Deployment Notes

February, 2025

February 18

• Marketplace API support: All Marketplace functionality is now available to customers through the Marketplace API.

• New built-in patterns: Two new built-in identifiers are available to all customers using sensitive data discovery:

  • SEC_STOCK_TICKER: This new pattern detects strings consistent with stock tickers recognized by the U.S. Securities and Exchange Commission (SEC).

  • FINANCIAL_INSTITUTIONS: This new pattern detects strings consistent with the official and alternate names of financial institutions from lists by the FDIC and OCC.

  Add these identifiers to your frameworks to start detecting and automatically tagging this data.

February 4

@hasTagAsAttribute() and @hasTagAsGroup() functions for subscription policies in general availability: These functions provide a way to dynamically grant and revoke access to users by doing an exact match comparison between their user information (attribute or group membership) and the tags applied on data sources or its columns.

Ultimately, these functions can combine the complexity of multiple roles or rules into a single policy that dynamically assigns access based on users’ attributes or group membership. This results in fewer policies to manage overall and a more streamlined approach to data access management, especially for the most complex use cases.

January, 2025

January 30

Data policy support for foreign tables in Databricks Unity Catalog: Users can apply subscription and data policies to foreign tables in Databricks Unity Catalog.

January 28

Changing the default value for Default Subscription Merge Options (in app settings): Based on customer insights, Immuta has changed the default behavior of how multiple global subscription policies that apply to a single data source are merged.

Prior to this change, the global default had been that users must meet all the conditions outlined in each policy to get access. Now, the global default is that users must only meet the conditions of one policy to get access. This behavior can be configured on the app settings page.

January 23

Support for masking complex columns as NULL in Databricks Unity Catalog: Users can mask the entire column of STRUCT, MAP, and ARRAY column types in Databricks Unity Catalog as NULL.

January 16

• Streamlined Databricks user management with improved handling of external IDs: The default behavior going forward will be that users' external Databricks IDs will be updated to None if Immuta attempts to update these users' Databricks access and Databricks returns a response dictating the targeted principal(s) do not exist. This can be the case if a user is created in Immuta before that user is created in Databricks. Marking external Databricks IDs as NONE will enable Immuta to skip future attempts to update those users' access. This streamlines the tasks that Immuta must process and avoids superfluous errors.

  Databricks external IDs can be updated as needed manually, either through the user profile or by setting this property to <NO IDENTITY> in the external IAM configuration.

• Identifiers in domains: Identifiers can be segregated by domain now to manage which identifiers should run on which data sources. Additionally, you can delegate the management of identifiers to specific users by granting them the Manage Identifiers domain permission.

  Once generally available, this functionality will replace identification frameworks.