Chapter 2 - Setting Up Users, Groups, Attributes, and Tags
Audience: Data Owners, Data Users, Data Governors, and System Administrators
Content Summary: This page sets the context for managing users, groups, attributes, and tags in Immuta. There is an outline of best practices, a use case, and links to tutorials.
Your instance of Immuta is installed; you are ready to create users and set their permissions, groups, and attributes.
Once users are added, User Admins assign permissions to users to control what actions they can take in Immuta. User Admins can also assign attributes and groups to users to organize users and make policy application more specific in a manageable and global way. Data Governors can create or import tags to serve several functions like
- drive Local or Global Policies,
- generate Immuta Reports, and
- drive search results in the Immuta UI.
Data Owners and Governors can then apply these tags to projects, data sources, and columns within the data source dictionary.
Best Practices: Users, Permissions, Attributes, and Tags
- If Sensitive Data Discovery has been enabled, then manually adding tags to columns in the Data Dictionary is usually unnecessary. The Data Owner will need to verify that the Discovered tags are correct.
- Turning on Sensitive Data Discovery can improve your data's security with automated tagging. Immuta recommends the use of this feature with a data expert to confirm the correct tags are being applied.
- Use an external IAM for authentication with Immuta's internal IAM to manage attributes.
- Use the minimum number of tags possible to achieve the data privacy needed.
- Organize attributes and groups in Immuta and transfer them to your IAM.
Chapter 2 Use Case Scenario
This use case is presented throughout this chapter in a call-out to illustrate specific tutorials. The solutions presented can be adjusted to meet your specific needs.
An organization manages access across multiple environments (Dev, Test, and Prod), each of which requires different users with different permissions to gain access, but they have additional requirements to fulfill:
- They need users on the Compliance team to be able to make policies.
- They need users sorted into Dev, Test, and Prod.
- They need a way to identify Dev, Test, and Prod data sources in policies.
These requirements can be met when System Admins and Governors complete the objectives outlined below. The data and user attributes created in this chapter will be used to build Global Policies in Chapter 3.
In this chapter, you will complete tutorials that show how to
- create user personas.
- add permissions to individual users.
- create groups and add users to groups.
- create and add attributes to groups.
- create tags.
- add tags to data sources.
Concept Overviews: Each of these pages explains a concept and how it connects to other features.
Tutorials: Each of these pages provides step-by-step instructions for using a feature.
Policy as Code: API Reference Guides: These pages detail how to access Immuta through the API.