Permissions Matrix

Permissions in the Request app scale, so that you can give users as little, or as much, power as they should have in Immuta.

Anything a data steward can do a data product manager can do.
Anything a data product manager can do a user with GOVERNANCE permission can do.

However, both data product managers and GOVERNANCE users must be assigned as a data steward in order to approve or deny an access request.

Data stewards

Data product manager

Users with the GOVERNANCE permission

Can act in each data product their request form is assigned to

Can act in the domain they have the Manage Data Products permission in

Can act across all of Immuta, regardless of domain

Permissions

See the table below for the full breakdown of what actions require which Immuta permissions:

Action

GOVERNANCE

Manage Data Products

Data steward

USER_ADMIN

APPLICATION_ADMIN

None

Create a domain

Yes

Grant Manage Data Products in a domain

Yes

Manage a data product

Yes

Make access request determinations

Yes

Alter a data product

Yes

Yes (partial)

Create a request form

Yes

Edit a request form

Yes

Yes (if assigned)

Attach a request form to an asset

Yes

Attach a request form to a data product

Yes

Yes (if owner)

Attach a data steward to an asset

Yes

Create an access request

Yes

Revoke a member from a data product

Yes

Revoke a masking exception

Yes

Configure webhooks

Yes

Customize the Request app

Yes

Install Immuta Slack app

Yes

Enable Slack and email notifications

Yes, all users

Yes, self

PreviousUser Types NextWalkthrough

Last updated 1 hour ago

Was this helpful?

hashtagPermissions

Permissions