have defined prefix as test_role_ then the role which we create for finance in Dremio will have name `test_role_finance`.	`priv_role_`
ADVANCED	`CONNECTOR_DREMIO_USE_NATIVE_PUBLIC_GROUP`	Set this property to true, if you want policysync to use the "public" group from Dremio for access grants whenever there is policy created referring to public group inside it.	`true`

ADVANCED	`CONNECTOR_DREMIO_MANAGE_USER_FILTERBY_GROUP`	Set this property to true, if you want to manage only the users who belongs the the groups defined in manage groups list property.	`false`
ADVANCED	`CONNECTOR_DREMIO_MANAGE_USER_FILTERBY_ROLE`	Set this property to true, if you want to manage only the users who belongs the the roles defined in manage roles list property.	`false`
Access control management
ADVANCED	`CONNECTOR_DREMIO_ENABLE_VIEW_BASED_MASKING`	Set this property to true, if you want to enable secure view based masking in Dremio policysync.	`false`
ADVANCED	`CONNECTOR_DREMIO_ENABLE_VIEW_BASED_ROW_FILTER`	Set this property to true, if you want to enable secure view based tr filter in Dremio policysync.	`false`
ADVANCED	`CONNECTOR_DREMIO_SECURE_VIEW_CREATE_FOR_ALL`	Set this property to true, if you want to create secure view for all datasets which were created by end users. This will create secure view for datasets regardless whether there any masking/tr filter policy exists in ranger.	`false`
ADVANCED	`CONNECTOR_DREMIO_ENABLE_ROW_FILTER`	This property controls whether to enable native tr filter policy creation functionality in policysync.	`true`
ADVANCED	`CONNECTOR_DREMIO_ENABLE_MASKING`	This property controls whether to enable native masking policy creation functionality in policysync.	`true`
ADVANCED	`CONNECTOR_DREMIO_MASKED_NUMBER_VALUE`	This property is used to specify the default masking value for numeric columns	`0`
ADVANCED	`CONNECTOR_DREMIO_MASKED_DOUBLE_VALUE`	This property is used to specify the default masking value for double datatype columns	`0`
ADVANCED	`CONNECTOR_DREMIO_MASKED_TEXT_VALUE`	This property is used to specify the default masking value for text/string columns	`<MASKED>'`

ADVANCED	`CONNECTOR_DREMIO_SECURE_SPACE_PREFIX`	By default view-based tr filter and masking related secure views have the same space name as the table/view source/space name. If you want to change the secure view space name prefix and postfix, that can be done with these properties. After prefix and postfix is specified the view space name will be in this format : `{prefix}{view_space_name}{postfix}`
ADVANCED	`CONNECTOR_DREMIO_SECURE_SPACE_POSTFIX`	By default view-based tr filter and masking related secure views have the same space name as the table/view source/space name. If you want to change the secure view space name prefix and postfix, that can be done with these properties. After prefix and postfix is specified the view space name will be in this format : `{prefix}{view_space_name}{postfix}`	`_secure`
BASIC	`CONNECTOR_DREMIO_GRANT_UPDATES`	This property controls whether actual grant/revoke and create/update/delete queries for user/group/role should be run on Dremio.	`true`
ADVANCED	`CONNECTOR_DREMIO_ENABLE_DATA_ADMIN`	This property is used to enable data admin feature, with data admin feature enabled you can create all the policies on table/native view and by default perspective grants will be maid on secure view of table table or native view. And this secure view will have tr filter and masking capability as well. In case if you need permission on table then you can select the permission you want plus DataAdmin in the policy, In this case that permissions will be granted on both, the table/native view and its secure view as well.	`false`
ADVANCED	CONNECTOR_DREMIO_RANGER_SERVICE_NAME	If you have created a custom policy repository for this connector, as described in Recommended PolicySync topology: individual policy repositories for individual connectors, set this property to the name of that custom policy repository. For example, if you have created a policy repository named postgresql_qa_instance, the value of this property should be set to postgresql_qa_instance.	privacera_dremio
Access audits management
BASIC	`CONNECTOR_DREMIO_AUDIT_ENABLE`	This property is used to enable access audit fetching from Dremio.	`true`
ADVANCED	`CONNECTOR_DREMIO_AUDIT_EXCLUDED_USERS`	This property is used to exclude the users while pushing the audits logs to ranger access audits. Recommended to set this as JDBC user name as there will be audits from policysync application.	`{{DREMIO_JDBC_USERNAME}}`

Category	Property name	Description	Default
JDBC configuration properties
BASIC	`CONNECTOR_DREMIO_JDBC_URL`	This property is used to set JDBC url which can be used to create a direct connection to a Dremio coordinator node. JDBC URL should follow below convention `jdbc:dremio:direct=<DREMIO_COORDINATOR>:31010` Example :- `jdbc:dremio:direct=example-12345fg.us-east-1.elb.amazonaws.com:31010`
BASIC	`CONNECTOR_DREMIO_JDBC_USERNAME`	This property is used to set JDBC Username to be used to make connection to Dremio coordinator. This is just an username used to log in to Dremio to manage the Authorization. (ex. adminUser)
BASIC	`CONNECTOR_DREMIO_JDBC_PASSWORD`	This property is used to set JDBC user's password to be used to make connection to Dremio coordinator.
