Run Sensitive Data Discovery on Data Sources
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Attributes overview
Attributes of all custom identifiers and templates are provided on the Sensitive data discovery API page. However, attributes specific to this section are outlined below.
sources
string
The name of the data sources to apply the template to.
all
boolean
If true
, SDD will run on all Immuta data sources. The default is false
.
wait
integer
The number of seconds to wait for the SDD jobs to finish. The value -1
will wait until the jobs complete. The default is -1
.
dryRun
boolean
When true
, SDD will not update the tags on the data source(s) and will just return what tags would have been applied or removed. See this section for an example. Default is false
.
template
string
If passed, Immuta will run SDD with this template instead of the applied template on the data source(s). Passing template
when dryRun
is false
will cause an error.
Run SDD on data sources
Specify the data sources you would like to run SDD on, and save the payload in a .json file.
Or choose to run SDD on all the data sources in Immuta, and save the payload in a .json file.
Trigger SDD using one of these methods:
Immuta CLI
If sensitive data discovery was successfully run, you will receive a response similar to this:
Additional tutorials
Test SDD on a data source
Users can test how SDD will apply tags to their data sources by completing a dryRun
, which allows users to test templates and tags:
test templates: If a template is specified in the payload when the
dryRun
istrue
, SDD will use this template instead of the template applied to the data source. Note: SDD will error if a template is specified here whendryRun
isfalse
.test tags: Instead of applying tags, SDD just returns the tags that would be applied to the data source. This allows users to evaluate whether or not identifiers or templates are applying tags correctly without updating the data source.
After evaluating whether or not the tags have been applied appropriately, users can then make necessary changes to a template before triggering SDD again.
To complete a dryRun
,
Specify the data sources you would like to run sensitive data discovery on and set
dryRun
totrue
in the payload in a .json file. Note: You can also apply a template to a data source as adryRun
, like in the example below. However, whendryRun
isfalse
, a template cannot be included in the payload. Instead, the template must be added to the data source before running SDD.
Trigger SDD using one of these methods:
Immuta CLI
You will receive a response that illustrates tags that will be added, tags that will be removed, and the final SDD result:
Once you are satisfied with how tags are applied by SDD, set
dryRun
tofalse
(or omit it from the payload).
Trigger SDD again:
Immuta CLI
If the request was successful, you will receive a response similar to this one:
Trigger SDD in the Immuta UI
Select a data source from your My Data Sources page.
Click the Health Check dropdown menu.
In the Sensitive Data Discovery (SDD) section, click Re-run.
What's next
Continue to one of the following tutorials:
Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
Create a template: Although only data governors can create identifiers, data owners can add identifiers to templates, which they then apply to their data sources to override
minConfidence
or tags for identifiers within the template.Create a custom identifier: Data governors can create custom identifiers to define their own regular expressions, dictionaries, and tags that SDD will use to discover and tag data.
Last updated