Customize and Manage Sensitive Data Discovery
In previous documentation, rule is referred to as classifier or identifier and framework is referred to as template.
This command allows you to customize and run SDD in your instance of Immuta. The table below illustrates subcommands and arguments.
|Manage SDD rules.
|Run SDD on specific data sources or all data sources.
|Manage SDD frameworks.
Use these options to get more details about the
sdd command or any of its subcommands:
$ immuta sdd -h
Manage Sensitive Data Discovery
immuta sdd [command]
classifier Manage Sensitive Data Discovery Classifiers
run Run Sensitive Data Discovery with provided options
template Manage Sensitive Data Discovery Templates
-h, --help Help for sdd
--config string Config file (default $HOME/.immutacfg.yaml)
-p, --profile string Specifies the profile for what instance/api the cli will use (default "default")
Use "immuta sdd [command] --help" for more information about a command.
Two common workflows for using SDD are outlined below. The first illustrates how to apply a global framework to all data sources, while the second outlines how users can create and apply frameworks to data sources they own.
The tutorials linked below show how to use the CLI to complete this workflow. For an overview of how sensitive data discovery works, see this overview.
Workflow 1: Apply the global framework to all data sources
- Data governor creates a framework using one or more rules.
- System administrator adds this framework as the global framework so that it applies to all data sources.
- Users trigger SDD on data sources.
Workflow 2: Apply a framework to a specific data source
- Data governor creates one or more rules with patterns.
- Data owner creates a framework containing one or more rules.
- Data owner triggers SDD on one or more data sources and resulting tags are applied to columns where criteria were met and patterns were recognized.