1 of 3

Understandability

Natural Language Represented Policy

Prerequisites: Before using this walkthrough, please ensure that you’ve first done

Parts 1-5 of the POV Data Setup
the Schema Monitoring and Automatic Sensitive Data Discovery walkthrough and
at least one of the following:

Overview

This is a pretty simple one: if you can’t show your work, you are in a situation of trust with no way to verify. Writing code to enforce policy (Snowflake, Databricks, etc.) or building complex policies in Ranger does show your work to a certain extent - but not enough for outsiders to easily understand the policy goals and verify their accuracy, and certainly not to the non-engineering teams that care that policy enforcement is done correctly.

With Immuta, policy is represented in natural language that is easily understood by all. This allows non-engineering users to verify that policy has been written correctly. Remember also that when using global policies they leverage tags rather than physical table/column names, which further enhances understandability.

Lastly, and as covered in the Scalability theme, with Immuta you are able to build far fewer policies, we are talking upwards of 75x fewer policies, which provides an enormous amount of understandability with it.

Certainly this does not mean you have to build every policy through our UI - Data Engineers can build automation through our API (covered in the next theme), if desired, and those policies are presented in a human readable form to the non-engineering teams that need to understand how policy is being enforced.

Business Value

Once you have created a trusted and verified environment, through centralized policy management, all stakeholders can rest easy and mistakes can be caught quickly.

Because of this, the business reaps

Increased revenue: accelerate data access / time-to-data because the legal and compliance teams trust that data is being protected correctly because they can verify that is the case.
Decreased risk: Mistakes will not linger hidden beneath complex code, the spirit of how your organization interprets law and policy can be easily verified.

Reading a policy

Assumptions: Your user does not have to have any required permissions.

Log in to Immuta with any user.
Click the Policies icon in the left sidebar.
Choose a Data policy to expand and read. You understand them; anyone can!

This is a picture one of our customers created that depicts the logic:

Anti-Patterns

The anti-pattern is that the way you build policy is so technical and/or complex, you have no way to allow non-technical leadership to validate your work. This leaves the Data Engineering team struggling to prove they’ve done their job and creates distrust that policy enforcement is happening correctly, which creates a domino effect of involving more humans to manually approve access, completely halting time-to-data.

Next Steps

Feel free to return to the POV Guide to move on to your next topic.

Policy History and Changes

Prerequisites: Before using this walkthrough, please ensure that you’ve first done
Parts 1-5 of the POV Data Setup
the Schema Monitoring and Automatic Sensitive Data Discovery walkthrough and
at least one of the following:

Prerequisites: Before using this walkthrough, please ensure that you’ve first done

Parts 1-5 of the POV Data Setup
the Schema Monitoring and Automatic Sensitive Data Discovery walkthrough and
at least one of the following:

Overview

Understandability of policy, as discussed in the previous walkthrough, Natural Language Represented Policy, is critically important to create a prove and verify environment. This should be further augmented by change history around policy, and being able to monitor and attribute change.

Immuta provides this capability through our extensive audit logs and takes it a step further by providing history views and diffs in the user interface.

Business Value

Once you have created a trust and verify environment WITH full auditability, all stakeholders can rest easy and monitoring change can be enabled.

Because of this, the business reaps

Increased revenue: accelerate data access / time-to-data because the legal and compliance teams trust that data is being protected correctly because they can verify that is the case.
Decreased risk: Changes are obvious to all and can be reacted to quickly.

Viewing Policy Audit

Assumptions: Your user has the following permissions in Immuta (note you should have these by default if you were the initial user on the Immuta installation):

GOVERNANCE: in order to view policy audit OR
“Data Owner” of the registered tables. (You likely are the Data Owner and have GOVERNANCE permission.)

First, let's examine a Global Policy.

Log in to Immuta.
Click the Audit icon in the left sidebar.
In the facets section on the left, expand the time bar to full history.
Under Record Type, click the Global Policy Applied checkbox.
This will list all Global Policies that have been applied; click on one to inspect it.

Now let’s leave the audit history and go to an actual table in the UI to see its specific history.

Click the Data Sources icon in the left sidebar.
Click into any of your data sources (where you’ve applied policy).
Click the Policies tab.
On the right, there is an Activity menu; if it is not expanded, expand it.
Examine it. Depending on how many policies you’ve applied, it will show the running history.

Lastly, let’s take a look at all activity in Immuta and examine a policy “diff."

