Skip to content

Create a Native Workspace

Audience: Project Owners and members

Content Summary: This page outlines how to manage project workspaces, which allow users to write data back to Immuta.

After workspaces are configured by a System Administrator, users with the CREATE_PROJECT permission can enable workspaces within their projects. This feature allows project members to write data back to Immuta and share this data with other users as derived data sources.

Prerequisites:

  • native workspaces have been configured by an Application Admin.
  • external IDs for native integrations have been mapped in for Databricks, HDFS, or Snowflake.

Use Case

Compliance Requirement: Users can only WRITE to specified locations in Dev, and these users need to share this data with other Dev users.

After Dev users have analyzed data, they need to write content back to Immuta and share it with other Dev users. To allow them to write data back to Immuta, project owners need to create workspaces for their projects. Then, users can share the data they've written to Immuta with other users as derived data sources. The steps below use this scenario with Snowflake to illustrate creating a native workspace, but Hadoop and Databricks workspace tutorials are included in Additional Tutorials.

1 - Enable a Workspace

Workspaces can be enabled in the New Project modal when creating a new project, but project owners can enable this feature at any point on the project's Policies tab.

  1. Navigate to the Policies tab and enable Project Equalization by clicking the Project Equalization slider to on.
  2. Scroll to the Native Workspace section and click Create.

    Create Native Workspace

  3. Select Snowflake from the Workspace Configuration dropdown menu.

    Native Snowflake Workspace

  4. Name the Workspace Schema. By default, the schema name is based off of the project name, but you can change it here. Your project workspace will exist within this schema under Snowflake under the database configured by the Application Admin.

  5. Select one or more Warehouses to be available to project members when they are working in the Snowflake workspace. Note: Snowflake workspaces do not support differential privacy policies. Any Snowflake sources with differential privacy policies applied will not be created within the native Snowflake workspace.

  6. Click Create to enable the workspace.

2 - Write Data to the Workspace

Once the workspace is created, project members will see relevant data sources in the Snowflake UI when working under the project context.

  1. Select the Role created by the project workspace. The role created will be a combination of the database name (configured by the Application Admin) and the schema name (set in the previous section by the project owner). In this scenario, the role created was KW_TEST_DEV_MY_PROJECT:

    Select Snowflake Role

    Role Not Selected

    Because this user has not yet selected the correct role (KW_TEST_DEV_MY_PROJECT), no project data is visible in the Results window.

    Snowflake Role Not Selected

    Role Selected

    The user has selected the KW_TEST_DEV_MY_PROJECT role, so the project data is now visible.

    Snowflake Role Selected Data Visible

  2. Create a table in Snowflake. In this example, the user created a new table in Snowflake based on the "Rate_Code" column in Taxi_Timeshift: Highest_Rates.

    Snowflake Table Created

Now that data has been written to the workspace, users can share this data with others by making it a derived data source in Immuta.

Additional Tutorials

Create a Cloudera or EMR Workspace

  1. Navigate to the Policies tab and enable Project Equalization by clicking the Project Equalization slider to on.
  2. Scroll to the Native Workspace section and click Create.
  3. Select the Cloudera or EMR Workspace Configuration from the dropdown menu.

    EMR Workspace Configuration

  4. Select the Cluster Name from the subsequent dropdown menu.

    Cluster Name

  5. Opt to edit the Workspace Directory field or add a Hive Connection (if available).

    EMR HDFS Workspace Modal

  6. Click Create to enable the workspace.

Create a Databricks Workspace

Databricks Cluster Configuration

Before creating a workspace, the cluster must send its configuration to Immuta; to do this, run a simple query on the cluster (i.e., show tables). Otherwise, an error message will occur when you attempt to create a workspace.

  1. Navigate to the Policies tab and enable Project Equalization by clicking the Project Equalization slider to on.
  2. Scroll to the Native Workspace section and click Create.
  3. Select Databricks from the Workspace Configuration dropdown menu.

    Databricks Native Workspace

  4. Opt to edit the sub-directory in the Workspace Directory field; this sub-directory auto-populates as the project name.

  5. Enter the Workspace Database Name.
  6. Click Create to enable the workspace.

Disable and Delete Workspaces

  1. Scroll to the Native Workspace section on the Policies tab and click the toggle to disable the workspace.

    Disable Workspace

  2. Click Delete in the Native Workspace section.

  3. Choose one of the following options in the modal:

    • Purge Generic Workspace Data: permanently delete data, while the data used by derived data sources is preserved. Note: If you created a derived data source that references a view on top of a table in Snowflake that isn't a derived data source, that table will be deleted and break the derived data source.
      • Purge Everything & Delete Derived Data Sources: permanently delete data and purge all derived data sources.

    Delete Workspace

  4. Click Delete.