Skip to content

Create a Rule with a Column Name Pattern


In previous documentation, rule is referred to as classifier or identifier and framework is referred to as template.

Use case: Custom column name pattern

Scenario: You've listed Immuta's built-in pattern for sensitive data discovery, but you find there is no pattern that can automatically discover and tag columns that contain account numbers in your database. A column name pattern allows you to create your own regular expression that only checks column names. Immuta's sensitive data discovery will then find matches based on your custom pattern and tag them.

For example, if your database contains tables with social security numbers, you could define a regex pattern to match against the names of the column instead of the values within the column. The tutorial below uses this scenario to illustrate creating this rule and pattern.

Attributes of a rule with a column name pattern

Attributes of all rules are provided on the Sensitive data discovery API page. However, attributes specific to a rule with a column name pattern are outlined in the table below.

Attribute Description Required
name string Unique, request-friendly rule name. Yes
displayName string Unique, human-readable rule name. Yes
description string The rule description. Yes
type string The type of pattern: columnNameRegex. Yes
config object The configuration of the rule, which includes config.columnNameRegex and config.tags. Yes
config.tags array[string] The name of the resulting tags to apply to the data source. Note: All tags must start with Discovered.. Yes
config.columnNameRegex string A case-insensitive regular expression to match against column names. Yes

Create a rule with a column name pattern

  1. Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.

  2. Save the rule with a column name pattern payload in a .json file. The regex ^ssn|social ?security$ looks for column names that match ssn, socialsecurity, or social security.

      "displayName": "Social Security Number Columns Rule",
      "description": "This rule is for social security numbers.",
      "type": "columnNameRegex",
      "config": {
        "columnNameRegex": "^ssn|social ?security$",
        "tags": ["Discovered.Social Security Numbers"]
  3. Create the rule using one of these methods:

    Immuta CLI

    immuta api sdd/classifier -X POST --input ./example-payload.json


    curl \
        --request POST \
        --header "Content-Type: application/json" \
        --header "Authorization: 12345678900000" \
        --data @example-payload.json \
  4. If the request is successful, you will receive a response that contains details about the rule.

      "createdBy": {
        "id": 1,
        "name": "John",
        "email": ""
      "displayName": "Social Security Number Columns Rule",
      "description": "This rule is for social security numbers.",
      "type": "columnNameRegex",
      "config": {
        "tags": [
          "Discovered.Social Security Number"
        "columnNameRegex": "^ssn|social ?security$"
      "id": 2,
      "createdAt": "2021-10-14T18:48:56.289Z",
      "updatedAt": "2021-10-14T18:48:56.289Z"

What's Next

Continue to one of the following tutorials:

  • Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
  • Create a framework: Although only data governors can create rules, data owners can add rules to frameworks, which they then apply to their data sources to override minConfidence or tags for rules within the framework.