BASIC	`CONNECTOR_DREMIO_OWNER_ROLE`	This property is used to set ownership for all the resources managed by policysync. The specified user will become owner for all managed resources and will have full control on those resources. We support changing owners of source, space, source folders, space folders, physical datasets and virtual datasets. Note :- If owner role is kept as blank, then ownership will not change and users who creates resources or any other object will be the owner of those objects and policysync won't be able to do access control on that objects.
BASIC	`CONNECTOR_DREMIO_URL`	This property is used to make a call to Dremio API for catalogs/users/groups/audits. For example `https://internal-dummy.us-east-1.elb.amazonaws.com:9047`
BASIC	`CONNECTOR_DREMIO_DEFAULT_USER_PASSWORD`	This property is used to set password which will be used as default password for every new user created by policysync.
Resources management
BASIC	`CONNECTOR_DREMIO_MANAGE_SPACE_LIST`	This property is used to set comma separated space names for which access control should be managed by policysync. If you want to manage all spaces then you can skip specifying this property. This supports wildcards as well. The ignore space list has precedence over manage space list. Eg. `testspace1,testspace2,space*` Note :- values for this property are case-sensitive.
BASIC	`CONNECTOR_DREMIO_MANAGE_SOURCE_LIST`	This property is used to set comma separated source names which access control should be managed by policysync. If you want to manage all sources then you can skip specifying this property. This supports wildcards as well. The ignore source list has precedence over manage source list. Eg. `testsource1,testsource2,source*` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_MANAGE_SOURCE_FOLDER_LIST`	This property is used to set comma separated source folder for which access control should be managed by policysync. If you want to manage all source folder then you can skip specifying this property. This supports wildcards as well. The ignore source folder list has precedence over manage source folder list. Eg. `source.sourcefolder,source.sales` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_MANAGE_SPACE_FOLDER_LIST`	This property is used to set comma separated space folder for which access control should be managed by policysync. If you want to manage all space folders then you can skip specifying this property. This supports wildcards as well. The ignore space folder list has precedence over manage space folder list. Eg. `space.spacefolder,space.sales` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_MANAGE_PHYSICAL_DATASET_LIST`	This property is used to set comma separated physical datasets for which access control should be managed by policysync. If you want to manage all physical datasets then you can skip specifying this property. This supports wildcards as well. The ignore physical dataset list has precedence over manage physical dataset list. Eg. `source.folder1.physicaldataset,source.sales.*` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_MANAGE_VIRTUAL_DATASET_LIST`	This property is used to set comma separated virtual datasets for which access control should be managed by policysync. If you want to manage all virtual datasets then you can skip specifying this property. This supports wildcards as well. The ignore virtual dataset list has precedence over manage virtual dataset list. Eg. `space.folder1.virtualdataset,space.sales.*` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_IGNORE_SOURCE_LIST`	This property is used to set comma separated source names for which you don't want access control to be managed by policysync. If you don't want to ignore any source then you can skip specifying this property. This supports wildcards as well. This has precedence over manage source list. Eg. `testsource,sales*` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_IGNORE_SPACE_LIST`	This property is used to set comma separated space names for which you don't want access control to be managed by policysync. If you don't want to ignore any space then you can skip specifying this property. This supports wildcards as well. This has precedence over manage space list. Eg. `testspace,sales*` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_IGNORE_SOURCE_FOLDER_LIST`	This property is used to set comma separated source folder names for which you don't want access control to be managed by policysync. If you don't want to ignore any source folder then you can skip specifying this property. This supports wildcards as well. This has precedence over manage source folder list. Eg. `source.sourcefolder,source.sales` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_IGNORE_SPACE_FOLDER_LIST`	This property is used to set comma separated space folder names for which you don't want access control to be managed by policysync. If you don't want to ignore any space folder then you can skip specifying this property. This supports wildcards as well. This has precedence over manage space folder list. Eg. `space.spacefolder,space.sales` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_IGNORE_PHYSICAL_DATASET_LIST`	This property is used to set comma separated physical dataset names for which you don't want access control to be managed by policysync. If you don't want to ignore any physical dataset then you can skip specifying this property. This supports wildcards as well. This has precedence over manage physical dataset list. Eg. `source.folder1.physicaldataset,source.sales.*` Note :- values for this property are case-sensitive.
