Your outgoing and incoming requests for data source access are consolidated on the requests tab on your user profile page. Similar to notifications, a red dot also displays on the request icon whenever you have pending requests. The sections below guide you through managing these requests.
Navigate to your Profile page, and then click the Requests tab. The names of the users who have submitted requests are displayed in the left pane. Once a user is selected, the corresponding pending requests are displayed on the right.
To view more information about the request, click the Details button in the Actions column of a request.
Click the Approve or Deny button in the Actions column of the request.
To approve or deny multiple access requests simultaneously,
Navigate to your Profile page, and then click the Requests tab.
Select the checkbox next to each request you want to address, and then click the Approve Selected or Deny Selected button.
If users make an unmask request, a tasks tab will appear for the data source listing the target and requesting users, the task type, and the state of the task. From this tab, users can view and manage two different task views:
Your Created Tasks: This page lists the status and information of the unmask requests you've submitted.
Tasks For You: This page lists the status and information of the unmask requests that have been submitted to you.
To complete a task,
Navigate to the Tasks tab from the Data Source Overview page, and then click the toggle at the top of the page to Tasks For You.
Click the Unmask Values icon in the Actions column of the task.
A dialog box will appear with the masked and unmasked value. Note: You can view information about this request, including the reason for the request and the date is was created, by clicking the Task Info
To delete a task,
Navigate to the Tasks tab from the Data Source Overview page, and then click the toggle at the top of the page to Tasks For You.
Click Delete Task in the Actions column of the relevant task.
For information about data sources see the .
In addition to managing data source requests as outlined above, data owners can manage data source
The data dictionary provides information about the columns within the data source, including column names and value types.
As a data owner, you can manage data dictionary descriptions and column tags. For other guides related to the data dictionary, see the Related guides section.
Navigate to the Data Dictionary tab.
To add or edit column descriptions, click the menu icon in the Actions column next to the entry you want to change and select Edit.
Complete the fields in the form that appears, and then click Save.
For information about the data dictionary, see the .
In addition to managing data dictionary descriptions as outlined above, data owners or experts can also manage .
In addition to creating and managing data sources, data owners can add and manage data source members manually. While this is supported, it is not recommended and instead it is much more scalable to manage user access through
For other guides related to data source members and management, see the .
Click Add Members and enter the group name or username.
Select their Role:
Subscriber: The role can have read or write access to the table. This role is only available if there are read access policies on the data source.
Owner: The role can manage data source members and policies and have read or write access to the table.
Expert: The role can manage the data dictionary descriptions and have read or write access to the table. This role is only available if there are on the data source.
You can also opt to for when the user’s access should expire.
Select Read or Write from the Access Grant dropdown. This option is only available if write policies have been enabled.
Click Add.
Navigate to the data sources list page.
Select the data sources you want to add users to by clicking the checkbox next to the data source.
Select Add Users.
In the modal, type the user name or group name and select the user or group you want to add from the dropdown menu.
Opt to set an Expiration for the users' subscriptions. Additionally, you can change the role from Subscriber to Expert or Owner for the users or groups using the dropdown menu in the Role column.
Click Add. All users and groups will be added to the data sources you selected.
As a data owner, you can limit the amount of time a user or group has access to your data source by setting an access expiration date.
Navigate to the Members tab.
Adjust the number of days under the Expires column for the user/group whose access you want to limit (the limit is counting from today, so users/groups with 0 days left means their access will be revoked by the end of today and users with 1 day left means their access will be revoked by the end of tomorrow).
Save your changes.
To remove the limit (or set the limit to Never), delete the number from the field and save your changes.
Navigate to the Members tab.
Click the drop-down arrow under the Role column next to the user/group whose role you’d like to change.
Select another role (subscribed, expert, owner or ingest user, if applicable).
Notifications about the change will be sent to the affected users and groups (as well as alternative Owners).
Navigate to the Members tab.
Click the Name of the user or group whose history you want to review.
As a data owner, you can deny access to any users or groups at any time.
Navigate to the Members tab.
To remove a user or group from a data source, click Deny in the Actions column next to the user or group you want to remove.
Complete the Deny Access form, including a reason for revoking the access.
This action will immediately update users' or groups' subscription status, and they will no longer have any access to the data source. Notifications will be sent to the affected users (as well as alternative data owners) informing them of the change in subscription status.
