Chapter 2 - Setting Up Users, Groups, Attributes, and Tags
Audience: Data Owners, Data Users, Data Governors, and System Administrators
Content Summary: This page sets the context for managing users, groups, attributes, and tags in Immuta and includes an outline of best practices, a use case scenario, chapter objectives, and links to specific tutorials for setting up users, groups, attributes, and tags.
Now that your instance of Immuta is installed, you are ready to create users and set their permissions, groups, and attributes.
Once users are added, User Admins assign permissions to each user to control what actions each user can take in Immuta. User Admins can then assign attributes and groups to users to organize them and make policy application more specific in a manageable and global way. Data Governors can create or import tags to serve several functions: they can drive Local or Global Policies, they can be used to generate Immuta Reports, and they can drive search results in the Immuta UI. Data Owners and Governors can then apply these tags directly to projects, data sources, and specific terms within the data source dictionary.
Immuta Best Practices: Users, Permissions, Attributes, and Tags
Best Practices: Users, Permissions, Attributes, and Tags
The best practices outlined below will also appear in callouts within relevant tutorials.
- If Sensitive Data Discovery has been enabled, then manually adding tags to columns in the Data Dictionary will be unnecessary in most cases. The Data Owner will need to verify that the Discovered tags are correct.
- Turning on Sensitive Data Discovery can improve your data's securing with its automated tagging. Immuta highly recommends the use of this feature in tandem with vigilant verification of tags on all data sources.
- Use an external IAM for authentication and Immuta's internal IAM to manage attributes.
- Use the minimum number of tags possible to achieve the data privacy needed.
- Start organizing attributes and groups in Immuta and transfer them to your IAM.
Chapter 2 Use Case Scenario
The use case described below will be presented throughout this chapter in this call-out to illustrate specific tutorials. However, the solutions presented can be adjusted to meet your specific needs.
An organization has purchased Immuta to manage data access across multiple environments (Dev, Test, and Prod), each of which requires different users with different permissions to gain access.
To set up Immuta to accommodate these requirements, a System Administrator will create users and assign permissions, attributes, and groups added to them. Then, Data Governors will create tags to identify the environments. The data and user attributes created in this chapter will be used to build Global Policies in Chapter 3.
In this chapter, you will complete tutorials that demonstrate how to
- create user personas.
- add permissions to individual users.
- create groups and add users to groups.
- create and add attributes to groups.
- create tags.
- add tags to data sources.
Concept Overviews: Each of these pages explains a concept and how it connects to other features in Immuta.
Tutorials: Each of these pages provides step-by-step instructions for using a feature in Immuta.
Policy as Code: API Reference Guides: These pages detail how to access Immuta through the API, including information about the various endpoints, their parameters, and their responses.