Click the Governance icon in the left sidebar.
Click the Notifications tab at the top of the page.
Scroll through the notifications until you see one that starts with something like The following global policy has been applied/updated on… This is a global policy applied event.
Click on the green Governance icon on the left of that row to View Details.
This will provide a GitHub-like diff pop-up that will show the previous policy as compared to the prior policy. (Prior policy is likely empty because we created policies from scratch in these walkthroughs.)

Note that all notifications can be grabbed as webhooks, so you can take Immuta notifications and plug them into something like Slack, if desired.

Anti-Patterns

The anti-pattern is to build policy based on tasking an engineer in an ad-hoc manner. When this occurs, there is no history of the change, nor is it possible to see the difference between the old and new policies. That makes it impossible to take a historical look at change and understand where an issue may have arisen. If you have a standardized platform for making policy changes, then you are able to understand and inspect those changes over time.

Next Steps

Feel free to return to the POV Guide to move on to your next topic.

Policy History and Changes

Prerequisites: Before using this walkthrough, please ensure that you’ve first done
Parts 1-5 of the POV Data Setup
the Schema Monitoring and Automatic Sensitive Data Discovery walkthrough and
at least one of the following:

Prerequisites: Before using this walkthrough, please ensure that you’ve first done

Parts 1-5 of the POV Data Setup
the Schema Monitoring and Automatic Sensitive Data Discovery walkthrough and
at least one of the following:

Overview

Immuta provides this capability through our extensive audit logs and takes it a step further by providing history views and diffs in the user interface.

Business Value

Once you have created a trust and verify environment WITH full auditability, all stakeholders can rest easy and monitoring change can be enabled.

Because of this, the business reaps

Increased revenue: accelerate data access / time-to-data because the legal and compliance teams trust that data is being protected correctly because they can verify that is the case.
Decreased risk: Changes are obvious to all and can be reacted to quickly.

Viewing Policy Audit

Assumptions: Your user has the following permissions in Immuta (note you should have these by default if you were the initial user on the Immuta installation):

GOVERNANCE: in order to view policy audit OR
“Data Owner” of the registered tables. (You likely are the Data Owner and have GOVERNANCE permission.)

First, let's examine a Global Policy.

Log in to Immuta.
Click the Audit icon in the left sidebar.
In the facets section on the left, expand the time bar to full history.
Under Record Type, click the Global Policy Applied checkbox.
This will list all Global Policies that have been applied; click on one to inspect it.

Now let’s leave the audit history and go to an actual table in the UI to see its specific history.

Click the Data Sources icon in the left sidebar.
Click into any of your data sources (where you’ve applied policy).
Click the Policies tab.
On the right, there is an Activity menu; if it is not expanded, expand it.
Examine it. Depending on how many policies you’ve applied, it will show the running history.

Lastly, let’s take a look at all activity in Immuta and examine a policy “diff."

Click the Governance icon in the left sidebar.
Click the Notifications tab at the top of the page.
Scroll through the notifications until you see one that starts with something like The following global policy has been applied/updated on… This is a global policy applied event.
Click on the green Governance icon on the left of that row to View Details.
This will provide a GitHub-like diff pop-up that will show the previous policy as compared to the prior policy. (Prior policy is likely empty because we created policies from scratch in these walkthroughs.)

Note that all notifications can be grabbed as webhooks, so you can take Immuta notifications and plug them into something like Slack, if desired.

Anti-Patterns

Next Steps

Feel free to return to the POV Guide to move on to your next topic.

Natural Language Represented Policy

Prerequisites: Before using this walkthrough, please ensure that you’ve first done

Parts 1-5 of the POV Data Setup
the Schema Monitoring and Automatic Sensitive Data Discovery walkthrough and
at least one of the following:

Overview

Business Value

Once you have created a trusted and verified environment, through centralized policy management, all stakeholders can rest easy and mistakes can be caught quickly.

Because of this, the business reaps

Increased revenue: accelerate data access / time-to-data because the legal and compliance teams trust that data is being protected correctly because they can verify that is the case.
Decreased risk: Mistakes will not linger hidden beneath complex code, the spirit of how your organization interprets law and policy can be easily verified.

Reading a policy

Assumptions: Your user does not have to have any required permissions.

Log in to Immuta with any user.
Click the Policies icon in the left sidebar.
Choose a Data policy to expand and read. You understand them; anyone can!

This is a picture one of our customers created that depicts the logic:

Anti-Patterns

Next Steps

Feel free to return to the POV Guide to move on to your next topic.