Skip to content

You are viewing documentation for Immuta version 2.8.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

Project Owner Guide

Audience: Data Owners, Data Users, and Data Governors

Content Summary: This page provides step-by-step instructions for creating and managing projects. For details about concepts related to projects, navigate to the Project Overview page. Additionally, you can click the link below to view a video tutorial about creating projects in Immuta.

Creating Projects

Video Tutorial: Creating Projects

  1. Click the plus icon in the lower left corner, and then click the Projects icon.

    New Project Button

  2. The New Project modal will display with these required fields:

    • Project Name: Enter a name for your project in this field.
    • Purpose Restrictions: Click this field to select from the list of purposes.
  3. Opt to create Native Workspaces (if enabled) or to add data sources to your Project.

    New Project Modal

  4. Click Create.

Alternatively,

  1. Navigate to the My Projects page and click the New Projects button.
  2. The New Project modal will display with these required fields:
    • Project Name: Enter a name for your project in this field.
    • Purpose Restrictions: Click this field to select from the list of purposes.
  3. Opt to create Native Workspaces (if enabled) or to add data sources to your project.

    New Project Modal

  4. Click Create.

Managing Project Documentation

Project Owners can edit the documentation of their project at any time. If no documentation is entered, the project name will display in this section of the Project Overview tab by default.

To add or edit project documentation,

  1. Navigate to the Project Overview tab.
  2. Click the edit icon in the top right corner of the Documentation section.
  3. Document the details of your project in the text box that appears, and then click Update.

    Project Documentation

    Note: Styling with Markdown is supported.

Managing Access

Enabling Project Equalization

Video Tutorial: Project Equalization

  1. Navigate to the Policies tab.
  2. In the Project Equalization section, click the toggle button on the far right to On.

Project Equalization

Note: Only project owners can add data sources to the project if this feature is enabled.

After enabling this feature, you can opt to manage Equalized Entitlements and Validation Frequency.

Equalized Entitlements

When Project Equalization is enabled, Equalized Entitlements default to Immuta's recommended settings, but project owners can edit these settings by adding or removing entitlements. However, making these changes entails two potential disadvantages.

To edit entitlements,

  1. Click Edit next to Equalized Entitlements.

    Equalized Entitlements

  2. In the Equalized Entitlements Builder, select either is a member of a group or possesses attribute from the user condition dropdown menu.

    • If you selected is a member of a group, select the appropriate group from the resulting dropdown.
    • If you selected possesses attribute, select the appropriate key and value from the subsequent dropdown menus.
  3. Click Save.

To view members' compliance status after changing the Equalized Entitlements,

  1. Navigate to the Members tab from the Project Overview page.

    Members Tab

  2. Click the Not In Compliance text to view the details about the user's status.

    Compliance Status

Users who are not in compliance will be unable to view data sources within the project until the compliance issues are resolved.

To revert entitlements to those recommended by Immuta,

  1. Click Edit next to Equalized Entitlements.
  2. Click Use Recommended in the top right corner of the Equalized Entitlements Builder.
  3. Click Confirm.

Validation Frequency

To adjust how often user credentials are validated,

  1. Click Edit Validation Frequency.
  2. Enter an integer in the first field of the Validation Frequency modal that appears.
  3. Select Days or Hours in the next dropdown.
  4. Click Save.

    Validation Frequency

Disabling Project Equalization

  1. Navigate to the Policies tab.
  2. In the Project Equalization section, click the toggle button on the far right to Off.
  3. Click Yes, Turn Off in the confirmation window.

Subscription Policies: Making a Project Public

Projects are private by default but can be made public and shared with other users by changing the Subscription Policies setting.

Subscription Policies

To make a project public,

  1. Navigate to the Policies tab.
  2. Select one of the following options in the Subscribers section:
    • Anyone: Project will be visible to everyone, and all users will be given access.
    • Anyone Who Asks (and Is Approved): Project will be visible in search results, but users must request access and be granted permission. This restriction supports multiple approving parties, meaning that project owners can allow more than one approver or users with specified permission types to approve other users who request access to the project.
    • Users with Specific Groups/Attributes: Project will only be visible in search results for users with the specified groups/attributes, and only these users may subscribe to the project.

Anyone Who Asks (and Is Approved)

  1. Click anyone or an individual selected by user from the first dropdown menu in the Subscription Policy Builder.

    Subscription Policy Builder

    Note: If you choose an individual selected by user, when users request access to a project they will be prompted to identify an approver with the permission specified in the policy, as pictured below.

    Request Access

  2. Select the Admin, Governance, or Audit permission from the subsequent dropdown menu.

    Note: You can add more than one approving party by selecting + Add and repeating steps a and b.

Users with Specific Groups or Attributes

  1. Choose the condition that will drive the policy: when user is a member of a group or possesses attribute.
  2. Use the subsequent dropdown to choose the group or attribute key / value pair for your condition.

    Specific Groups or Attributes

    Note: You can add more than one condition by selecting + ADD. The dropdown menu in the far right of the Subscription Policy Builder contains coordinating conjunctions for your policy. If you select or, only one of your conditions must apply to a user for them to see the data. If you select and, all of the conditions must apply.

