In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Use case: Custom column name regex identifier
Scenario: You've listed Immuta's built-in identifiers for sensitive data discovery, but you discover there is no identifier that can automatically detect and tag columns that contain account numbers in your database.
A custom column name regular expression (regex) identifier allows you to create your own detectors that enable Immuta's sensitive data discovery to find column name matches based on a regex pattern. For example, if your database contains tables with social security numbers, you could define a regex pattern to match against the names of the column instead of the values within the column. The tutorial below uses this scenario to illustrate creating this identifier.
Attributes of all custom identifiers are provided on the Sensitive data discovery API page. However, attributes specific to the custom column name regex identifier are outlined in the table below.
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.
Save the custom column name regex identifier payload in a .json file. The regex ^ssn|social ?security$
looks for column names that match ssn
, socialsecurity
, or social security
.
Create the identifier using one of these methods:
Immuta CLI
HTTP API
If the request is successful, you will receive a response that contains details about the identifier.
Continue to one of the following tutorials:
Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
Create a template: Although only data governors can create identifiers, data owners can add identifiers to templates, which they then apply to their data sources to override minConfidence
or tags for identifiers within the template.
Attribute | Description | Required |
---|---|---|
name
string
Unique, request-friendly identifier name.
Yes
displayName
string
Unique, human-readable identifier name.
Yes
description
string
The identifier description.
Yes
type
string
The type of identifier: columnNameRegex
.
Yes
config
object
Includes config.columnNameRegex
and config.tags
. *See descriptions for these below.
Yes
tags*
array[string]
The name of the tags to apply to the data source. Note: All tags must start with Discovered.
.
Yes
columnNameRegex*
string
A case-insensitive regular expression to match against column names.
Yes
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Use case: Custom regex identifier
Scenario: You've listed Immuta's built-in identifiers for sensitive data discovery, but you discover there is no identifier that can automatically identify and tag columns that contain account numbers in your database.
A regular expression (regex) custom identifier allows you to create your own rules that enable Immuta's sensitive data discovery to find matches based on a regex pattern. For example, if a table contains account numbers in the form of xxxxxxxxx-xxx-x
, you could define a regex pattern in a custom identifier to identify and tag these columns. The tutorial below uses this scenario to illustrate creating this identifier.
Attributes of all custom identifiers are provided on the Sensitive data discovery API page. However, attributes specific to the custom regex identifier are outlined in the table below.
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.
Save the custom regex identifier payload in a .json file.
Create the identifier using one of these methods:
Immuta CLI
HTTP API
If the request is successful, you will receive a response that contains details about the identifier.
Continue to one of the following tutorials:
Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
Create a template: Although only data governors can create identifiers, data owners can add identifiers to templates, which they then apply to their data sources to override minConfidence
or tags for identifiers within the template.
Attribute | Description | Required |
---|---|---|
name
string
Unique, request-friendly identifier name.
Yes
displayName
string
Unique, human-readable identifier name.
Yes
description
string
The identifier description.
Yes
type
string
The type of identifier: regex
.
Yes
config
object
Includes config.minConfidence
, config.tags
, and config.regex
. *See descriptions for these below.
Yes
minConfidence*
number
When the detection confidence is at least this percentage, tags are applied.
Yes
tags*
array[string]
The name of the tags to apply to the data source. Note: All tags must start with Discovered.
.
Yes
regex*
string
A case-insensitive regular expression to match against column values.
Yes
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Use case: Custom dictionary identifier
Scenario: You have data that includes the names of the rooms employees' desks are in across your organization. Although these locations may be considered sensitive in particular datasets, they would not be recognized by Immuta's built-in identifiers.
A custom dictionary identifier allows you to create your own rules that enable Immuta's sensitive data discovery to match a list of room names to values in the dataset. The tutorial below uses this scenario to illustrate creating this identifier.
Attributes of all custom identifiers are provided on the Sensitive data discovery API page. However, attributes specific to the custom dictionary identifier are outlined in the table below.
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.
Save the custom dictionary identifier payload in a .json file. The dictionary below contains the words Research Lab
, Blue Room
, and Purple Room
.
Create the identifier using one of these methods:
Immuta CLI
HTTP API
If the request is successful, you will receive a response that contains details about the identifier.
Continue to one of the following tutorials:
Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
Create a template: Although only data governors can create identifiers, data owners can add identifiers to templates, which they then apply to their data sources to override minConfidence
or tags for identifiers within the template.
Attribute | Description |
---|---|
name
string
Unique, request-friendly identifier name.
displayName
string
Unique, human-readable identifier name.
description
string
The identifier description.
type
string
The type of identifier: dictionary
.
config
object
Includes config.minConfidence
, config.tags
, config.values
, and config.caseSensitive
(defaults to false
). *See descriptions below.
minConfidence*
number
When the detection confidence is at least this percentage, tags are applied.
tags*
array[string]
The name of the tags to apply to the data source. Note: All tags must start with Discovered.
.
values*
array[string]
The list of words to include in the dictionary.
caseSensitive*
boolean
Indicates whether or not values
are case sensitive. Defaults to false
.