Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
The Immuta people page is visible only to user administrators; the following actions can be completed on the Immuta people page:
Create, manage, and delete users.
Add or delete permissions from users and groups.
Add or delete attributes from users and groups.
Create, manage, and delete groups.
On this tab, administrators can add users, filter the list of users, or navigate to users' profiles by clicking on their name.
After clicking on an individual user from this list, the user's email, position, and last login and update appear. From here, admins can manage the user's permissions, attributes, and groups.
Similar to the Users tab, the Groups tab includes a list of groups. After clicking on a specific group, administrators can view the group details, add and remove group members, and manage attributes for the group.
Governors manage purposes for data use across Immuta. After creating a purpose, governors can customize acknowledgement statements that users must agree to before accessing a project or data source. Project owners also have the ability to create purposes that will populate on the purposes tab of the governance page.
Governors can build reports to analyze how data is being used and accessed across Immuta using this report builder. Reports can be based on users, groups, projects, data sources, tags, purposes, policies, and connections within Immuta.
For detailed information on how to run reports, see Immuta reports.
This tab contains a list of all activity associated with the governor, data sources, and global and local policies.
This tab contains a list of all tags within the Immuta environment. This includes built-in Immuta tags, tags created by governors, and tags imported from an external catalog. These tags can then be applied to projects, data sources, and the data dictionary by governors, data owners, or data source experts.
Governors can click on the tags listed here to open up a tag details page. This details page has an overview tab with information about the tag's description, origin, and creation. It also includes a data sources tab that lists the data sources the tag has been applied to and information about its application. The tag details page also includes a columns tab with the columns the tag has been applied to and information about its application, like the other tags applied to that column.
For more information on tags, see the Tags in Immuta page.
Audience: Data Owners, Data Users, and Data Governors
Content Summary: Projects allow users to collaborate in their data analysis by combining data sources and providing special access to data for project members. Projects are created, managed, and joined from the Projects page.
This page highlights the major features of the Projects page. For conceptual details or specific tutorials, click the links below or navigate to Collaborating, writing, and sharing through projects.
This page lists all the public projects available to be joined by others in the All Projects tab and all projects users own or belong to are listed in the My Projects tab. Additionally, users with the CREATE_PROJECT permission can create a new project from this page.
To view details about a specific project, users click the project name.
After navigating to a specific project from the Projects page, the following information about the project is visible to users on the Overview tab:
Project Details: Information about the project appears in the sidebar on the left of the Overview tab. Details include when the project was created, the purposes associated with the project, a description of the project, the project ID, and credentials.
Documentation: If Project Owners choose, they may add documentation about their project, which will appear in this section to viewers. If no additional documentation about the project is added, only the project name will appear here.
Data Sources: The data sources associated with the project are listed here. Users can click on individual data sources to view the reason why it was added to the project and they can navigate to the data source itself. Project Owners can also manage their project data sources in this section.
Tags: Tags associated with the data source are listed here. Project Owners can manage tags from this section.
Activity Panel: All activity associated with with the project is listed in the sidebar on the right of the screen. Information recorded here includes who added data sources and tags to the project, members who have been added and removed from the project, and policy updates to the project.
This page includes a list of project members, their contact information and role, how they are subscribed, and when their membership expires. From this page, Project Owners can add and remove members from the project.
Members can be filtered by Role or Subscription using the Filters button.
This tab allows Project Owners to choose who may request access to their project or whether or not their project is visible at all to users who are not project members.
The Project Equalization section enables Project Owners to level all members' access to data so that data appears the same to all project members, regardless of their individual attributes or groups.
The Subscribers section allows Project Owners to make their project open to anyone, to users who request and are granted access, to users with specified groups and attributes, or only to users the Project Owners manually add.
Deprecation notice
Support for this feature has been deprecated.
Project members can view, create, reply to, delete, and resolve discussion threads in this tab.
A list of data sources within the project appears in this tab. Project members can view, comment on, and add data sources to the project here as well. Any project member can add data sources to the project, unless the Allow Masked Joins or Project Equalization features are enabled; in those instances, only Project Owners can add data sources to the project.
The data sources page allows Immuta users to view, subscribe to, and create data sources in Immuta. On the main data source page is a list of data sources. Users can navigate between the All Data Sources tab and the My Data Sources tab to filter this list. Additionally, the Search bar can be used to filter search results by data source name, tag, project, connection strings, or columns.