  3. Opt to allow users who do not meet the restrictions defined in the policy to still be able to discover the project in the UI by selecting the Allow Discovery checkbox.

    Allow Discovery

  4. Click Save to finish your policy.

The project settings will update, and the Private label next to the project name will disappear.

Subscription Policies: Reverting a Project to Private

  1. Navigate to the Policies tab.
  2. Click the Individual Users You Select option from the Subscribers pane. In this setting, projects will not be visible to anyone in the search results. Project Owners must manually add and remove users.

The project settings will update, and the Private label will appear next to the project name.

Managing Data Sources in a Project

Any project member can add data sources to a project, unless the Project Equalization or Masked Joins feature is enabled; in those cases only project owners can add data sources.

To add a data source to a project,

  1. Navigate to the Project Overview tab.
  2. Click the Add Data Sources button beneath the Data Sources section in the center pane.

    Project Add Data Source Button

  3. Start typing the name of a data source you'd like to include in the project.

    Project Add Data Source Modal 1

  4. Select the data source from the list of auto-completed options in the dropdown menu.

    Project Add Data Source Modal 2

  5. Repeat this process to add additional data sources to the list. You can click the delete icon to remove them.

  6. When complete, click the Add button at the bottom of the list.

Adding Data Sources by Purpose

You can automatically add all data sources to a project that contain a Limit usage to purpose policy that matches the purpose of that project.

For example, consider the following data sources and their corresponding Data Policies:

Medical Records

Data Policy: Limit usage to purpose(s) Analyze patterns to prevent and detect fraud for everyone.

Medical Claims: Credit Accounts

Data Policy: Limit usage to purpose(s) Analyze patterns to prevent and detect fraud for everyone except when user is a member of group Accounting.

Medical Claims: Credit Transactions

Data Policy: Limit usage to purpose(s) Analyze patterns to prevent and detect fraud for everyone except when user is a member of group Accounting.

To add all data sources to a project that contains a matching purpose (in this example, "Analyze patterns to prevent and detect fraud"),

  1. Select a Project, and click the Add Data Sources button on the Data Sources tab.

    Project Add Data Source Button

  2. Click Add By Purpose in the top right of the dialog.

    Project Add Data Sources By Purpose Text

  3. All data sources matching the project's purpose(s) will populate at the bottom of the dialog. Review this list, and then click Save.

    Project Add Data Sources By Purpose List

Allow Masked Joins

Disabled by default, this feature allows masked columns to be joined within a project.

Masked Joins

While this condition is allowed, only project owners can add data sources to the project. For security purposes, Immuta does not allow joining on columns masked by rounding or columns that have conditional masking policies applied to them.

To enable Masked Joins,

  1. Navigate to the Project Overview tab.
  2. Click the Allow Masked Joins toggle on.

Managing HDFS Native Workspaces

  1. Navigate to the Policies tab and enable Project Equalization by clicking the Project Equalization slider to on.
  2. Scroll to the HDFS Native Workspace section and enable the workspace by clicking Create.

    Create Native Workspace

  3. In the dialog that appears, complete the Cluster Name and Workspace Directory fields, and then opt to add a Hive Connection.

  4. Click Create. This will create a workspace directory in HDFS where users can write files. Once their data is ready to be shared outside the workspace, it can be exposed as a derived data source in Immuta.

Managing Native Snowflake Workspaces

  1. Navigate to the Policies tab and enable Project Equalization by clicking the Project Equalization slider to on.
  2. Scroll to the Native Snowflake Access section and enable the workspace by clicking Create.

    Native Snowflake Workspace

  3. Name the Workspace Schema. By default, the schema name is based off of the project name, but you can change it here. Your project workspace will exist within this schema under Snowflake under the database configured by the Application Admin.

  4. Select one or more Warehouses to be available to project members when they are working in the Snowflake workspace. Note: Snowflake workspaces do not support differential privacy policies. Any Snowflake sources with differential privacy policies applied will not be created within the native Snowflake workspace.

  5. Click Create to enable the workspace.

Once the workspace is created, subscribers to this project will see relevant data sources in the Snowflake UI.

Snowflake UI

Create a Databricks Workspace

  1. Navigate to the Policies tab and enable Project Equalization by clicking the Project Equalization slider to on.
  2. Scroll to the Native Workspace section and click Create.
  3. Select Databricks from the Workspace Configuration dropdown menu.

    Databricks Native Workspace

  4. Opt to edit the sub-directory in the Workspace Directory field; this sub-directory auto-populates as the project name.

  5. Enter the Workspace Database Name.
  6. Click Create to enable the workspace.

Disabling and Deleting Workspaces

  1. Scroll to the Native Workspace section on the Policies tab and click the toggle to disable the workspace.

    Disable Workspace

  2. Click Delete in the Native Workspace section.

  3. Choose one of the following options in the modal:

    • Purge Generic Workspace Data: permanently delete data, while the data used by derived data sources is preserved. Note: If you created a derived data source that references a view on top of a table in Snowflake that isn't a derived data source, that table will be deleted and break the derived data source.
    • Purge Everything & Delete Derived Data Sources: permanently delete data and purge all derived data sources.