ADVANCED	`CONNECTOR_DREMIO_IGNORE_VIRTUAL_DATASET_LIST`	This property is used to set comma separated virtual dataset names for which you don't want access control to be managed by policysync. If you don't want to ignore any virtual dataset then you can skip specifying this property. This supports wildcards as well. This has precedence over manage virtual dataset list. Eg. `source.folder1.virtualdataset,source.sales.*` Note :- values for this property are case-sensitive.
Users/Groups/Roles management
ADVANCED	`CONNECTOR_DREMIO_USER_NAME_REPLACE_FROM_REGEX`	This takes the regular expression as input and finds the matching characters in a user name and replaces them with the characters specified in property. If kept blank, no find and replace operation is performed.	[~`$&+:;=?@#\|'<>.\\\\s^*()_%\\\\[\\\\]!\\\\-\\\\/\\\\\\\\{}]
ADVANCED	`CONNECTOR_DREMIO_USER_NAME_REPLACE_TO_STRING`	The value specified in this property is used to replace the characters found by the regex specified user name regex property. If kept blank, no find and replace operation is performed.	`_`
ADVANCED	`CONNECTOR_DREMIO_GROUP_NAME_REPLACE_FROM_REGEX`	This takes the regular expression as input and finds the matching characters in a group name and replaces them with the characters specified in property. If kept blank, no find and replace operation is performed.	[~`$&+:;=?@#\|'<>.\\\\s^*()_%\\\\[\\\\]!\\\\-\\\\/\\\\\\\\{}]
ADVANCED	`CONNECTOR_DREMIO_GROUP_NAME_REPLACE_TO_STRING`	The value specified in this property is used to replace the characters found by the regex specified group name regex property. If kept blank, no find and replace operation is performed.	`_`
ADVANCED	`CONNECTOR_DREMIO_ROLE_NAME_REPLACE_FROM_REGEX`	This takes the regular expression as input and finds the matching characters in a role name and replaces them with the characters specified in property. If kept blank, no find and replace operation is performed.	[~`$&+:;=?@#\|'<>.\\\\s^*()_%\\\\[\\\\]!\\\\-\\\\/\\\\\\\\{}]
ADVANCED	`CONNECTOR_DREMIO_ROLE_NAME_REPLACE_TO_STRING`	The value specified in this property is used to replace the characters found by the regex specified role name regex property. If kept blank, no find and replace operation is performed.	`_`
ADVANCED	`CONNECTOR_DREMIO_USER_NAME_PERSIST_CASE_SENSITIVITY`	After loading user from Ranger API's all users are converted into lowercase, but in some cases, you would need to have the users in the same case as they are in Ranger. When setting this value to true, it will maintain the case sensitivity of names as they are in Ranger.	`false`
ADVANCED	`CONNECTOR_DREMIO_GROUP_NAME_PERSIST_CASE_SENSITIVITY`	After loading group from Ranger API's all groups are converted into lowercase, but in some cases, you would need to have the groups in the same case as they are in Ranger. When setting this value to true, it will maintain the case sensitivity of names as they are in Ranger.	`false`
ADVANCED	`CONNECTOR_DREMIO_ROLE_NAME_PERSIST_CASE_SENSITIVITY`	After loading role from Ranger API's all roles are converted into lowercase, but in some cases, you would need to have the roles in the same case as they are in Ranger. When setting this value to true, it will maintain the case sensitivity of names as they are in Ranger.	`false`
	`CONNECTOR_DREMIO_USER_NAME_CASE_CONVERSION`	This property only applicable if `USER NAME PERSIST CASE SENSITIVITY` is set to false. Managed users name would be treated as lowercase by default. If the value is set to "upper" then the user name would be treated as uppercase. If the value is set to "none" then the user name case is preserved as present in ranger.	`lower`
ADVANCED	`CONNECTOR_DREMIO_CREATE_USER`	This property controls whether we should create user in dremio for users fetched from ranger.	`true`
ADVANCED	`CONNECTOR_DREMIO_CREATE_USER_ROLE`	This property controls whether we should create role over the end user in dremio for users fetched from ranger.	`true`
ADVANCED	`CONNECTOR_DREMIO_MANAGE_USERS`	This property controls whether we should create role in dremio for users fetched from ranger.	`true`
