Attributes and Groups in Immuta

Attributes

Attributes can be added to individual users or groups and then included in data policies and subscription policies to restrict what data users can see. Attributes can be created by a user with the USER_ADMIN permission in the Immuta UI or mapped in from an external IAM. Attributes can be added to groups created in Immuta or ingested from an external IAM.

Attributes can be viewed on the attributes tab in the Immuta UI; however, they only exist in relation to users or groups. Once an attribute is no longer attached to any user or group, it will be automatically cleared from Immuta.

To learn how to add attributes to a user or group, navigate to the tutorial.

Audit

The following attribute-related events are audited and can be found on the audit page in the UI:

• AttributeApplied: An attribute is applied to a user or group.

• AttributeRemoved: An attribute is removed from a user or group.

Groups

Individual users are added into groups, and then groups are used in data policies and subscription policies to restrict what data users in each group can see. Groups are also used in assigning members to projects. Users can belong to any number of groups and can be added or removed from groups at any time.

To learn how to create a group, navigate to the tutorial.

Audit

The following group-related events are audited and can be found on the audit page in the UI:

• GroupCreated: A group is created in Immuta by user actions in the UI or ingested from an external IAM.

• GroupDeleted: A group is deleted in Immuta by user actions in the UI or from within an external IAM.

• GroupMemberAdded: A user is added to a group in Immuta by user actions in the UI or from within an external IAM.

• GroupMemberRemoved: A user is removed from a group in Immuta by user actions in the UI or from within an external IAM.

• GroupUpdated: A group's details (email, name, description, etc.) are updated.