Marketplace Permissions Matrix

Anything a Data Steward can do -> a Data Product Manager can do; anything a Data Product Manager can do -> a user with GOVERNANCE permission can do. However, both the Data Product Manager and GOVERNANCE users must be assigned as a Data Steward in order to approve or deny an access request.

Data stewards

Data product manager

Users with the GOVERNANCE permission

Can act in each data product they are assigned to

Can act in the domain they have the Manage Data Products permission in

Can act across all of Immuta, regardless of domain

And the scope of their permissions grow as you move up the layers:

See the table below for the full breakdown of what Marketplace actions require which Immuta permissions:

Action

GOVERNANCE

Manage Data Products

Data steward

USER_ADMIN

APPLICATION_ADMIN

None

Create a domain

Yes

Grant Manage Data Products in a domain

Yes

Manage a data product

Yes

Make access request determinations

Yes

Alter a data product

Yes

Yes (partial)

Create a request form

Yes

Create an access request

Yes

Revoke a member from a data product

Yes

Revoke a masking exception

Yes

Configure webhooks

Yes

Customize the Marketplace app

Yes

Install Immuta Slack app

Yes

Enable Slack and email notifications

Yes, all users

Yes, self

PreviousData Products NextSetting Up Domains for Marketplace

Last updated 1 day ago

Was this helpful?