Skip to content

Immuta v2022.2.0 Release Notes

Immuta v2022.2.3

Immuta 2022.2.3 was released July 27, 2022, to address a minor bug with a Private Preview feature that only affected select customers. For details about Private Preview features, reach out to your Immuta representative.

Immuta v2022.2.2

Immuta 2022.2.2 was released July 25, 2022.

v2022.2.2 Bug Fixes

  • Databricks user impersonation did not work if backticks enclosed the username.

v2022.2.2 Known Bugs

  • Editing a schema project to a database that already exists fails.
  • Project owners are unable to edit projects with approved purposes and data sources.
  • Users cannot create an S3 data source using an instance role using the UI; they must use the API.
  • Databricks Runtime 10.4: Show partitions on delta table fails.

v2022.2.2 Migration Notes

  • IAM Signing Certificate Required for SAML. If you are using SAML integrations, you are required to upload your IAM signing certificate to Immuta to accept patch and roll-up releases. Announced in 2022.1.0.
  • All users must be on Immuta version 2020.2 or greater to migrate directly to 2022.2.2.

Immuta v2022.2.1

Immuta 2022.2.1 was released July 19, 2022.

v2022.2.1 Bug Fixes

  • Clicking the Sync User Metadata button in the Immuta UI could queue an infinite number of profile refresh background jobs.
  • The enriched audit logs created an error if data policies did not exist on a data source.
  • The attributes type for users was inconsistent with policy attributes type in the audit logs.
  • Advanced Subscription Policies: If an advanced subscription policy that did not contain special variables was created, customers with over 100,000 users could experience OOM issues.
  • Okta/SCIM: When adding users to Okta to sync with Immuta, TypeError: attributeValues is not iterable appeared in the logs.
  • LDAP users with parentheses in their common name caused authentication to fail when group sync was enabled.
  • When adding an S3 data source using instance roles, the prefix set by the user was not added to the handler metadata.

v2022.2.1 Known Bugs

  • Editing a schema project to a database that already exists fails.
  • Project owners are unable to edit projects with approved purposes and data sources.
  • Users cannot create an S3 data source using an instance role using the UI; they must use the API.
  • Databricks Runtime 10.4: Show partitions on delta table fails.

v2022.2.1 Migration Notes

  • IAM Signing Certificate Required for SAML. If you are using SAML integrations, you are required to upload your IAM signing certificate to Immuta to accept patch and roll-up releases. Announced in 2022.1.0.
  • All users must be on Immuta version 2020.2 or greater to migrate directly to 2022.2.1.

Immuta v2022.2.0

Immuta 2022.2.0 was released July 8, 2022.

v2022.2.0 New Features

General Availability

  • Access background jobs with enhanced visibility. This feature allows you to access information to debug issues and identify the cause.

  • Use the latest Databricks Runtime with Immuta. Databricks Runtime 10.4 LTS is now supported in Immuta.

  • Prove compliance with Databricks audit trails that include denial events. When Immuta users query Databricks tables that have been registered in Immuta, the query audit logs will include denial events and the policies associated with the decision. Such audit trails are required by some information security teams to prove compliance with secure data access.

Public Preview

  • Write Fewer, Simpler ABAC Policies. Enhanced Subscription Policy Variables empower users to write fewer, simpler ABAC (Users with Specific Groups/Attributes) policies. Previously, policy writers had to specify user attribute keys in separate policies to grant access. With Enhanced Subscription Policy Variables, Immuta's policy engine compares user attributes with data source properties (database, host, schema, table, or tag) in a single policy to determine if there is a match. When attribute keys match the property specified, users will be able to subscribe to the data source(s).

Private Preview

  • Snowflake:

    • Share policy-protected data in Snowflake with other Snowflake accounts using Snowflake Data Sharing. This integration allows you to author policies in Immuta and protect data shared with other Snowflake accounts in real time. For example, if a pharmaceutical company needed to share trial results outside their Snowflake account and needed to protect PHI, they could share that data outside their account and still have Immuta policies enforced.

