Create a Rule with a Column Name Pattern
Note
In previous documentation, rule is referred to as classifier or identifier and framework is referred to as template.
Use case: Custom column name pattern
Scenario: You've listed Immuta's built-in pattern for sensitive data discovery, but you find there is no pattern that can automatically discover and tag columns that contain account numbers in your database. A column name pattern allows you to create your own regular expression that only checks column names. Immuta's sensitive data discovery will then find matches based on your custom pattern and tag them.
For example, if your database contains tables with social security numbers, you could define a regex pattern to match against the names of the column instead of the values within the column. The tutorial below uses this scenario to illustrate creating this rule and pattern.
Attributes of a rule with a column name pattern
Attributes of all rules are provided on the Sensitive data discovery API page. However, attributes specific to a rule with a column name pattern are outlined in the table below.
| Attribute | Description | Required |
|---|---|---|
| name | string Unique, request-friendly rule name. |
Yes |
| displayName | string Unique, human-readable rule name. |
Yes |
| description | string The rule description. |
Yes |
| type | string The type of pattern: columnNameRegex. |
Yes |
| config | object The configuration of the rule, which includes config.columnNameRegex and config.tags. |
Yes |
| config.tags | array[string] The name of the resulting tags to apply to the data source. Note: All tags must start with Discovered.. |
Yes |
| config.columnNameRegex | string A case-insensitive regular expression to match against column names. |
Yes |
Create a rule with a column name pattern
-
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.
-
Save the rule with a column name pattern payload in a .json file. The regex
^ssn|social ?security$looks for column names that matchssn,socialsecurity, orsocial security.{ "name": "SOCIAL_SECURITY_NUMBER_COLUMNS_RULE", "displayName": "Social Security Number Columns Rule", "description": "This rule is for social security numbers.", "type": "columnNameRegex", "config": { "columnNameRegex": "^ssn|social ?security$", "tags": ["Discovered.Social Security Numbers"] } } -
Create the rule using one of these methods:
Immuta CLI
immuta api sdd/classifier -X POST --input ./example-payload.jsonHTTP API
curl \ --request POST \ --header "Content-Type: application/json" \ --header "Authorization: 12345678900000" \ --data @example-payload.json \ https://your-immuta-url.immuta.com/sdd/classifier -
If the request is successful, you will receive a response that contains details about the rule.
{ "createdBy": { "id": 1, "name": "John", "email": "john@example.com" }, "name": "SOCIAL_SECURITY_NUMBER_COLUMNS_RULE", "displayName": "Social Security Number Columns Rule", "description": "This rule is for social security numbers.", "type": "columnNameRegex", "config": { "tags": [ "Discovered.Social Security Number" ], "columnNameRegex": "^ssn|social ?security$" }, "id": 2, "createdAt": "2021-10-14T18:48:56.289Z", "updatedAt": "2021-10-14T18:48:56.289Z" }
What's Next
Continue to one of the following tutorials:
- Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
- Create a framework: Although only data governors can create rules, data owners
can add rules to frameworks, which they then apply to their data sources to override
minConfidenceor tags for rules within the framework.