Prologue - Immuta Architecture, UI, and Deployment Methods
Audience: All Immuta users
The Immuta platform solves two of the largest issues facing data-driven organizations: access and governance. In large organizations, it can be difficult, if not impossible, for data scientists to access all the data they need. Once they do get access, it’s often difficult to make sure they use the data in ways that are compliant with regulations.
The Immuta platform solves both problems by providing a single, unified access point for data across an organization and ensuring that all restrictions placed on data are dynamically enforced through the platform. This unification creates efficient digital data exchanges and provides complete visibility of policy enforcement and monitoring.
|Data Sources||A data source is how users virtually expose data (that lives in a remote data storage technology) across their enterprise to other users. When you expose a data source you are not copying the data; you are using metadata to tell Immuta how to expose it. Once exposed and subscribed to, the data will be accessed in a consistent manner across analytics and visualization tools, allowing reproducibility and sharing. For more information and tutorials about data sources, see Chapter 4.|
|Policies||Policies are fine-grained security controls applied to data sources by Data Owners or Data Governors, who determine the logic behind what is hidden from whom. Immuta offers two policy types: Subscription Policies, which determine who can access a data source, and Data Policies, which determine what data the user sees once they get access to a data source. Through these policies, data is hidden, masked, redacted, and anonymized in the control plane based on the attributes of the users accessing the data and the purpose under which they are acting. For more information and tutorials about policies, see Global Policies in Immuta or the Local Policy Overview.|
|Projects||Projects allow users to logically group work by linking data sources and can be created to efficiently organize work or to provide special access to data to specific users. The same security restrictions regarding data sources are applied to projects; project members still need to be subscribed to data sources in order to access data, and only users with appropriate attributes and credentials will be able to see the data if it contains any row-level or masking security. However, Project Owners can enable Project Equalization, which improves collaboration by ensuring that the data in the project looks identical to all members, regardless of their level of access to data. When enabled, this feature automatically equalizes all permissions so that no project member has more access to data than the member with the least access. For more detailed discussion and tutorials about projects, see Chapter 5.|
|Audit Logs and Immuta Reports||All activity in Immuta is audited, and Data Owners and users with the
Native Access Patterns
Immuta provides several access patterns through which all data access is native:
Before you install Immuta, review the content in the sections below.