Chapter 3 - Writing Global Policies for Compliance
Audience: Compliance managers and Data Governors
Unlike Local Policies, Global Policies can apply to all data sources and are enforced on data sources as Owners create them. Using tags within Global Policies is the key to this global but specific governance.
If an organization's requirements state, access to personal information is restricted to users within the same country or geographic region, they can create a single Global Policy to meet it. The policy will apply to both current data sources and any that will be created:
Best Practices: Writing Global Policies
- Use Schema Monitoring to assess changes to data sources.
- Activate the New Column Added templated Global Policy. This will protect sensitive data before Data Owners review any new columns.
- Write Global Policies using Discovered tags and attributes before connecting data.
- Use Global Policies to manage data access.
- In most cases, the goal is to share as much data as possible while complying with privacy regulations. Immuta recommends general subscription policies and specific data policies to give as much access as possible.
- Use the minimum amount of policies possible to achieve the data privacy needed.
Chapter 3 Use Case Scenario
This use case is presented throughout this chapter in a call-out to illustrate specific Global Policies. The solutions presented can be adjusted to meet your specific needs.
This organization manages access to multiple environments (Dev, Test, and Prod), each of which has users with different permissions accessing the data. Right now, the compliance team has to manually approve access for each user for every data source. This manual process is causing delays between access requests and the access to data. Teams need a scalable way to meet their requirements:
- Users should access only the data sources in their environments.
- Redact PII for all users.
To meet these, the compliance team will need to collaborate with admins to complete the objectives outlined below.
In this chapter, you will complete tutorials that show how to
- create and verify tags and attributes so that they map to existing requirements.
- write a Global Subscription Policy.
- write a Global Data Policy.
- activate templated policies.
- clone a Global Policy.
- review, approve, and promote Global Policies to a production environment.
Concept Overviews: Each of these pages explains a concept and how it connects to other features.
Tutorials: Each of these pages provides step-by-step instructions for using a feature.
- Write a Global Subscription Policy
- Write a Global Data Policy
- Clone, Activate, or Stage a Global Policy
- Approve and Promote a Global Policy
Policy as Code: API Reference Guides: These pages detail how to access Immuta through the API.