Skip to content

Immuta Integrations

Immuta does not require users to learn a new API or language to access protected data. Instead, Immuta integrates with existing tools and ongoing work while remaining invisible to downstream consumers.

The following data platforms integrate with Immuta:

  • Snowflake:
  • Databricks:
    • Databricks Unity Catalog integration: This integration allows you to manage multiple Databricks workspaces through Unity Catalog while protecting your data with Immuta policies. Instead of manually creating UDFs or granting access to each table in Databricks, you can author your policies in Immuta and have Immuta manage and enforce Unity Catalog access-control policies on your data in Databricks clusters or SQL warehouse.
    • Databricks Spark integration: This integration enforces policies on Databricks tables registered as data sources in Immuta, allowing users to query policy-enforced data on Databricks clusters (including job clusters). Immuta policies are applied to the plan that Spark builds for users' queries, all executed directly against Databricks tables.
  • Google BigQuery: In this integration, Immuta generates policy-enforced views in your configured Google BigQuery dataset for tables registered as Immuta data sources.
  • Starburst:
    • Starburst v2.0 integration: The Starburst integration v2.0 allows you to access policy-protected data directly in your Starburst catalogs without rewriting queries or changing your workflows. Immuta policies are translated into Starburst rules and permissions and applied directly to tables within users’ existing catalogs.
    • Starburst legacy integration: The Starburst integration enables Immuta to apply policies directly in Starburst clusters without going through a proxy. This means users can use their existing Starburst tooling (querying, reporting, etc.) and have per-user policies dynamically applied at query time. Support for this integration has been deprecated. Use the Starburst v2.0 integration instead.
  • Redshift integration: With the Redshift integration, Immuta applies policies directly in Redshift. This allows data analysts to query their data directly in Redshift instead of going through a proxy.
  • Azure Synapse Analytics integration: The Azure Synapse Analytics integration allows Immuta to apply policies directly in Azure Synapse Analytics dedicated SQL pools without needing users to go through a proxy. Instead, users can work within their existing Synapse Studio and have per-user policies dynamically applied at query time.

Feature support

The table below outlines the features supported by each of Immuta's integrations.

Project Workspaces Tag Ingestion User Impersonation Native Query Audit Multiple Integrations
Snowflake ✅ ✅ ✅ ✅ ✅
Databricks Unity Catalog ❌ ❌ ❌ ✅ ✅
Databricks Spark ✅ ❌ ✅ ✅ ✅
Databricks SQL ❌ ❌ ❌ ❌ ✅
Google BigQuery ❌ ❌ ❌ ❌ ❌
Starburst ❌ ❌ ✅ ✅ ✅
Redshift ❌ ❌ ✅ ❌ ✅
Azure Synapse Analytics ❌ ❌ ✅ ❌ ✅

Audit support

The table below outlines the audit support by each of Immuta's integrations with UAM and what information is included in the audit logs.

Snowflake Databricks Spark Databricks Unity Catalog Starburst (Trino) Redshift Azure Synapse Analytics
Table and user coverage Registered data sources and users Registered data sources and users All tables and users ❌ ❌ ❌
Object queried ✅ ✅ 1 ❌ ❌ ❌
Columns returned ✅ ❌ ❌ ❌ ❌ ❌
Query text ✅ ✅ 2 ❌ ❌ ❌
Unauthorized information 3 ✅ 4 ❌ ❌ ❌
Policy details ❌ ✅ ❌ ❌ ❌ ❌
User's entitlements ❌ ✅ ❌ ❌ ❌ ❌
Column tags ✅ ❌ ❌ ❌ ❌ ❌
Table tags ✅ ❌ ❌ ❌ ❌ ❌

Legend:

  • ✅ This is available and the information is included in audit logs.
  • ❌ This is not available and the information is not included in audit logs.
  • There is limited availability; see the footnote for more details.

Policy support

Certain policies are unsupported or supported with caveats*, depending on the integration:

Integration Support Matrix

*Supported with Caveats:

  • On Databricks data sources, joins will not be allowed on data protected with replace with NULL or constant policies.
  • On Starburst data sources, the Immuta functions @iam and @interpolatedComparison for WHERE clause policies can block the creation of views.

For details about each of these policies, see the Policies in Immuta page.


  1. For some queries, Databricks Unity Catalog does not report the target data source for the data access operation. In these cases the activity is audited, yet the audit record in Immuta will not include the target data source information. 

  2. Audit will return the commandText which often shows the query made. 

  3. Unauthorized information is only available when the integration has table replacements enabled. 

  4. Unauthorized queries will be audited when available. 

  5. Audit will show policy details through the maskedColumns value. 

  6. Only the user's projects will be audited.