> For the complete documentation index, see [llms.txt](https://documentation.immuta.com/2024.3/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://documentation.immuta.com/2024.3/developer-guides/the-immuta-cli/manage-sensitive-data-discovery/classifiers.md).
# Manage Sensitive Data Discovery Rules
## Prerequisite
[Sensitive data discovery must be enabled](/2024.3/discover-your-data/data-discovery/how-to-guides/enable-sdd.md).
## Command overview: `immuta sdd classifier`
This command allows you to manage identifiers that will apply tags to data that matches the criteria you specify during SDD. The table below illustrates subcommands and arguments.
| Subcommands | Aliases | Description |
| ------------------------------------------------------------------ | ------------ | ----------------------------- |
| [`create`](#create-an-identifier) | `save` | Create an identifier. |
| [`delete`](#delete-an-identifier) | None | Delete the passed identifier. |
| [`get`](#get-an-identifier) | None | Get an identifier. |
| [`search`](#search-identifiers) | `ls`, `list` | Search all identifiers. |
| [`update`](#update-an-identifier) | None | Update an identifier. |
### Options
Use these options to get more details about the `sdd classifier` command or any of its subcommands:
* `-h`
* `--help`
```bash
$ immuta sdd classifier -h
Manage Sensitive Data Discovery Classifiers
Usage:
immuta sdd classifier [command]
Available Commands:
create Create an SDD classifier
delete Delete the passed SDD classifier
get Get an SDD classifier
search Search all classifiers
update Update an SDD classifier
Flags:
-h, --help Help for classifier
Global Flags:
--config string Config file (default $HOME/.immutacfg.yaml)
-p, --profile string Specifies the profile for what instance/api the cli will use (default "default")
Use "immuta sdd classifier [command] --help" for more information about a command.
```
## Create an identifier
1. Save your identifier to a valid YAML or JSON file using these attributes.
| Attribute | Description | Required |
| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- |
| **name** | `string` Unique, request-friendly identifier name. | **Yes** |
| **displayName** | `string` Unique, human-readable identifier name. | **Yes** |
| **description** | `string` The identifier description. | **Yes** |
| **type** | `string` The type of criteria: `regex`, `dictionary`, `columnNameRegex`, or `builtIn`. | **Yes** |
| **config** | `object` The configuration of the identifier, which may include `config.values`, `config.caseSensitive`, `config.regex`, `config.columnNameRegex`, and `config.tags`. | **Yes** |
| config.**tags** | `array[string]` The name of the tags to apply to the data source. | **Yes** |
| config.**regex** | `string` A case-insensitive regular expression to match against column values. | No |
| config.**columnNameRegex** | `string` A case-insensitive regular expression to match against column names. | No |
| config.**values** | `array[string]` The list of words to include in the dictionary. | No |
| config.**caseSensitive** | `boolean` Indicates whether or not `values` are case sensitive. **Defaults to `false`.** | No |
*Examples are provided below.*
2. Run `immuta sdd classifier create [flags]`, referencing the file you just created. The options you can specify include
* `-h` or `--help`: Get more information about the command.
* `-o` or `--output json | yaml`: Specify the output format.
* `--outputTemplate string`: Format the response using a Go template.
{% tabs %}
{% tab title="Regex identifier" %}
```json
{
"name": "MY_REGEX_IDENTIFIER",
"displayName": "My Regex Identifier",
"description": "A regex identifier",
"type": "regex",
"config": {
"regex": "^[A-Z][a-z]+",
"tags": ["Discovered.regex-example"]
}
}
```
{% endtab %}
{% tab title="Dictionary identifier" %}
```json
{
"name": "MY_DICTIONARY_IDENTIFIER",
"displayName": "My Dictionary Identifier",
"description": "A dictionary identifier",
"type": "dictionary",
"config": {
"values": ["Bob", "Eve"],
"caseSensitive": true,
"tags": ["Discovered.dictionary-example", "Discovered.dictionary-example"]
}
}
```
{% endtab %}
{% tab title="Column name regex identifier" %}
```json
{
"name": "MY_COLUMN_NAME_REGEX_IDENTIFIER",
"displayName": "My Column Name Regex Identifier",
"description": "A column name regex identifier",
"type": "columnNameRegex",
"config": {
"columnNameRegex": "ssn|social ?security",
"tags": ["Discovered.column-name-regex-example"]
}
}
```
{% endtab %}
{% endtabs %}
### Example
```bash
$ immuta sdd classifier create ./account-classifier.json
Creating classifier from ./account-classifier...
Create successful.
```
## Get an identifier
Run `immuta sdd classifier get [flags]`, specifying the name of the identifier you would like to get. Options you can specify include
* `-h` or `--help`: Get more information about the command.
* `-o` or `--output json | yaml`: Specify the output format.
* `--outputTemplate string`: Format the response using a Go template.