To navigate to a specific data source, click on it from this list, and you will be taken to the data source overview page
In addition to the data source's health, this page provides detailed information about the data source and is organized by tabs across the top of the page: , , , , , , and . The visibility and appearance of the tabs will vary slightly depending on the type of user accessing the data source.
This section includes detailed information regarding Data Source Health and Data Source Health Checks. The health status of a data source is visible in the top right corner of the data source details page.
If you click the health status text, a dropdown menu displays the status of specific data source checks.
Health Check: When an Immuta data source is created, a background job is submitted to compute the row count and high cardinality column for the data source. This job uses the connection information provided at data source creation time. A data source initially has a health status of “healthy” because the initial health check performed is a simple SQL query against the source to make sure the source can be queried at all. After the background job for the row count/high cardinality column computation is complete, the health status is updated. If one or both of those jobs failed, the health status will change to “Unhealthy.”
Fingerprint: Captures summary statistics of a data source when a data source is created, when a policy is applied or changed, or when a user manually updates the data source fingerprint.
View: Depending on the integration, this records if a view has been created to represent the data source in an integration, when it was created, and gives a button to re-create the view if policies have been changed.
Row Count: Calculates the number of rows in the data source.
High Cardinality: Calculates the high cardinality columns, which contain unique values such as identification numbers, email addresses, or usernames. A high cardinality column is required to generate consistent random subsets of data for use in certain minimization techniques.
Global Policies Applied: Verifies that relevant Global Policies are successfully applied.
: Detects when a new table has been added in a remote database and automatically creates a new data source. Correspondingly, if a remote table is removed, that data source will be disabled in the console. Schema detection is set to run every night.
: Detects when a column has been added or removed in a remote database and automatically updates the data source in Immuta. This detection is set to run every night, but users can manually trigger the job here.
This tab includes detailed information about the data source, including its Description, Technology, Table Name, Remote Database, Remote Table, the Parent Server, and the Data Source ID.
This tab contains information about the users associated with the data source, their username, when their access expires, what their role is, how they are subscribed to the data source, and an Actions button that details the users' subscription history, including the reason users need access to the data and how they plan to use it.
Members can be filtered by Role or Subscription using the Filters button.
This tab lists the policies associated with the data source and includes three components:
Subscribers: Lists who may access the data source. If a Subscription Policy has already been set by a Global Policy, a notification and a Disable button appear at the bottom of this section. Data Owners can click the Disable button to make changes to the Subscription Policy.
Activity Panel: Records all changes made to policies by Data Owners or Governors, including when the data source was created, the name and type of the policy, when the policy was applied or changed, and if the policy is in conflict on the data source. Global policy changes are identified by the Governance icon; all other updates are labeled by the Data Sources icon.
The Data Dictionary is a table that details information about each column in a data source. The information within the Data Dictionary is generated automatically when the data source is created if the remote data platform supports SQL. Otherwise, Data Owners or Experts can manually create Data Dictionaries. The Data Dictionary tab includes three sections:
Name: The name of the column in the table.
Type: The type of value, which may be text, integer, decimal, or timestamp.
Actions: Users may use the buttons in this column to edit, comment, or tag items in the Data Dictionary.
Deprecation notice
Support for this feature has been deprecated.
Users are able to comment on or ask questions about the Data Dictionary columns and definitions, public queries, and the data source in general. Resolved comments and questions are available for review to keep a complete history of all the knowledge sharing that has occurred on a data source.
Contact information for Data Owners is provided for each data source, which allows users to ask questions about accessibility and attributes required for viewing the data.
This tab lists all projects, derived data sources, or parent data sources associated with the data source and includes the reason the data source was added to a project, who added the data source to the project or created it, and when the data source was added to the project or created.
When users submit an Unmask request in the UI, a Tasks tab appears beside the Relationships tab for the requesting user and the user receiving the request. This tab contains information about the request and allows users to view and manage the tasks listed.
Audience: All users
Content Summary: The Policies page allows all users to view and search all policies and the data sources they apply to. Additionally, Governors and Data Owners can manage Global Policies and Restricted Global Policies on this page.
This document illustrates the basic features of the Policies page. For a tutorial, navigate to the , the or the .
These tabs list all policies and detail the tags, purposes, and policy type; the scope and state of the policy, and when and by whom the policy was created.
The Advanced Search allows users to search for policies based on specific facets, such as policy type, rule type, purposes, conflicts, and creator.