For information about data source members and subscriptions, see the data source user roles section.
In addition to adding and managing data source members as outlined above, data owners can manage data source
If you want to disable the metadata collection that requires sampling data, you must
These steps will ensure that Immuta queries no data, under any circumstances. Without this sample data, some Immuta features will be unavailable. Sensitive data discovery (SDD) cannot be used to automatically detect sensitive data in your data sources, and the following masking policies will not work:
Masking with format preserving masking
Masking with k-anonymization
Masking using randomized response
To stop Immuta from running fingerprints on all data sources,
Navigate to the App Settings page, and scroll to the Advanced Configuration section.
Enter the following YAML:
Click Save.
To stop Immuta from running data source health checks on all data sources,
Navigate to the App Settings page, and scroll to the Advanced Configuration section.
Enter the following YAML:
Click Save.
Tag each data source with the seeded Skip Stats Job tag to stop Immuta from collecting a sample and running table stats on the sample. You can tag data sources as you create them in the UI or .
Note that data sources automatically skip the stats job upon registration, without the Skip Stats Job tag, as long as there are no active policies requiring them. The following policies require stats:
Column masking with randomized response
Column masking with format preserving masking
Column masking with k-anonymization
Column masking with rounding
Column masking with reversibility
Row minimization
fingerprints:
uri: null
classification:
enabled: falseplugins:
snowflakeHandler:
config:
healthCheckQuery: null
redshiftHandler:
config:
healthCheckQuery: null
trinoHandler:
config:
healthCheckQuery: null
databricksHandler:
config:
healthCheckQuery: null
asaHandler:
config:
healthCheckQuery: nullClick the more actions icon in the upper right corner of the page and select Edit.
Change your settings in the data source workflow.
Note: Some settings cannot be changed once the data source has been created. In these cases, simply create a new data source with the new settings.
When completed, navigate to the end of the workflow and click Save.
Note: Some data sources may require the data owner to reconnect to the remote database before any changes to the data source can be saved.
For information on specific settings, see the Create a data source guide.
Data owners can bulk edit data sources.
Navigate to the data sources list page.
Select the checkboxes for the data sources you want to edit. Note that when editing a connection string using bulk edit, all data sources from that connection must be selected.
Select the action you want or click More Actions for additional options.
Confirm your edits by following the prompts in the modals that appear.
Disabling a data source hides it and its data from all users except the data owner. While in this state, the data source will display as disabled in the console for the data owner and other users will not be able to see it at all.
Navigate to the Overview tab.
Click on the more actions icon in the upper right corner and select Disable.
A label will appear next to the data source indicating it is now disabled, and a notification will be sent to all users of the data source informing them that the data source has been disabled.
Disabled data sources and Immuta policies
By default, Immuta blocks access to data sources when they are disabled. To prevent Immuta from doing so, add the following snippet to the Advanced Settings section on the app settings page:
featureFlags:
noLockdownOnDisable: trueOnce this feature flag is set to true, disabling a data source for one of the integrations below removes Immuta subscription and data policies from that data source; policies will not be applied until the data source is re-enabled:
Azure Synapse Analytics
Databricks Unity Catalog
Google BigQuery
Redshift
Snowflake
Navigate to the Overview tab.
Click on the more actions icon in the upper right corner and select Enable.
A notification will be sent out to all users of the data source informing them that the data source has been enabled.
Databricks Unity Catalog behavior
If you enable a data source and it has no subscription policy set on it, Immuta will REVOKE access to the data in Databricks for all Immuta users, even if they had been directly granted access to the table in Unity Catalog.
If you disable a Unity Catalog data source in Immuta, all existing grants and policies on that object will be removed in Databricks for all Immuta users. All existing grants and policies will be removed, regardless of whether they were set in Immuta or in Unity Catalog directly.
If a user is not registered in Immuta, Immuta will have no effect on that user's access to data in Unity Catalog. See the for more details.
Deleting a data source permanently removes it from Immuta. Data sources must first be disabled before they can be deleted.
Navigate to the Overview tab and click the more actions icon and select Delete.
Confirm that the data source should be deleted by clicking Delete.
A notification will be sent out to all users of the data source informing them that the data source has been deleted.
For information about data sources and policies, see the following guides:
In addition to adding and managing data source settings as outlined above, data owners can manage data source