Skip to content

Manage Policies

Audience: Data Owners and Governors

Content Summary: This page details the immuta policy command, its subcommands and arguments, and the workflow for creating, renaming, and deleting policies.

Command Overview: immuta policy

This command allows you to list, save, delete, and rename Global Policies in your instance of Immuta. The table below illustrates subcommands and arguments.

Subcommands Description Argument(s)
delete Delete a Global Policy by policy key. policy key
list List all Global Policy keys. n/a
rename Rename the Global Policy key. new policy key
save Create or update a Global Policy in Immuta. filepath

Options

Use these options to get more details about the policy command or any of its subcommands:

  • -h
  • --help
  • help for policy
Manage Global Policies

Usage:
  immuta policy [command]

Available Commands:
  delete      Delete a global policy by policy key
  list        List all policy keys
  rename      Rename the global policy key
  save        Create/Update a Global Policy in Immuta

Flags:
  -h, --help   help for policy

Global Flags:
      --config string    config file (default $HOME/.immutacfg.yaml)
  -p, --profile string   specifies the profile for what instance/api the cli will use (default "default")

Use "immuta policy [command] --help" for more information about a command.

Create a Policy: immuta policy save

  1. Add your policy information in a valid YAML file for the V2 API. Additional payload examples for creating policies can be found here:

    name: Conditional Masking
    policyKey: data conditional masking
    type: data
    actions:
        - rules:
        - type: Masking
            config:
                fields:
                - type: columnTags
                    columnTag: Discovered.PII
                conditionalPredicate: "@columnTagged('Discovered.Country') = 'USA'"
                maskingConfig:
                    type: Hash
    circumstanceOperator: all
    circumstances:
        - type: columnTags
            columnTag: Discovered.PII
        - type: columnTags
            columnTag: Discovered.Country
    
  2. Run immuta policy save <filepath> [--dryRun] [--reCertify], referencing the file you just created. The options you can specify include

    • -d or --dryRun: No updates will actually be made.
    • -h or --help: Get more information about the save command.
    • --reCertify: If the certification has changed, someone will need to re-certify this policy on all impacted data sources.

Examples

The example below illustrates a user listing all policies and then creating a policy called data conditional masking.

$ immuta policy list
CCPA
HIPAA De-identification (v2021.1.0)
New Column Added

$ immuta policy save ./test-policy.yml
{"dryRun":false,"creating":true,"updating":false,"policyId":4}

$ immuta policy list
CCPA
HIPAA De-identification (v2021.1.0)
New Column Added
data conditional masking

Rename a Policy Key: immuta policy rename

  1. Opt to list all policy keys to identify which policy you would like to rename by running immuta policy list. Options you can specify include

    • -h, --help, help for list: Get more information about the policy list command.
    • -v or --verbose: Print response as JSON.
  2. Rename the policy key by running immuta policy rename <old policy key> <new policy key>, enclosing the name of the policy key in quotation marks. Options you can specify to get more information about this command include -h, --help, or help for rename.

Example

The example below illustrates a user renaming the data conditional masking policy key to Data Masking.

$ immuta policy list
CCPA
HIPAA De-identification (v2021.1.0)
New Column Added
data conditional masking

$ immuta policy rename "data conditional masking" "Data Masking"
{"oldPolicyKey":"data conditional masking","newPolicyKey":"Data Masking"}

$ immuta policy list
CCPA
Data Masking
HIPAA De-identification (v2021.1.0)
New Column Added

Delete a Policy: immuta policy delete

  1. Opt to list all policy keys to determine which policy key you would like to delete by running immuta policy list. Options you can specify include

    • -h, --help, help for list: Get more information about the policy list command.
    • -v or --verbose: Print response as JSON.
  2. Delete a policy key by running immuta policy delete <policy key> [--dryRun]. Options you can specify include

    • -d or --dryRun: No updates will be made.
    • -h, --help, or help for delete: Get more information about the policy delete command.

Example

The example below illustrates a user deleting the Data Masking policy.

$ immuta policy list
CCPA
Data Masking
HIPAA De-identification (v2021.1.0)
New Column Added

$ immuta policy delete "Data Masking" --dryRun
{"dryRun":true,"deleting":"Data Masking"}

$ immuta policy delete "Data Masking"
{"dryRun":false,"deleting":"Data Masking"}

$ immuta policy list
CCPA
HIPAA De-identification (v2021.1.0)
New Column Added