search
Book a demo

Author Policy How-to Guide

1 - Manage user metadata how-to guide

2 - Manage data metadata how-to guide

3 - Author policy how-to guide

Authoring global data policies to automate access controls involves using the data metadata and user metadata in Immuta to identify the data that should be governed and the users the policy should target.

This how-to guide demonstrates how to author a global data policy in Immuta to automate access decisions.

For detailed explanations and examples of how to author data policies, see the Author policy guide.

hashtag
Requirements

Immuta permission: GOVERNANCE global permission, Manage Policies domain permission, or own the data source

hashtag
Prerequisites

hashtag
Understand your metadata

How you author policies is dictated by how your user and data metadata is organized to grant access. For this use case, the fact-based (ABAC) method is recommended. Organizations using this method use many variables to determine access, and data sources are tagged at the column and table level.

hashtag
Author a data policy

chevron-rightMasking policyhashtag

  1. Determine what tags are applied to sensitive columns.

  2. Determine what users are allowed to see that data (if any).

  3. Build a masking policy that leverages that tag to target specific columns. An example is provided below.

Example

This policy will mask the values in all columns with the tag Strictly Confidential for users who are not in both the Employees group and the HR group.

Mask columns tagged Strictly Confidential except for users who are a member of group Employees AND HR on all data sources.

chevron-rightRow-level policyhashtag

  1. Determine what tags are applied to sensitive columns.

  2. Determine what users are allowed to see that data (if any).

  3. Build a row-level policy that leverages that tag to redact rows for users. An example is provided below.

Example

This policy will only show rows to users that contain a value in the column Country that matches the value of their Location attribute key:

Only show rows where user possesses an attribute in Location that matches the value in the column Country for everyone on all data sources.

hashtag
Next steps

Learn

Explore this use case to learn more about using Immuta to automate data access control decisions.

Automate data access control decisions: This section focuses on how to use Immuta to automate decisions that determine whether users should have access to data objects.

Implement

Follow these guides to test your policies and use Immuta to enforce fine-grained access controls.

  1. Optionally test and deploy policy.

  2. Author a subscription policy.

PreviousAuthor PolicyNextTest and Deploy Policy

Last updated

Was this helpful?