Book a demo

Short-Term Limitations

Public preview: The Marketplace app is available to select accounts. Contact your Immuta representative for details.

Marketplace is a public preview feature and has several known limitations that will be addressed by end of Q3 2025 or sooner.

Known short term limitations

No notifications

Users must visit the Marketplace to see pending requests or request status. Soon notifications will be supported for email, webhooks, Teams, and Slack.

Deleting domains from the Governance app is not handled

Deleting domains in the Governance app can cause errors in Marketplace.

Always required subscription policies will revoke access

The default setting for Immuta Allow users with specific groups/attributes subscription policies is Always Required which is how subscription policy merging behavior is defined. When the Always Required option is selected (the default) and merged with other subscription policies, they are ANDed together. If Share Responsibility is selected, they are ORed together.

This is problematic for Marketplace because the policy that does the provisioning via Marketplace upon approval is merged with any existing subscription policies on the data sources in the data product. That means if your subscription policy is Always Required it will merge with the Marketplace policy using an AND and revoke all existing users access until they are approved through the Marketplace.

To avoid this, if you are not leveraging subscription policy merging today, convert your Allow users with specific groups/attributes subscription policies that touch data sources in your data products from Always Required to Share Responsibility.

Soon Immuta will alter this behavior in a way that allows you to keep using Always Required as normal, but not result in existing users losing access.

Some obsolete subscription policies and their settings still exist

  • Subscription policy type Allow anyone who asks (and is approved) is still available, but is obsolete, because you should be doing this in Marketplace instead. If you have some of these policies, we recommend the following:

    • Convert the data sources the policy targets to a data product.

    • Publish the new data products in Marketplace to allow users to ask for access.

    • Delete the previous Allow anyone who asks (and is approved) subscription policy.

  • Subscription policy type Allow users with specific groups/attributes should still be used, but some of the settings are unnecessary with Marketplace:

    • Require Manual Subscription: If you are using this setting, instead use the following workaround:

      • Create a separate subscription policy that targets the same data sources:

        • The Allow users with specific groups/attributes requires you are in a group that contains no users (meaning it subscribes no one)

        • It is set to Share Responsibility

      • Uncheck the Require Manual Subscription option in the existing policy

      • Ensure all data sources this policy targets are published in the Marketplace in data products

      Once you complete those steps, the shorthand version of your merged policy per data source will look like this, achieving the same goal: allow users to subscribe who are members of group [your original requirement] AND (are members of group [nobody] OR approved in Marketplace). Soon Immuta will make it easier to set a "required" subscription policy that does not auto-subscribe until access is requested (and potentially auto-approved) in Marketplace.

    • Allow Data Source Discovery: Instead of this setting, simply publish the data source to the Marketplace in a data product.

    • Request Approval to Access: Instead of this setting, consider converting the data sources these policies target to data products in the Marketplace, and allow the approvals to happen there.

Soon these obsolete subscription settings will be altered or deprecated.

Reports in the Governance app don't reflect Marketplace approval

The following reports in the Governance app are impacted:

  • What users and groups are subscribed to this data source?

  • What data sources is this user subscribed to?

  • What data sources are users subscribed to?

Each of these reports has an Approvers column; however it does not represent Marketplace app approvals. It is only for the subscription policy Allow anyone who asks (and is approved) in the Governance app. Do not rely on the Approvers column in these reports for investigating Marketplace approvals. Instead, view the access requests page in the Marketplace app.

This limitation does not impact the user subscribed to the data sources, which is accurate in this report.

Limited audit

Marketplace actions are not audited yet; that is coming soon.

PreviousData Source Access StatusNextIntroduction

Last updated

Was this helpful?