ADVANCED	`CONNECTOR_DREMIO_MANAGE_GROUPS`	This property controls whether we should create role in dremio for groups fetched from ranger.	`true`
CUSTOM	`CONNECTOR_DREMIO_MANAGE_GROUP_MEMBERS`		`true`
ADVANCED	`CONNECTOR_DREMIO_MANAGE_ROLES`	This property controls whether we should create role in dremio for roles fetched from ranger.	`true`
CUSTOM	`CONNECTOR_DREMIO_MANAGE_GROUP_MEMBERS`		`true`
ADVANCED	`CONNECTOR_DREMIO_MANAGE_USER_LIST`	This property is used to set comma separated user names which access control should be managed by policysync. If you want to manage all users then you can skip specifying this property. This supports wildcards as well. The ignore users list has precedence over manage users list. Eg. `user1,user2,dev_user*`
ADVANCED	`CONNECTOR_DREMIO_MANAGE_GROUP_LIST`	This property is used to set comma separated group names which access control should be managed by policysync. If you want to manage all group then you can skip specifying this property. This supports wildcards as well. The ignore group list has precedence over manage group list. Eg. `group1,group2,dev_group*`
ADVANCED	`CONNECTOR_DREMIO_MANAGE_ROLE_LIST`	This property is used to set comma separated role names which access control should be managed by policysync. If you want to manage all role then you can skip specifying this property. This supports wildcards as well. The ignore role list has precedence over manage role list. Eg. `role1,role2,dev_role*`
ADVANCED	`CONNECTOR_DREMIO_IGNORE_USER_LIST`	This property is used to set comma separated user names which access control you don't want to be managed by policysync. If you don't want to ignore any users then you can skip specifying this property. This supports wildcards as well. This has precedence over manage users list. Eg. `user1,user2,dev_user*`
ADVANCED	`CONNECTOR_DREMIO_IGNORE_GROUP_LIST`	This property is used to set comma separated group names which access control you don't want to be managed by policysync. If you don't want to ignore any groups then you can skip specifying this property. This supports wildcards as well. This has precedence over manage groups list. Eg. `group1,group2,dev_group*`
ADVANCED	`CONNECTOR_DREMIO_IGNORE_ROLE_LIST`	This property is used to set comma separated role names which access control you don't want to be managed by policysync. If you don't want to ignore any roles then you can skip specifying this property. This supports wildcards as well. This has precedence over manage roles list. Eg. `role1,role2,dev_role*`
ADVANCED	`CONNECTOR_DREMIO_USER_ROLE_PREFIX`	This property is used to set a prefix for role which we will be creating in Dremio for user from ranger. For example if you have user named john in ranger and you have defined prefix as test_user_ then the role which we create for john in Dremio will have name `test_user_john`	`priv_user_`
ADVANCED	`CONNECTOR_DREMIO_GROUP_ROLE_PREFIX`	This property is used to set a prefix for role which we will be creating in Dremio for group from ranger. For example if you have group named dev in ranger and you have defined prefix as test_group_ then the role which we create for dev in Dremio will have name `test_group_dev`.	`priv_group_`
ADVANCED	`CONNECTOR_DREMIO_ROLE_ROLE_PREFIX`	This property is used to set a prefix for role which we will be creating in Dremio for role from ranger. For example if you have role named finance in ranger and you have defined prefix as test_role_ then the role which we create for finance in Dremio will have name `test_role_finance`.	`priv_role_`
ADVANCED	`CONNECTOR_DREMIO_USE_NATIVE_PUBLIC_GROUP`	Set this property to true, if you want policysync to use the "public" group from Dremio for access grants whenever there is policy created referring to public group inside it.	`true`

ADVANCED	`CONNECTOR_DREMIO_MANAGE_USER_FILTERBY_GROUP`	Set this property to true, if you want to manage only the users who belongs the the groups defined in manage groups list property.	`false`
