Support limitation: This policy is only supported in Snowflake integrations.
Sample data is processed during computation of k-anonymization policies
When a k-anonymization policy is applied to a data source, the columns targeted by the policy are queried under a fingerprinting process that generates rules enforcing k-anonymity. The results of this query, which may contain data that is subject to regulatory constraints such as GDPR or HIPAA, are stored in Immuta's metadata database.
The location of the metadata database depends on your deployment:
Self-managed Immuta deployment: The metadata database is located in the server where you have your external metadata database deployed.
SaaS Immuta deployment: The metadata database is located in the AWS global segment you have chosen to deploy Immuta.
To ensure this process does not violate your organization's data localization regulations, you need to first activate this masking policy type before you can use it in your Immuta tenant. To enable k-anonymization for your account, see the k-anonymization section on the app settings how-to guide.
name: K-Anonymization Using Fingerprint on any tags
policyKey: masking kanon using fingerprint
type: data
actions:
- rules:
- type: Masking
config:
fields:
- type: anyTag
maskingConfig:
type: K-Anonymization
circumstances:
- type: anyTag
K-Anonymization (by Specifying K)
Support limitation: This policy is only supported in Snowflake integrations.
Sample data is processed during computation of k-anonymization policies
When a k-anonymization policy is applied to a data source, the columns targeted by the policy are queried under a fingerprinting process that generates rules enforcing k-anonymity. The results of this query, which may contain data that is subject to regulatory constraints such as GDPR or HIPAA, are stored in Immuta's metadata database.
The location of the metadata database depends on your deployment:
Self-managed Immuta deployment: The metadata database is located in the server where you have your external metadata database deployed.
SaaS Immuta deployment: The metadata database is located in the AWS global segment you have chosen to deploy Immuta.
To ensure this process does not violate your organization's data localization regulations, you need to first activate this masking policy type before you can use it in your Immuta tenant. To enable k-anonymization for your account, see the k-anonymization section on the app settings how-to guide.
name: K-Anonymization using kLevel
policyKey: data mask kanon specifying k
type: data
actions:
- rules:
- type: Masking
config:
fields:
- type: anyTag
maskingConfig:
type: K-Anonymization
kLevel: 5
circumstances:
- type: anyTag
Support limitation: This policy is only supported in Snowflake integrations.
Sample data is processed during computation of k-anonymization policies
When a k-anonymization policy is applied to a data source, the columns targeted by the policy are queried under a fingerprinting process that generates rules enforcing k-anonymity. The results of this query, which may contain data that is subject to regulatory constraints such as GDPR or HIPAA, are stored in Immuta's metadata database.
The location of the metadata database depends on your deployment:
Self-managed Immuta deployment: The metadata database is located in the server where you have your external metadata database deployed.
SaaS Immuta deployment: The metadata database is located in the AWS global segment you have chosen to deploy Immuta.
To ensure this process does not violate your organization's data localization regulations, you need to first activate this masking policy type before you can use it in your Immuta tenant. To enable k-anonymization for your account, see the k-anonymization section on the app settings how-to guide.
Support limitation: This policy is only supported in Snowflake integrations.
Sample data is processed during computation of randomized response policies
When a randomized response policy is applied to a data source, the columns targeted by the policy are queried under a fingerprinting process. To enforce the policy, Immuta generates and stores predicates and a list of allowed replacement values that may contain data that is subject to regulatory constraints (such as GDPR or HIPAA) in Immuta's metadata database.
The location of the metadata database depends on your deployment:
Self-managed Immuta deployment: The metadata database is located in the server where you have your external metadata database deployed.
SaaS Immuta deployment: The metadata database is located in the AWS global segment you have chosen to deploy Immuta.
To ensure this process does not violate your organization's data localization regulations, you need to first activate this masking policy type before you can use it in your Immuta tenant. To enable randomized response for your account, see the randomized response section on the app settings how-to guide.
name: Random Categorical
policyKey: data mask random response
type: data
actions:
- rules:
- type: Masking
config:
fields:
- type: allColumns
maskingConfig:
type: Randomized Response
replacementRatePercent: 10
Randomized Response (by Specifying Standard Deviation)
Support limitation: This policy is only supported in Snowflake integrations.
name: Random Numeric
policyKey: data mask random response specifying stddev
type: data
actions:
- rules:
- type: Masking
config:
fields:
- type: allColumns
maskingConfig:
type: Randomized Response
stddev: 2
clip: false
name: Minimize
policyKey: data minimize
type: data
actions:
- rules:
- type: Minimization
config:
percent: 15
circumstances:
- type: time
startDate: '2020-12-01T16:23:54.734Z'
endDate: '2020-12-31T16:23:54.745Z'
Purpose Restrictions
Any Purpose
name: Purpose
policyKey: data purpose restriction
type: data
actions:
- rules:
- type: Purpose Restriction
config:
operator: any
purposes:
- "<ANY PURPOSE>"
Purpose in Server
name: Purpose in a specific server
policyKey: data server circumstance
type: data
actions:
- rules:
- type: Purpose Restriction
config:
purposes:
- Re-identification Prohibited
circumstances:
- type: server
server: your@server.example.com:5432/tpc
Row-level Policy
By Time
name: Row Level By Time
policyKey: data row-level
type: data
actions:
- rules:
- type: Time Restriction
config:
isOlderOrNewer: newer
time: 2592000
circumstances:
- type: tags
tag: Discovered.PCI
Where User
name: Row Level Where User
policyKey: data where user
type: data
actions:
- rules:
- type: Row Restriction By User Entitlements
config:
operator: all
matches:
type: group
tag: Discovered.Entity
circumstanceOperator: ANY
circumstances:
- type: columnTags
columnTag: Discovered.Entity
Custom Where Clause
name: Row Level Where
policyKey: data custom where
type: data
actions:
- rules:
- type: Row Restriction by Custom Where Clause
config:
predicate: "@columnTagged('Discovered.Country') in ('USA', 'CANADA', 'MEXICO')"
circumstances:
- type: tags
tag: Discovered.Country