    Delete Workspace

  4. Click Delete.

Managing Project Tags

Video Tutorial: Adding Tags to a Project

Adding Tags to a Project

  1. Select a project and navigate to the Project Overview tab.
  2. Scroll to the Tags section in the center pane and click the Add Tags button.
  3. Begin typing the tag name in the window that appears, and then select the tag from the dropdown menu. A list of chosen tags will populate at the bottom of this window.
  4. After selecting all relevant tags, click the Add button.

Removing Tags from a Project

  1. Navigate to the Project Overview tab.
  2. Scroll to the Tags section in the center pane and click the red "X" on the tag that you would like to remove.

    Remove Tags

  3. Click Confirm to delete the tag.

Managing Project Members

Adding Users or Groups to a Project

  1. Select a project, and then navigate to the Members tab.
  2. To add a new user or group to your project, click the Add Members link in the center pane.

    Project Add Members Button

  3. Start typing the user's or group's name in the Add Members modal and select a matching name from the dropdown that appears.

  4. Select a role for the user or group: subscribed or owner.

    Project Add Members Modal

  5. When finished, click Add.

Users and/or group members (as well as alternative project owners) will receive notifications that new users have been added to the project. A similar entry will also be posted to the project's activity pane.

Modifying a Member's Role within a Project

  1. Navigate to the Members tab.
  2. Click the dropdown arrow under the Role column next to the member whose role you’d like to change.
  3. Select a role: subscribed or owner.

    Project Modify Member

Notifications will be sent to the affected members and alternative project owners. A similar entry will also be posted in the project's activity pane.

Removing Members from a Project

  1. Navigate to the Members tab.
  2. Click the Deny button next to the user or group you would like to remove.
  3. Complete the Reasoning field in the window that appears, and then click Submit.

    Project Remove Member

Alternatively,

  1. Navigate to the Members tab.
  2. Click the checkbox next to the user or group name, and then click Remove in the top left of the Members pane.
  3. Click Confirm.

Notifications will be sent to the affected users and other project members, and a similar entry will also be added to the project's activity pane.

Managing Discussions

Posting a Discussion Thread

  1. Navigate to the Discussions tab and click New Discussion.
  2. Enter your text in the Start Discussion box, and then click Save.

    Discussion Thread

Replying to a Discussion Thread

  1. Navigate to the Discussions tab and view open and/or resolved discussions by clicking the Open or Resolved button, respectively.
  2. Click a discussion thread and enter your response in the Enter Reply field.
  3. Click Reply to post your response.

Resolving a Discussion Thread

  1. Navigate to the Discussions tab and click the Open button to view all open discussions.
  2. Click a discussion thread.
  3. Click the Mark Resolved button beneath the Enter Reply field.

    Resolve Discussion

This discussion thread will now be saved with other resolved threads, and users will still be able to reply to it by clicking the Resolved button on the Discussions tab.

Deleting a Discussion Thread or Reply

To permanently delete a discussion thread,

  1. Navigate to the Discussions tab and view open and/or resolved discussions by clicking the Open or Resolved button, respectively.
  2. Click the discussion thread you would like to delete, and then click Delete in the upper right corner of the discussion window.
  3. Click Delete in the confirmation window that appears.

    Confirm Delete

The discussion thread and all of its comments are now deleted.

To delete a single reply,

  1. Select a discussion thread.
  2. Hover your cursor over the reply and click the DELETE text that appears above the comment.
  3. Click Confirm to permanently delete the comment.

Disabling a Project

Disabling a project hides it from all users except the project owner(s).

To disable a project,

  1. Navigate to the My Projects page.
  2. Click the menu icon next to the project and select Disable.

    Project Disable Button

Alternatively,

  1. Select a project, and then navigate to the Project Overview tab.
  2. Click the menu icon in the upper right corner and select Disable.

A label will appear next to the project indicating it has been disabled, and a notification will be sent out to all subscribers.

Restoring a Project

  1. Navigate to the My Projects page.
  2. Click the menu icon next to the project and select Restore.

    Project Disable Button

Alternatively,

  1. Select a project and navigate to the Project Overview tab.
  2. Click the menu icon in the upper right corner and select Restore.

The label indicating the project was disabled will disappear, and a notification will be sent out to all subscribers.

Deleting a Project

Deleting a project permanently removes it from Immuta. Projects must first be disabled before they can be deleted.

To delete a project,

  1. Disable the Project and navigate to the My Projects page.
  2. Click the menu icon next to the project and select Delete.

    Project Delete Button

  3. Click Confirm.

Alternatively,

  1. Disable the Project and navigate to the Project Overview tab.
  2. Click the menu icon in the upper right corner and select Delete.
  3. Click Confirm.

The project is now removed from Immuta, and a notification will be sent out to all subscribers.

Changing Project Contexts

  1. Click the dropdown menu in the top right corner of the console.

    Project Select Context

  2. Select your desired project. Once selected, the current project will display at all times in the top right corner of the console.

    Project Selected

If you unsubscribe from the project, this display will default to No Current Project.