Audience: Data Owners, Data Users, and Data Governors
Content Summary: Tags serve several functions: they can drive Local or Global Subscription and Data Policies, they can be used to generate Immuta Reports, and they can drive search results in the Immuta UI. Governors can create tags or import tags from external catalogs in the Governance UI. Data Owners and Governors can then apply these tags to or remove them from projects, data sources, and/or specific columns within the data sources.
This section of documentation details how to manage, view, and apply tags to data and projects in the Immuta console. Additionally, Sensitive Data Detection, a feature that automatically tags columns with sensitive data during data source creation, is described below.
- Creating and Managing Tags: Written for Data Governors, this tutorial outlines how to create tags in the Immuta console and how to import tags from external catalogs.
- Applying Tags to Data Sources: Written for Data Owners and Data Governors, this tutorial details how to add tags to and remove tags from data sources and the Data Dictionary to restrict access to data and drive search results in the Immuta UI.
- Applying Tags to Projects: Written for both users who have created a project and Data Governors, this tutorial outlines how to add and remove tags from projects in Immuta to drive search results in the UI.
Sensitive Data Detection
Sensitive Data Detection is a license-driven feature that must be added for you before it is available in your Immuta instance.
To help users identify sensitive data and to enhance the power of Global Policies, Immuta offers Sensitive Data Detection. When enabled on the App Settings page, this feature uses third party services to automatically identify and tag columns that contain sensitive data (PII, PHI, etc.) when the data source is created; this detection is based on an extremely small randomized sampling of underlying data, which is encrypted in transit, is used only for entity prediction, and remains confidential and managed by Immuta, subject to the same guarantees reviewed and agreed to in our license agreement.
During the fingerprint process Sensitive Data Detection divides the classification of the data into specific tags: Immuta “Discovered” tags.
The Immuta application is pre-configured with a set of these tags that the service can return so that they can be used to write Global Policies before data sources even exist. Consequently, sensitive data is tagged and appropriate policies are enforced immediately upon data source creation.
Only Application Admins have the option to enable Sensitive Data Detection on the App Settings page. However, users can disable auto-tagging on a data-source-by-data-source basis, and Governors can delete any unwanted “Discovered” tags in the Immuta application to prevent them from being used and auto-detected in the future.