ADVANCED	`CONNECTOR_DREMIO_MANAGE_USER_FILTERBY_ROLE`	Set this property to true, if you want to manage only the users who belongs the the roles defined in manage roles list property.	`false`
Access control management
ADVANCED	`CONNECTOR_DREMIO_ENABLE_VIEW_BASED_MASKING`	Set this property to true, if you want to enable secure view based masking in Dremio policysync.	`false`
ADVANCED	`CONNECTOR_DREMIO_ENABLE_VIEW_BASED_ROW_FILTER`	Set this property to true, if you want to enable secure view based tr filter in Dremio policysync.	`false`
ADVANCED	`CONNECTOR_DREMIO_SECURE_VIEW_CREATE_FOR_ALL`	Set this property to true, if you want to create secure view for all datasets which were created by end users. This will create secure view for datasets regardless whether there any masking/tr filter policy exists in ranger.	`false`
ADVANCED	`CONNECTOR_DREMIO_ENABLE_ROW_FILTER`	This property controls whether to enable native tr filter policy creation functionality in policysync.	`true`
ADVANCED	`CONNECTOR_DREMIO_ENABLE_MASKING`	This property controls whether to enable native masking policy creation functionality in policysync.	`true`
ADVANCED	`CONNECTOR_DREMIO_MASKED_NUMBER_VALUE`	This property is used to specify the default masking value for numeric columns	`0`
ADVANCED	`CONNECTOR_DREMIO_MASKED_DOUBLE_VALUE`	This property is used to specify the default masking value for double datatype columns	`0`
ADVANCED	`CONNECTOR_DREMIO_MASKED_TEXT_VALUE`	This property is used to specify the default masking value for text/string columns	`<MASKED>'`

ADVANCED	`CONNECTOR_DREMIO_SECURE_SPACE_PREFIX`	By default view-based tr filter and masking related secure views have the same space name as the table/view source/space name. If you want to change the secure view space name prefix and postfix, that can be done with these properties. After prefix and postfix is specified the view space name will be in this format : `{prefix}{view_space_name}{postfix}`
ADVANCED	`CONNECTOR_DREMIO_SECURE_SPACE_POSTFIX`	By default view-based tr filter and masking related secure views have the same space name as the table/view source/space name. If you want to change the secure view space name prefix and postfix, that can be done with these properties. After prefix and postfix is specified the view space name will be in this format : `{prefix}{view_space_name}{postfix}`	`_secure`
BASIC	`CONNECTOR_DREMIO_GRANT_UPDATES`	This property controls whether actual grant/revoke and create/update/delete queries for user/group/role should be run on Dremio.	`true`
ADVANCED	`CONNECTOR_DREMIO_ENABLE_DATA_ADMIN`	This property is used to enable data admin feature, with data admin feature enabled you can create all the policies on table/native view and by default perspective grants will be maid on secure view of table table or native view. And this secure view will have tr filter and masking capability as well. In case if you need permission on table then you can select the permission you want plus DataAdmin in the policy, In this case that permissions will be granted on both, the table/native view and its secure view as well.	`false`
ADVANCED	CONNECTOR_DREMIO_RANGER_SERVICE_NAME	If you have created a custom policy repository for this connector, as described in Recommended PolicySync topology: individual policy repositories for individual connectors, set this property to the name of that custom policy repository. For example, if you have created a policy repository named postgresql_qa_instance, the value of this property should be set to postgresql_qa_instance.	privacera_dremio
Access audits management
BASIC	`CONNECTOR_DREMIO_AUDIT_ENABLE`	This property is used to enable access audit fetching from Dremio.	`true`
ADVANCED	`CONNECTOR_DREMIO_AUDIT_EXCLUDED_USERS`	This property is used to exclude the users while pushing the audits logs to ranger access audits. Recommended to set this as JDBC user name as there will be audits from policysync application.	`{{DREMIO_JDBC_USERNAME}}`

Dremio connector properties for PolicySync on Privacera

Search results