Purpose-based access control makes access decisions based on the purpose for which a given user or tool intends to use the data. This method of data access also provides flexibility for you to override policies and grant access to unmasked data to an individual for a very specific reason. Immuta recommends using purposes to create exceptions to global data policies.
There is some up-front work that needs to occur to make this possible.
A user with the GOVERNANCE
Immuta permission creates legitimate purposes for access to different data types unmasked. As part of creating the purposes, they may want to alter the acknowledgement statement the user must agree to when acting under that purpose.
A data owner or governor updates the masking or row-level policies to include those purposes as exceptions to the policy. For example, Mask all columns tagged PII for everyone except users acting under purpose [some legitimate purpose(s)]
.
Users create a project and connect the project to both the policy and the purpose by
adding data sources with the policies they want users to be excluded from and
adding the purposes to the project
However, that project does nothing until the purpose is approved by a user with the PROJECT_MANAGEMENT
Immuta permission.
Once that approval is complete, the user wanting the exception must acknowledge they will only use the data for that purpose.
Using the Immuta UI, the user switches to that project context. Once switched to that project, the approved exceptions occur for the user.
These exceptions can be made temporary by deleting the project once access is no longer needed or un-approving the purpose for the project after the need for access is gone.