> For the complete documentation index, see [llms.txt](https://documentation.immuta.com/2025.1/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://documentation.immuta.com/2025.1/configuration/integrations/integrations-overview.md). # Integrations Overview Immuta does not require users to learn a new API or language to access protected data. Instead, Immuta integrates with existing tools and data platforms while remaining invisible to downstream consumers. The table below outlines features supported by each of Immuta's data platform integrations.

	Subscription policies	Data policies	Identification	Impersonation	Query audit	Tag ingestion
Amazon Redshift	✅	✅	✅	✅	❌	❌
Amazon S3	✅	❌	✅	❌	❌	❌
Azure Synapse Analytics	✅	✅	✅	✅	❌	❌
Databricks Spark	✅	✅	✅	✅	✅	❌
Databricks Unity Catalog	✅	✅	✅	❌	✅	✅
Google BigQuery	✅	✅	✅	❌	❌	❌
Snowflake	✅	✅	✅	Supported with caveats	✅	✅
Starburst (Trino)	✅	✅	✅	✅	✅	❌

## Subscription policy support matrix The table below illustrates the subscription policy access types supported by each integration. If a data platform isn't included in the table, that integration does not support any subscription policies. For more details about read and write access policy support for these data platforms, see the [Subscription policy access types reference guide](/2025.1/governance/author-policies-for-data-access-control/authoring-policies-in-secure/section-contents/reference-guides/subscription-access-types.md).

Integration	Read access policies	Write access policies
Amazon Redshift	✅	❌ View-based integrations are read-only
Amazon S3	✅	✅
Azure Synapse Analytics	✅	❌ View-based integrations are read-only
Databricks Spark	✅	❌ Write access is controlled through workspaces and scratch paths
Databricks Unity Catalog	✅	✅
Google BigQuery	✅	❌ View-based integrations are read-only
Snowflake	✅	✅
Starburst (Trino)	✅	✅

## Data policy support matrix The table below outlines the types of data policies supported for various data platforms. If a data platform isn't included in the table, that integration does not support any data policies. For details about each of these policies, see the [Data policy types page](/2025.1/governance/author-policies-for-data-access-control/authoring-policies-in-secure/data-policies/reference-guides/data-policies.md). | | Amazon Redshift | Azure Synapse Analytics | Databricks Spark | Databricks Unity Catalog | Google BigQuery | Snowflake | Starburst (Trino) | | ----------------------------------------- | -------------------- | ----------------------- | ------------------------------------------------ | ------------------------------------------------ | -------------------- | -------------------- | -------------------- | | Reversible masking | :white\_check\_mark: | :x: | :white\_check\_mark: | :x: | :x: | :white\_check\_mark: | :white\_check\_mark: | | Conditional masking | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :x: | :white\_check\_mark: | :white\_check\_mark: | | Hashing | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Replace with NULL or constant | :white\_check\_mark: | :white\_check\_mark: | [Supported with caveats](#user-content-fn-2)[^2] | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Rounding | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Regex | :white\_check\_mark: | :x: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Format preserving masking | :x: | :x: | :x: | :x: | :x: | :white\_check\_mark: | :x: | | Randomized response | :x: | :x: | :x: | :x: | :x: | :white\_check\_mark: | :x: | | Masking fields within STRUCT columns | :x: | :x: | :white\_check\_mark: | [Supported with caveats](#user-content-fn-3)[^3] | :x: | :x: | :x: | | [Custom function](#user-content-fn-4)[^4] | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Only show data by time | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Minimize | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | WHERE clause | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Matching | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | ## Identification support matrix Identification has varied support for data sources from different technologies based on the identifier type. For details about how identification works in Immuta, see the [Data identification page](/2025.1/configuration/manage-data-metadata/data-discovery.md). | Technology | Regex | Dictionary | Column name regex | | ----------------------- | -------------------- | -------------------- | -------------------- | | Amazon Redshift | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Amazon S3 | :x: | :x: | :white\_check\_mark: | | Azure Synapse Analytics | :x: | :x: | :white\_check\_mark: | | Databricks | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Google BigQuery | :x: | :x: | :white\_check\_mark: | | Snowflake | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Starburst (Trino) | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | ## Query audit support for platform queries The table below outlines what information is included in the query audit logs for each integration where query audit is supported.

	Databricks Spark	Databricks Unity Catalog	Snowflake	Starburst (Trino)
Table and user coverage	Registered data sources and users	All tables and users	Registered data sources and users	Registered data sources and users
Object queried	✅	Limited support	✅	✅
Columns returned	❌	❌	✅	✅
Query text	✅	Limited support	✅	✅
Unauthorized information	✅	Limited support	Limited support	❌
Policy details	✅	❌	❌	❌
User's entitlements	✅	❌	❌	❌
Column tags	❌	❌	✅	✅
Table tags	❌	❌	✅	❌

**Legend**: * :white\_check\_mark: This is available and the information is included in audit logs. * :x: This is not available and the information is not included in audit logs. [^1]: Impersonation is not supported in Snowflake if [table grants](/2025.1/configuration/integrations/snowflake/reference-guides/table-grants-overview.md) or [low row access policy mode](/2025.1/configuration/integrations/snowflake/reference-guides/low-row-access-overview.md) is enabled. [^2]: On Databricks data sources, joins will not be allowed on data protected with replace with NULL or constant policies. [^3]: Databricks Unity Catalog ARRAY, MAP, or STRUCT type columns only support masking with NULL. [^4]: Poorly written functions can lead to data leaks. [^5]: For some queries, Databricks Unity Catalog does not report the target data source for the data access operation. In these cases the activity is audited, yet the audit record in Immuta will not include the target data source information. [^6]: Audit will return the `commandText` which often shows the query made. [^7]: Unauthorized queries will be audited when available. [^8]: Unauthorized information is only available when the integration has table replacements enabled. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://documentation.immuta.com/2025.1/configuration/integrations/integrations-overview.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.