Skip to content

Tags Overview

Audience: Data Owners, Data Users, and Data Governors

Content Summary: Tags serve several functions: they can drive Local or Global Subscription and Data Policies, they can be used to generate Immuta Reports, and they can drive search results in the Immuta UI. Governors can create tags or import tags from external catalogs in the Governance UI. Data Owners and Governors can then apply these tags to or remove them from projects, data sources, and/or specific columns within the data sources.

This section of documentation details how to manage, view, and apply tags to data and projects in the Immuta console. Additionally, Sensitive Data Detection, a feature that automatically tags columns with sensitive data during data source creation, is described below.

Section Contents

  • Creating and Managing Tags: Written for Data Governors, this tutorial outlines how to create tags in the Immuta console and how to import tags from external catalogs.
  • Applying Tags to Data Sources: Written for Data Owners and Data Governors, this tutorial details how to add tags to and remove tags from data sources and the Data Dictionary to restrict access to data and drive search results in the Immuta UI.
  • Applying Tags to Projects: Written for both users who have created a project and Data Governors, this tutorial outlines how to add and remove tags from projects in Immuta to drive search results in the UI.

Sensitive Data Detection

To help users identify sensitive data and to enhance the power of Global Policies, Immuta offers External Sensitive Data Detection and Internal Sensitive Data Detection.

External Sensitive Data Detection

License-Driven Feature

External Sensitive Data Detection is a license-driven feature that must be added for you before it is available in your Immuta instance.

Feature Demo: Sensitive Data Detection

When enabled on the App Settings page, this feature uses third party services to automatically identify and tag columns that contain sensitive data (PII, PHI, etc.) when the data source is created; this detection is based on an extremely small randomized sampling of underlying data, which is encrypted in transit, is used only for entity prediction, and remains confidential and managed by Immuta, subject to the same guarantees reviewed and agreed to in our license agreement.

During the fingerprint process External Sensitive Data Detection divides the classification of the data into specific tags: Immuta “Discovered” tags.

Discovered Tags

The Immuta application is pre-configured with a set of these tags that the service can return so that they can be used to write Global Policies before data sources even exist. Consequently, sensitive data is tagged and appropriate policies are enforced immediately upon data source creation.

Only Application Admins have the option to enable External Sensitive Data Detection on the App Settings page. However, users can disable auto-tagging on a data-source-by-data-source basis, and Governors can disable any unwanted “Discovered” tags in the Immuta application to prevent them from being used and auto-detected in the future.

Internal Sensitive Data Detection

When enabled on the App Settings page, this feature automatically identifies and tags columns that contain sensitive data (PII, PHI, etc.) when the data source is created; this detection is based on a small sample of underlying data, which remains in the users' network.

During the fingerprint process Internal Sensitive Data Detection divides the classification of the data into specific tags: Immuta “Discovered” tags.

The Immuta application is pre-configured with a set of these tags so that they can be used to write Global Policies before data sources even exist. Consequently, sensitive data is tagged and appropriate policies are enforced immediately upon data source creation.

Unlike External Sensitive Data Detection, users do not need a license to enable it. However, only Application Admins have the option to enable Internal Sensitive Data Detection on the App Settings page. However, users can disable auto-tagging on a data-source-by-data-source basis, and Governors can disable any unwanted “Discovered” tags in the Immuta application to prevent them from being used and auto-detected in the future.