### Example
The example below illustrates a user getting an identifier called ACCOUNT\_NUMBER\_IDENTIFIER.
```bash
$ immuta sdd classifier get ACCOUNT_NUMBER_IDENTIFIER
Getting classifier ACCOUNT_NUMBER_IDENTIFIER...
{
"createdBy": {
"id": 1,
"name": "Example User",
"email": "user@example.com"
},
"name": "ACCOUNT_NUMBER_IDENTIFIER",
"displayName": "Account Number Identifier",
"description": "This identifier recognizes account numbers using a regex critiera",
"type": "regex",
"config": {
"tags": [
"Discovered.account-number"
],
"regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$"
},
"id": 69,
"createdAt": "2022-03-28T14:52:14.004Z",
"updatedAt": "2022-03-28T14:52:14.004Z"
}
```
## Search identifiers
Run `immuta sdd classifier search [string] [flags]` to list all identifiers or search identifiers by name. Options you can specify include
* `-h`, `--help`: Help for search.
* `--limit int` The search limit for pagination (default 25).
* `--offset int`: The search offset for pagination.
* `--order asc | desc`: The sort order.
* `-o`, `--output json | yaml`: The output format.
* `--outputTemplate string`: Format the response using a Go template.
* `-s`, `--sort id | name | displayName | type | createdAt | updatedAt`: Field to sort by.
* `--type regex | columnNameRegex | dictionary | builtIn`: Limit results to the specified criteria type.
### Example
The example below illustrates a user searching all identifiers containing `account`.
```bash
$ immuta sdd classifier search account
Searching all classifiers...
ACCOUNT_NUMBER_IDENTIFIER This identifier recognizes account numbers using a regex criteria.
```
## Update an identifier
1. Update your identifier in a valid YAML or JSON file using these attributes:
| Attribute | Description | Required |
| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- |
| **name** | `string` Unique, request-friendly identifier name. | **Yes** |
| **displayName** | `string` Unique, human-readable identifier name. | **Yes** |
| **description** | `string` The identifier description. | **Yes** |
| **type** | `string` The type of criteria: `regex`, `dictionary`, `columnNameRegex`, or `builtIn`. | **Yes** |
| **config** | `object` The configuration of the identifier, which may include `config.values`, `config.caseSensitive`, `config.regex`, `config.columnNameRegex`, and `config.tags`. | **Yes** |
| config.**tags** | `array[string]` The name of the tags to apply to the data source. | **Yes** |
| config.**regex** | `string` A case-insensitive regular expression to match against column values. | No |
| config.**columnNameRegex** | `string` A case-insensitive regular expression to match against column names. | No |
| config.**values** | `array[string]` The list of words to include in the dictionary. | No |
| config.**caseSensitive** | `boolean` Indicates whether or not `values` are case sensitive. **Defaults to `false`.** | No |
2. Run `immuta sdd classifier update [flags]`, referencing the file you just updated. The options you can specify include
* `-h` or `--help`: Get more information about the command.
* `-o` or `--output json | yaml`: Specify the output format.
* `--outputTemplate string`: Format the response using a Go template.
### Example
The example below illustrates a user updating an identifier named ACCOUNT\_NUMBER\_IDENTIFIER.
```bash
$ immuta sdd classifier update ACCOUNT_NUMBER_IDENTIFIER ./account-classifier -o json
{
"createdBy": {
"id": 1,
"name": "Example User",
"email": "user@example.com"
},
"name": "ACCOUNT_NUMBER_IDENTIFIER",
"displayName": "Account Number Identifier",
"description": "This identifier recognizes account numbers using a regex criteria.",
"type": "regex",
"config": {
"tags": [
"Discovered.account-number"
],
"regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$"
},
"id": 69,
"createdAt": "2022-03-28T14:52:14.004Z",
"updatedAt": "2022-03-28T15:25:28.575Z"
}
```
## Delete an identifier
Run `immuta sdd classifier delete [flags]` to delete the identifier. The options you can specify include
* `-h` or `--help`: Get more information about the command.
* `-o` or `--output json | yaml`: Specify the output format.
* `--outputTemplate string`: Format the response using a Go template.
### Example
```bash
$ immuta sdd classifier delete ACCOUNT_NUMBER_IDENTIFIER -o json
{
"createdBy": {
"id": 1,
"name": "Example User",
"email": "user@example.com"
},
"name": "ACCOUNT_NUMBER_IDENTIFIER",
"displayName": "Account Number Identifier",
"description": "This identifier recognizes account numbers using a regex criteria.",
"type": "regex",
"config": {
"tags": [
"Discovered.account-number"
],
"regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$"
},
"id": 69,
"createdAt": "2022-03-28T14:52:14.004Z",
"updatedAt": "2022-03-28T15:25:28.575Z"
}
```
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://documentation.immuta.com/2024.3/developer-guides/the-immuta-cli/manage-sensitive-data-discovery/classifiers.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.