Chapter 2 - Writing Global Policies for Compliance
Once Immuta is configured, tags are imported, and users’ groups and attributes are set, you are ready to write Global Policies to protect data. When used with Sensitive Data Discovery and Discovered tags, these policies are enforced on data sources as they are created.
For example, if an organization's compliance requirements state that access to personal information is restricted to users within the corresponding country or geographic region, they could write a Global Policy in Immuta that enforces that requirement before users have begun connecting data:
Immuta Best Practices: Writing Global Policies
Best Practices: Writing Global Policies
The best practices outlined below will also appear in callouts within relevant tutorials.
- Use Schema Monitoring to assess changes to data sources.
- Activate the New Column Added templated Global Policy to protect potentially sensitive data before Data Owners can review new columns that have been added.
- Write Global Policies using Discovered tags and attributes before connecting data.
- Use Global Policies instead of Local Policies to manage data access.
- It is important to remember that, in most cases, the goal is to share as much data as possible while still being compliant with privacy regulations. Immuta recommends a scale of wide subscription policies and specific data policies to give as much access as possible.
- Use the minimum amount of policies possible to achieve the data privacy needed.
Chapter 2 Use Case Scenario
Use cases are presented throughout this chapter in a call-out to illustrate specific policies. The solutions presented can be adjusted to meet your needs.
These guides contextualize a topic.
- Data Policies
- Subscription Policies
- Custom WHERE Clause Functions
- External Masking Interface (Deprecated)
These guides illustrate how to solve a specific problem or achieve a specific goal.
- Write a Global Subscription Policy
- Write a Global Masking Policy
- Write a Row Redaction Policy
- Write a Purpose-Based Restriction Policy
- Clone, Activate, or Stage a Global Policy
Advanced How-To Guides: