Skip to content

Tags Overview

Audience: Data Owners, Data Users, and Data Governors

Content Summary: Tags serve several functions: they can drive Local or Global Subscription and Data Policies, they can be used to generate Immuta Reports, and they can drive search results in the Immuta UI. Governors can create tags or import tags from external catalogs in the Governance UI. Data Owners and Governors can then apply these tags to or remove them from projects, data sources, and/or specific columns within the data sources.

This section of documentation details how to manage, view, and apply tags to data and projects in the Immuta console. Additionally, Sensitive Data Detection, a feature that automatically tags columns with sensitive data during data source creation, is described below.

Section Contents

  • Creating and Managing Tags: Written for Data Governors, this tutorial outlines how to create tags in the Immuta console and how to import tags from external catalogs.
  • Applying Tags to Data Sources: Written for Data Owners and Data Governors, this tutorial details how to add tags to and remove tags from data sources and the Data Dictionary to restrict access to data and drive search results in the Immuta UI.
  • Applying Tags to Projects: Written for both users who have created a project and Data Governors, this tutorial outlines how to add and remove tags from projects in Immuta to drive search results in the UI.

Sensitive Data Detection

License-Driven Feature

Sensitive Data Detection is a license-driven feature that must be added for you before it is available in your Immuta instance.

Feature Demo: Sensitive Data Detection

To help users identify sensitive data and to enhance the power of Global Policies, Immuta offers Sensitive Data Detection. When enabled on the App Settings page, this feature automatically identifies and tags columns that contain sensitive data (PII, PHI, etc.) when the data source is created.

During the fingerprint process Sensitive Data Detection divides the classification of the data into specific tags: Immuta “Discovered” tags.

Discovered Tags

The Immuta application is pre-configured with a set of these tags that the service can return so that they can be used to write Global Policies before data sources even exist. Consequently, sensitive data is tagged and appropriate policies are enforced immediately upon data source creation.

Only Application Admins have the option to enable Sensitive Data Detection on the App Settings page. However, users can disable auto-tagging on a data-source-by-data-source basis, and Governors can delete any unwanted “Discovered” tags in the Immuta application to prevent them from being used and auto-detected in the future.