IT Administrator FAQs
For detailed instructions and information for each question, click on the links provided to redirect to the corresponding section in our Documentation.
Immuta can run on a single Linux server or on a cluster of such servers. Cluster management is built into Immuta, and administering an Immuta cluster is more like managing a virtual appliance than a distributed system. Additionally, the standard cluster installation is preconfigured with high availability, scalability, and resource scheduling. For full technical details on the standard installation and other installation types, click on the link above.
Immuta can leverage metadata tools, such as Collibra or Alation, to pull in external catalog tags and drive global policies. For example, instead of building a local policy that masks a specific column in a specific table, Data Governors can build a global policy that is broader, such as "Mask anywhere there's PII data." In this scenario, Immuta uses the external catalog tags to determine where that PII data exists to then enforce the policy in corresponding data sources.
Any number of Identity Managers can be configured and enabled for an instance of Immuta. Each Identity Manager has a specific set of configurations that enable it to communicate with the IAM and map the users, permissions, groups, and attributes into Immuta. Available Identity Managers include Built-in (Immuta), Active Directory, LDAP, and OAuth2.
Typically management is delegated to your organization's existing IAM system through Immuta's pluggable interface. However, if your organization opts to use the default Immuta Identity Manager, this IAM is managed in the
Adminsection of the Immuta UI.
Immuta has an advanced logging and auditing system that allows you to easily analyze your system's logs with the most popular log analysis tools.
Immuta provides a detailed audit record of all user activity in the Immuta UI and query activity through Immuta's data access patterns. A basic UI is available for Audit Log analysis. However, most customers forward audit records to an enterprise system for monitoring, analysis, and visualization.
Most calls to the HTTP API require authentication. All requests must include a valid token in the
AuthorizationHTTP header in order to be considered an authenticated request. In order to obtain a bearer token, you must first authenticate with Immuta using an enabled authentication method. This token should be used for multiple requests until it expires. Once a token has expired, you must authenticate again to get a new token. For authentication request examples, parameters, and endpoints, click the link above.
The built-in IAM HTTP API allows you to programmatically access information about users, group memberships, and attributes. Click the link above to redirect to the section of Documentation that describes the API to manage these settings. Please note that most of the actions described in this section require ADMIN permissions.
The Immuta data source metadata contains all of the details about your data sources. Click the link above to redirect to the section of Documentation that describes the API to search all of your data sources.
A custom policy handler allows you to create complex data access rights that aren’t supported through the Immuta UI policy builder. Click on the link above for a description of how to create policy handlers.