Skip to content

Immuta v2022.1.0 Release Notes

Immuta v2022.1.1

Immuta 2022.1.1 was released May 6, 2022.

v2022.1.1 Improvements

  • Improved performance of auto-subscription policies.

v2022.1.1 Bug Fixes

  • If an SSL CA cert was used when setting up an LDAP IAM, clicking the Test LDAP Sync button resulted in an error.
  • Tags were removed from data sources if they were applied after data source creation and before the external catalog health check (which is triggered by navigating to the data source). However, tags applied to a data source during creation remained on the data source.
  • Group permissions were not considered when users attempted to create data sources or Global Policies. For example, if a user was a member of a group that had the GOVERNANCE permission assigned to it, that user was not inheriting the GOVERNANCE permission. Consequently, when that user tried to apply a Global Policy to a data source, they received an error. However, if a user had the GOVERNANCE permissions applied to their account directly, they were able to create a Global Policy. This same behavior occurred with the CREATE_DATA_SOURCE permission.
  • Creating an Immuta data source from a Databricks view that contained an implicit column alias failed.

v2022.1.1 Known Bugs

  • Editing a schema project to a database that already exists fails.
  • If Immuta's built-in identity manager (BIM) is manually disabled, the App Settings page freezes when a user selects Migrate Users from BIM when configuring an external IAM.
  • An auto-subscription policy that adds more than 64,000 users to a data source can cause errors in the logs and impact subscription reports.
  • Integration jobs can end up in an expired state, even if they successfully are processed, under certain load conditions.

v2022.1.1 Migration Notes

  • All users must be on Immuta version 2020.2 or greater to migrate directly to 2022.1.1.

Immuta v2022.1.0

Immuta version 2022.1.0 was released March 31, 2022.

v2022.1.0 New Features

General Availability

  • Disable Query Engine: Application Admins can disable the Query Engine on the App Settings page.
  • Edit Configuration for Integrations: Users can edit the configuration for Azure Synapse, Databricks SQL, Redshift, and Snowflake without disabling the integration.
  • Manual Approvals in ABAC Global Subscription Policies: Governors can now add an approval workflow as an alternative method of access to data sources if a user does not meet the conditions of the Users with Specific Groups/Attributes (ABAC) Global Subscription Policy.

    Upgrade Notes

    • Before this release, if someone was manually added by an owner or Governor and didn’t meet the ABAC policy requirements, they could query the table, but no rows would come back because they didn’t have the groups or attributes specified in the policy. Now, manually adding users overrides the ABAC policy. Therefore, any users who had been manually subscribed to a data source but could not see any data will see data after this upgrade. You can prevent this behavior by either switching the Subscription policy to auto-subscribe (which removes users who don't meet the Subscription policy) or adding a Data Policy that redacts rows for users who do not have the groups or attributes specified in the Subscription policy.

    • If users have existing Global Subscription policies that were combined, those will not change on the data source after the upgrade. However, the Require Manual Subscription option will automatically be enabled on those existing policies, so users who meet the conditions of the policy will not be automatically subscribed.

  • New Immuta UI: Although the most significant change is the adjustment to the visual styles in the application, other UI changes include an expandable left navigation and dark mode support.

  • Support for Databricks Runtimes 10 and 10.1.

Public Preview

Sensitive Data Discovery Global Template and Default Sample Size UI: Users can adjust these configurations on the App Settings page.

Upgrade Note

If users already had a Global Template or default sample size configured in the Advanced Configuration section, these configurations will migrate to the new Sensitive Data Discovery section on the App Settings page when they upgrade their Immuta instance.

v2022.1.0 Deprecations and Breaking Changes

End of Life (EOL) Database

Support for HDFS databases has been removed.

Deprecated Databases

The table below outlines database support that has been deprecated and when it will be removed.

Database Deprecation End of Life (EOL)
Blacklynx 2021.5 2022.1
Dataproc Spark 2021.5 2022.1
DB2 iSeries 2022.1 2022.2
DB2 LUW 2022.1 2022.2
DB2 z/OS 2022.1 2022.2
FTP 2022.1 2022.2
Jethro 2021.5 2022.2
MongoDB 2021.5 2022.2
SingleStore 2021.5 2022.2
SOLR 2021.5 2022.2
Sybase 2022.1 2022.2
Yellowbrick 2021.5 2022.2

Deprecated Features

Support for the following features has been deprecated:

  • Advanced Rules DSL for Data Policies only.
  • Differential Privacy
  • External Policy Handler

v2022.1.0 Migration Notes

  • All users must be on Immuta version 2020.2 or greater to migrate directly to 2022.1.
  • Immuta requires a signing certificate to add or edit SAML-based IAMs. If you are using Immuta's SAML integration, provide a signing certificate to any existing configured IAMs, as this will be required in a future release for the IAM to continue working.
  • Redshift bootstrap script has been split into two different scripts.

v2022.1.0 Bug Fixes

  • "Active" tags on merged Share Responsibility Global policies did not show the active number of data sources they were enforced on.
  • The configuration section for Native Workspaces could break if a native handler was not enabled.
  • Databricks:

    • If a table in Databricks had been created from an AVRO schema file, queries against the table on Immuta-enabled clusters only returned results for partition columns. Additionally, trying to create tables from an AVRO schema file on Immuta-enabled clusters returned an error: "Unable to infer the schema."
    • Attempting to query an external Delta table that had been added as an Immuta data source as a non-admin resulted in a NoSuchDataSourceException if the table path had a space in it.
    • Fixed Databricks init script error handling when artifacts weren't downloading correctly.
    • Modified transformPlan wrappers to work with Databricks Runtime 9.1 update.
    • Errors occurred when using mlflow.spark.log_model on non-Machine Learning clusters.
  • If Immuta's built in identity manager (BIM) was disabled, the App Settings page froze when a user selected Migrate Users from BIM when configuring an external IAM.

  • Out of memory errors occurred while the Query Engine was processing jobs.

  • Redshift integration performance issues related to Python UDF concurrency capabilities.

  • Snowflake:

    • Snowflake Integration with Snowflake Governance Controls: When a data source existed in Immuta but not in Snowflake and a user tried to refresh the native policies, Immuta continuously retried to update the policies and then failed with the following error: Execution error in store procedure UPSERT_POLICIES: SQL compilation error: Table does not exist or not authorized.
    • When enabling a native Snowflake integration with an external catalog, if the host had multiple periods in the account the Snowflake plugin was invalid.
    • When users tried to edit the Excepted Roles/Users List for the integration, the configuration saved correctly. However, when the App Settings page refreshed, the Excepted Roles/Users List was empty and the allow list in Snowflake was not updated.
    • When a user's group was deleted in an external IAM, that update appeared in Immuta but was not syncing properly in Snowflake.
    • When using Snowflake native controls with Excepted Roles specified, if users tried to do an outer join using a column that had a masking policy applied, it resulted in an error: SQL compilation error: Invalid expression [] in VALUES clause.

v2022.1.0 Known Bugs

  • Editing a schema project to a database that already exists fails.
  • Project owners are unable to edit projects with approved purposes and data sources.