    • Let Immuta manage privileges on your Snowflake tables instead of manually granting table access to users. With Snowflake Table Grants (Private Preview) enabled with the Snowflake with Governance Controls integration, Snowflake Administrators no longer have to manually grant table access to users; instead, Immuta manages privileges on Snowflake tables and views according to the subscription policies on the corresponding Immuta data sources.

v2022.2.0 Enhancements

  • The visual styles in the application have been updated.
  • Users can add multiple alternative owners to data sources at once.
  • Users can now specify column tags instead of just data source tags with the @hasTagAsAttribute Enhanced Subscription Policy variable.

v2022.2.0 Deprecations and Breaking Changes

End of Life (EOL) Database Integrations

These databases are no longer available in the product. Some of these may be available through Immuta’s partner integrations, such as Trino.

Database Deprecation Notice End of Life (EOL)
DB2 iSeries 2022.1 2022.2
DB2 LUW 2022.1 2022.2
DB2 z/OS 2022.1 2022.2
FTP 2022.1 2022.2
Jethro 2021.5 2022.2
MongoDB 2021.5 2022.2
SingleStore 2021.5 2022.2
SOLR 2021.5 2022.2
Sybase 2022.1 2022.2
Yellowbrick 2021.5 2022.2

Deprecated Features

Deprecated items remain in the product with minimal support until their end of life date.

  • None.

Removed Features

Removed features are no longer available in the product.

Feature Deprecation Notice End of Life (EOL)
Advanced Rules DSL for Data Policies 2022.1.0 2022.2
Differential Privacy 2022.1.0 2022.2
The Custom / External Policy Handler 2022.1.0 2022.2
Policy export/import 2021.4 2022.2

Alternative Solutions

v2022.2.0 Migration Notes

  • IAM Signing Certificate Required for SAML. If you are using SAML integrations, you are required to upload your IAM signing certificate to Immuta to accept patch and roll-up releases. Announced in 2022.1.0.
  • All users must be on Immuta version 2020.2 or greater to migrate directly to 2022.2.

v2022.2.0 Bug Fixes

  • Group permissions were not considered when users attempted to create data sources or Global Policies. For example, if a user was a member of a group that had the GOVERNANCE permission assigned to it, that user was not inheriting the GOVERNANCE permission. Consequently, when that user tried to apply a Global Policy to a data source, they received an error. However, if a user had the GOVERNANCE permissions applied to their account directly, they were able to create a Global Policy. This same behavior occurred with the CREATE_DATA_SOURCE permission.
  • Tags were removed from data sources if they were applied after data source creation and before the external catalog health check (which is triggered by navigating to the data source). However, tags applied to a data source during creation remained on the data source.
  • Snowflake:
    • Creating a policy using the Advanced DSL Data policy builder in the view-based Snowflake integration sometimes caused errors.
    • Updating the credentials for a Snowflake integration that has an external catalog did not update the credentials of the catalog.
    • SHOW GRANTS TO ROLE would timeout during validateGrants.
    • Snowflake with Governance Features:
      • Row access policies were not be dropped from IMMUTA_POLICIES after the data source was deleted.
      • There was a syntax error when creating policies on columns that had the same name as a SQL keyword.
      • UPSERT_POLICIES failed when the column had a period in the name.
  • When a user's entitlements changed, Immuta did not properly send notification to the integration to GRANT or REVOKE access to tables in the remote system.
  • Entering a single quotation mark in the search bar sometimes caused an error.
  • After an Alation or Collibra catalog were configured, new data sources were not linked to the catalogs automatically.
  • Logging in to Immuta after being logged out due to inactivity sometimes displayed a blank page.
  • If an SSL CA cert was used when setting up an LDAP IAM, clicking the Test LDAP Sync button resulted in an error.
  • Local policies sometimes appeared on the Global policies page.
  • Activity panel covered the policy builder when long SQL statements were entered for conditional policies.
  • Clicking the Policies icon in the left sidebar while editing a Subscription policy displayed an empty Data Policy Builder instead of the Policies page.
  • When configuring an External REST Catalog, users could not click the Test Connection button if the No Authentication option was selected.
  • The Immuta login page did not display for some older browser versions of Edge.
  • Equalized projects with many data sources had performance issues.
  • SSO callback URLs did not work because they were different than the public Immuta URL.
  • Redshift regex policies did not work when using metacharacters with backslashes and the global policy flag flipped.

v2022.2.0 Known Bugs

  • Editing a schema project to a database that already exists fails.
  • Project owners are unable to edit projects with approved purposes and data sources.
  • Users cannot create an S3 data source using an instance role using the UI; they must use the API.
  • LDAP users with parentheses in CN cause authentication to fail if group sync is enabled.
  • Databricks Runtime 10.4: Show partitions on delta table fails.