Skip to content

Export and Import Policies

Audience: Data Owners and Data Governors

Content Summary: Data Owners and Data Governors can export and import policies as JSON files so they can seamlessly move policies from one system to another, as long as the systems have identical configurations. Once enabled on the App Settings page by an Application Administrator, the Import Policies and Export Policies buttons will be visible on the Policies page for these users.

This page outlines how to export and import policies in Immuta.

Use Case

Compliance Requirement: Policies must be tested in Dev and then approved by the compliance team before policies are moved into the Test and Prod environments.

To meet this requirement, Data Governors and Data Owners should use the Policy Import and Export feature to allow for this approval workflow. Once they've exported policies, they can track, compare, and approve the changes in systems like Git.

1- Export Policies

  1. Click the Policies icon in the left sidebar and navigate to the Data Policies or Subscription Policies tab.
  2. Click the dropdown menu in the top right corner of the page and select Export Policies.

    Policy Export/Import

A .zip file containing all relevant policies will be downloaded. Inside the .zip file, each Global Policy and data source will be separated into its own JSON file.

The files exported are determined based on the user performing the export. For example, Data Owners will only be able to export policies for data sources that they own and Restricted Global Policies that they've created. Governors, however, can export all policies.

2 - Import Policies

Once the files are exported in the destination system, import can be selected to open the import modal, which gives options to import all files, remove certain files from the import, and export the current policy state as a backup. If policies are found in the current system that are not found in the import, a warning will display with an option to delete those policies.

  1. Click the Policies icon in the left sidebar and navigate to the Data Policies or Subscription Policies tab.
  2. Click the dropdown menu in the top right corner of the page and select Import Policies.
  3. Add the files to the Add Files to Import box in the modal that appears.

    Import Policy Files

  4. Click Import Files. If policies are found in the current system that are not found in the import, a warning will display with an option to delete those policies. Note: Click Export Current Policies to export the current policy state as a backup.

    Delete Policies

Limitations

  • Since policy updates are asynchronous, certain policy states will not carry through the import/export process. These include

    • Policy disable. Manual policy disables will not be preserved after an import.
    • Policy conflicts. Immuta's policy conflict logic is not deterministic, so after an import of Global Policies, there is no guarantee the current enabled policy state will be the same as it was in the export.
  • If the state of the destination system does not match the exact state of the source system (tags, data sources, users, IAMs, purposes, etc.), there is a significant chance that policies will fail to be applied or applied the same way as in the source system. These failures are reported, but, in general, import/export should not be attempted unless source and destination systems are identical.

  • The exported files contain the raw JSON format of a policy, not the simple policy language displayed in the UI, so there may be limits to how much users are able to use and understand comparisons of exported policies in Git or any other version-control workflow.