Skip to content

You are viewing documentation for Immuta version 2.8.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

General FAQs

Below is a list of frequently asked questions. For detailed instructions and information for each question, click on the links provided to redirect to the corresponding section in our Documentation.

To view questions categorized by user role, select one of these links:

Data Access

How do I access data through Immuta?

The Immuta data control plane does not require users to learn a new API or language to access data exposed there. Immuta plugs into existing tools and ongoing work while remaining completely invisible to downstream consumers by exposing the data through these foundational access patterns: Databricks, the Immuta Query Engine, HDFS, S3, Snowflake, and SparkSQL.

Can I integrate Immuta with analytic tools I already use?

Immuta is easy to integrate with many analytic and Business Intelligence tools. Click the link above to access guides for hooking Immuta into your preferred tools.

Video Tutorial: Connecting to Immuta with Looker

Video Tutorial: Connecting to Immuta with Tableau

Use of Data

Does Immuta copy my data?

No. Immuta only exposes existing data to enforce policies. Immuta does not make a copy of this data, but creates a virtual reference to the data.

Can Immuta use external metadata?

Immuta can leverage metadata tools, such as Collibra or Alation, to pull in external catalog tags and drive global policies. For example, instead of building a local policy that masks a specific column in a specific table, Data Governors can build a global policy that is broader, such as "Mask anywhere there's PII data." In this scenario, Immuta uses the external catalog tags to determine where that PII data exists to then enforce the policy in corresponding data sources.

Data Sources and Projects

What is a data source?

A data source is a virtual representation of data, which is exposed by Immuta according to settings created by Data Owners. These settings enable data to be accessed in a consistent manner across analytics and visualization tools.

How do I create a data source?

Method 1

  1. Click the (+) icon in the lower left corner of Immuta.
  2. Click the Data Sources icon.
  3. Follow instructions for query-backed data sources or object-backed data sources, depending on your chosen storage technology.

Method 2

  1. Navigate to the My Data Sources page.
  2. Click on the Add Data Sources button.
  3. Follow instructions for >query-backed data sources or object-backed data sources, depending on your chosen storage technology.

How do I search for a data source?

A list of available data sources is provided in Immuta's Web UI. Users can search for data sources by keyword, tag, organization and category in the search bar in the top left corner.

How do I disable a data source?

Disabling a data source essentially hides it from all users except the Data Owner.

To disable a data source, navigate to the Data Source Overview page, click on the menu icon in the upper right corner, and select Disable.

After disabling a data source, Data Owners may choose to Restore or Delete the data source.

What are projects, and why should I use them?

Video Tutorial: Creating Projects

Projects enable users to discuss their work, collaborate on data analysis, and link multiple data sources. Projects can be created by users who are interested in efficiently and logically organizing their work (Data Consumers) or users who are interested in restricting how their data is used (Data Owners).

How do I manage project settings and restrictions?

Settings and restrictions for projects are edited from the Immuta Governance page. Only users with the Governance permission can access these features.

What are acknowledgement statements?

Acknowledgement Statements ensure that project members are aware of (and agree to) all Purpose-Based Restrictions before accessing the project's content. Each Purpose is associated with its own Acknowledgement Statement, so a project with multiple Purposes would require users to accept more than one Acknowledgement Statement. Immuta records whether each project member has agreed to the Acknowledgement Statement(s), the Purpose associated with the acknowledgement, the time of the acknowledgement, and the text of the acknowledgement itself. All Purposes are associated with the Default Acknowledgement Statement unless their statement has been customized.

Policies and Privacy Restrictions

What are Global policies?

Video Tutorial: Global Policy Using Data Attributes

Video Tutorial: Global Policy Using User Attributes

Created by Governors, Global policies define how users can access all data sources across an organization. These policies can be applied to all data sources in Immuta or to specific data sources that contain tags defined by the Governor.

What are Local policies?

Video Tutorial: Local Policy Using Data Attributes

Video Tutorial: Local Policy Using User Attributes

Created by Data Owners or Governors, Local policies define how users can access specific data sources within an organization.

How do I build policies?

Policies can be built using two methods:

  1. Immuta UI Policy Builder
  2. Custom Policy Handlers

Click one of the links above for detailed instructions.

How do I create tags?

Governors have the ability to create tags in the Governance section of the Immuta UI. Data Owners can apply these tags to their data sources and/or specific columns within data sources.

Can I use existing tags I've created?

You can pull external tags that you had previously defined in an external catalog (e.g. Collibra, Alation, etc.) from the Governance page.

How do I create purpose-based restrictions on data?

Video Tutorial: Purpose-based Restriction Policy

Purpose-based restrictions can be created by the Immuta Governor or Project Owners. For Data Governors, these restrictions are managed on the Governance page. For Project Owners, these restrictions are created on the My Projects page.


How do I manage user roles?

Data Owners can manage user roles by clicking the Manage tab on the Data Source Overview page.

What Identity Managers are available?

Any number of Identity Managers can be configured and enabled for an instance of Immuta. Each Identity Manager has a specific set of configurations that enable it to communicate with the IAM and map the users, permissions, groups, and attributes into Immuta. Available Identity Managers include Built-in (Immuta), Active Directory, LDAP, and OAuth2.

How do I manage user authentication and authorization in Immuta?

Typically management is delegated to your organization's existing IAM system through Immuta's pluggable interface. However, if your organization opts to use the default Immuta Identity Manager, this IAM is managed in the Admin section of the Immuta UI.

Audit Logs and Immuta Reports

Are any additional audit tools included with Immuta?

Immuta provides a detailed audit record of all user activity in the Immuta UI and query activity through Immuta's data access patterns. A basic UI is available for Audit Log analysis. However, most customers forward audit records to an enterprise system for monitoring, analysis, and visualization.

How do I run an audit log?

Immuta gives users with the Audit permission access to all of these logs through the Audit page. To view all of the audit logs, click on the Audit icon in the left side panel. To filter results, follow the instructions provided in the link above.

How do I run Immuta reports?

Immuta's Reports function allows instantaneous creation of reports that detail user activity across Immuta. Only users with the Governance permission can access this feature.

Installation and Integration

What are Immuta's installation requirements?

Immuta can run on a single Linux server or on a cluster of such servers. Cluster management is built into Immuta, and administering an Immuta cluster is more like managing a virtual appliance than a distributed system. Additionally, the standard cluster installation is preconfigured with high availability, scalability, and resource scheduling. For full technical details on the standard installation and other installation types, click on the link above.


How do I make an authenticated request?

Most calls to the HTTP API require authentication. All requests must include a valid token in the Authorization HTTP header in order to be considered an authenticated request. In order to obtain a bearer token, you must first authenticate with Immuta using an enabled authentication method. This token should be used for multiple requests until it expires. Once a token has expired, you must authenticate again to get a new token. For authentication request examples, parameters, and endpoints, click the link above.

How can I manage users, groups, and attributes?

The built-in IAM HTTP API allows you to programmatically access information about users, group memberships, and attributes. Click the link above to redirect to the section of Documentation that describes the API to manage these settings. Please note that most of the actions described in this section require ADMIN permissions.

How can I access data source metadata?

The Immuta data source metadata contains all of the details about your data sources. Click the link above to redirect to the section of Documentation that describes the API to search all of your data sources.

How can I create custom policy handlers?

A custom policy handler allows you to create complex data access rights that aren’t supported through the Immuta UI policy builder. Click on the link above for a description of how to create policy handlers.