The Immuta UI allows users to share, access, and analyze data from one secure location efficiently and easily. This section of documentation introduces all Immuta users to pages and basic features found in the Immuta console.
Data:
: Create, manage, and subscribe to data sources.
: Combine data sources, work under specified purposes, and collaborate with other users.
: Manage user roles, groups, and attributes.
: Manage global policies and view all policies and the data sources they apply to.
: Configure purposes, run governance reports, and view notifications.
: Analyze how data is being used across your organization.
: Write, modify, and execute queries against data sources you're subscribed to in the Immuta UI.
: Configure Immuta to meet your organization's needs.
: View access requests and receive activity updates.
: Manage username and password, access SQL credentials, and generate API keys.
From here, data owners can also and edit or create a data source description.
This tab is visible to everyone, but Data Owners and Governors can .
Data Policies: Lists policies that enforce privacy controls on the data source. Data Owners can use this section to .
This tab is visible to everyone, but Data Owners and Governors can from this page.
Audience: Application Administrators
Content Summary: The App Settings Page is visible only to Application Administrators and allows them to configure the Immuta settings, to manage license keys, and to generate a status bundle.
This tab is where the Administrator can add IAMs, external catalogs, and data providers. They can also adjust various Immuta settings to configure it better to their organization's needs.
For a tutorial on changing settings on this tab see App Settings Tutorial.
This tab includes a list of licenses and details the universally unique identifier (UUID), the features associated with specific licenses, the expiration dates, the total number of seats, and the date the keys were added. Administrators can also add and delete license keys from this page.
This tab allows Administrators to export a zip file called the Immuta status bundle. This bundle will include information helpful to assess and solve issues within an Immuta instance by providing a snapshot of Immuta, associated services, and information about the remote source backing any of the selected Data Sources. When generating the status bundle the Administrator may select the particular information that will help solve the issue at hand.
Audience: All Immuta users
Content Summary: Notifications in the Immuta UI fall into two categories: Access Requests and Activity. This page illustrates these basic Notification features in the Immuta UI.
Request notifications alert Data Owners that users wish to subscribe to their data sources.
Users can view their request notifications by clicking on the cell phone icon in the top right corner of the Immuta Console.
After clicking on the icon, Data Owners can grant or reject requests directly in the notifications drop-down.
Users will see their pending access requests in the same dropdown.
Activity notifications are used to alert users to actions that other users have performed within Immuta. The activity requests that each user receives depend on their permissions and responsibilities.
Data Users: Data Users receive activity notifications when Data Owners accept or deny their pending access requests.
Data Owners: Data Owners receive notifications about activity in their data sources and projects and when users query their data sources that have policies enforced. These notifications are shown when the user selects the bell icon in the upper righthand corner.
Governors: Governors receive notifications for all data source activity, including policy updates within Immuta. These notifications are shown when the user selects the bell icon in the upper right-hand corner.
Administrators: Administrators receive notifications for user, group, and attribute activity, such as when a new user is created or when an attribute is added to a group. These notifications are shown when the user selects the bell icon in the upper right-hand corner.
For an extensive list of notifications, see the Webhooks API page.
If SMTP is configured for an organization's Immuta instance, users may also receive notifications at the email address they configure in their profile.
Users can subscribe to email notifications by completing the following steps:
Navigate to the User Profile page, and select Edit from the dropdown menu in the top right corner of the user profile information panel.
Select the Receive System Notifications as Emails checkbox at the bottom of the window that appears.
Click Save.
Once this setting is enabled, Immuta will compile notifications and distribute these compilations via email at 8-hour intervals.
Deprecation notice
Support for this feature has been deprecated.
This page outlines the basic features of the Query Editor, which contains three main components: Table List and Schema View, the Query Editor, and the Query Results View. For a tutorial that details how to use the Query Editor, navigate to the Data Source User Guide.
The Query Editor allows users who are subscribed to a data source to preview data and write and execute queries directly in the Immuta UI for any data sources they are subscribed to. Additionally, Data Owners can examine how their policies impact the underlying data.
This panel contains a list of tables (grouped by schema) the user is subscribed to, and this list will automatically update when users switch their current project. Clicking a table in the list displays the schema view, which shows all columns with their respective data types.
Users can enter, modify, and execute their own queries in this panel. After users click Run Query, results will appear in the Query Results panel.
In the top right corner of the Query Editor is a dropdown to select a schema. Any tables in SELECT statements that are not schema-qualified will use the schema chosen from the dropdown.
This panel displays the data returned by the query. Table columns can be resized or re-arranged by clicking and dragging, and results can be filtered. Currently displayed results can also be exported to .csv (limited to 1000 rows.)
Application Administrators can turn off the Query Engine to ensure data does not leave a data localization zone when authorized users access the Immuta Application outside data jurisdiction.
When the Query Engine is disabled, the SQL Credentials tab on a user profile page is removed. The associated SQL accounts are also deleted, so if an Administrator re-enables the Query Engine those SQL accounts must be recreated.
For a tutorial that details how to disable the Query Engine, navigate to the App Settings Tutorial.
Deprecation notice
Support for the audit page has been deprecated. Instead, pull audit logs from Kubernetes and push them to your SIEM.
All activity in Immuta is audited. This process provides rich audit logs that detail who subscribes to each data source, why they subscribe, when they access data, what SQL queries and blob fetches they run, and which files they access. Audit logs can be used for a number of intentions, including insider threat surveillance and data access monitoring for billing purposes. Audit logs can also be shipped to your enterprise auditing capability.
For more details about using audit logs, see the Audit Logs User Guide.
Immuta's logging system is designed to easily connect with enterprise log collection and aggregation systems. Please see the Immuta System Audit Logs page for full details.
Immuta provides access to all of the audit logs via the Audit page.
Only users with the AUDIT permission can access this page. See the Administration section for more information.
Users can sort these logs by ascending (oldest entries first) or descending (latest entries first) order. By default, 50 log entries are displayed to a page, but that can be changed to 100 or 200. Additionally, users can filter the entries in a variety of ways, including by project purpose, blobId, remote query id, the entry timestamp, data source, project, record type, user, and SQL query. These query audit records detail the query run, the columns that were masked, and how the masking was enforced.
The user profile page contains personal information your user account, including contact information, API keys, and pending requests. To navigate to the user profile page or quick actions, click the profile icon in the header of the Immuta UI and select Profile..
The following information about the user is displayed on their profile page. With the exception of the Databricks, Redshift, Snowflake, or Synapse username, this information may be edited by the user at any time.
Name: The user's full name.
Email: The user's email address.
Position: The user's current position.
Last Updated: The time of the user's last profile update.
About: A short description about the user.
Location: The user's work location.
Organization: The organization that a user is associated with.
Phone Number: The user's phone number.
Databricks Username: The user's Databricks username. Only an admin may set this field.
Redshift Username: The user's Redshift username. Only an admin may set this field.
Snowflake Username: The user's Snowflake username. Only an admin may set this field.
Synapse Username: The user's Synapse username. Only an admin may set this field.
Receive System Notifications as Emails: The user can opt to receive email notifications.
In order to connect to the query engine, each user must create SQL credentials. SQL credentials can be accessed by clicking the SQL Credentials tab.
For more information on SQL credentials, see Managing SQL accounts guide.
API keys allow for a secure way to communicate with the Immuta REST API without requiring the username and password. Each key can be revoked at any time and new ones generated. Once a key is revoked it can no longer be used to access the REST API, and users will need to authenticate any tool that they were using with the revoked API key with a new key.
Once in the API keys tab, a user can generate API keys or revoke API keys.
An API key can be linked to a project. By linking an API key to a project, you will be limiting that API key's visibility to only data sources associated with that project.
The requests tab allows users to view and manage all pending access requests directly from their profile page.
Deprecation notice
Support for this feature has been deprecated.
The Query Editor allows users to write, modify, and execute queries against data sources they are subscribed to.
Click the Query Editor icon in the left sidebar.
Select a data source in the Tables list.
Click the dropdown menu icon next to the data source and select Preview Sample Data, or click Preview Sample Data in the Table Schema panel.
View data in the Results panel.
Filter results by clicking the overflow menu next to the column name.
Rearrange and resize columns by clicking and dragging.
Run and export full results or export current results to .csv by clicking one of the corresponding download buttons in the top right corner of the table.
Click the Query Editor icon in the left sidebar.
Write your query in the Query Editor panel.
Execute your query by clicking the Run Query button. Note: Clicking this button will only run the currently highlighted query. Queries (or portions of queries) can be executed by manually highlighting the query (or portion of the query) and clicking Run Query.
View data in the Results panel.
Filter results by clicking the overflow menu next to the column name.
Rearrange and resize columns by clicking and dragging.
Export results to .csv by clicking the download button in the top right corner of the table.