Sample data is processed during computation of k-anonymization policies
When a k-anonymization policy is applied to a data source, the columns targeted by the policy are queried under a fingerprinting process that generates rules enforcing k-anonymity. The results of this query, which may contain data that is subject to regulatory constraints such as GDPR or HIPAA, are stored in Immuta's metadata database.
The location of the metadata database depends on your deployment:
Self-managed Immuta deployment: The metadata database is located in the server where you have your external metadata database deployed.
SaaS Immuta deployment: The metadata database is located in the AWS global segment you have chosen to deploy Immuta.
To ensure this process does not violate your organization's data localization regulations, you need to first activate this masking policy type before you can use it in your Immuta tenant. To enable k-anonymization for your account, see the k-anonymization section on the app settings how-to guide.
name:K-Anonymization Using Fingerprint on any tagspolicyKey:masking kanon using fingerprinttype:dataactions:- rules: - type:Maskingconfig:fields: - type:anyTagmaskingConfig:type:K-Anonymizationcircumstances:- type:anyTag
K-Anonymization (by Specifying K)
Sample data is processed during computation of k-anonymization policies
When a k-anonymization policy is applied to a data source, the columns targeted by the policy are queried under a fingerprinting process that generates rules enforcing k-anonymity. The results of this query, which may contain data that is subject to regulatory constraints such as GDPR or HIPAA, are stored in Immuta's metadata database.
The location of the metadata database depends on your deployment:
Self-managed Immuta deployment: The metadata database is located in the server where you have your external metadata database deployed.
SaaS Immuta deployment: The metadata database is located in the AWS global segment you have chosen to deploy Immuta.
To ensure this process does not violate your organization's data localization regulations, you need to first activate this masking policy type before you can use it in your Immuta tenant. To enable k-anonymization for your account, see the k-anonymization section on the app settings how-to guide.
Sample data is processed during computation of k-anonymization policies
When a k-anonymization policy is applied to a data source, the columns targeted by the policy are queried under a fingerprinting process that generates rules enforcing k-anonymity. The results of this query, which may contain data that is subject to regulatory constraints such as GDPR or HIPAA, are stored in Immuta's metadata database.
The location of the metadata database depends on your deployment:
Self-managed Immuta deployment: The metadata database is located in the server where you have your external metadata database deployed.
SaaS Immuta deployment: The metadata database is located in the AWS global segment you have chosen to deploy Immuta.
To ensure this process does not violate your organization's data localization regulations, you need to first activate this masking policy type before you can use it in your Immuta tenant. To enable k-anonymization for your account, see the k-anonymization section on the app settings how-to guide.
Sample data is processed during computation of randomized response policies
When a randomized response policy is applied to a data source, the columns targeted by the policy are queried under a fingerprinting process. To enforce the policy, Immuta generates and stores predicates and a list of allowed replacement values that may contain data that is subject to regulatory constraints (such as GDPR or HIPAA) in Immuta's metadata database.
The location of the metadata database depends on your deployment:
Self-managed Immuta deployment: The metadata database is located in the server where you have your external metadata database deployed.
SaaS Immuta deployment: The metadata database is located in the AWS global segment you have chosen to deploy Immuta.
To ensure this process does not violate your organization's data localization regulations, you need to first activate this masking policy type before you can use it in your Immuta tenant. To enable randomized response for your account, see the randomized response section on the app settings how-to guide.
name:Purpose in a specific serverpolicyKey:data server circumstancetype:dataactions:- rules: - type:Purpose Restrictionconfig:purposes: - Re-identification Prohibitedcircumstances:- type:serverserver:your@server.example.com:5432/tpc
Row-level Policy
By Time
name:Row Level By TimepolicyKey:data row-leveltype:dataactions:- rules: - type:Time Restrictionconfig:isOlderOrNewer:newertime:2592000circumstances:- type:tagstag:Discovered.PCI
Where User
name:Row Level Where UserpolicyKey:data where usertype:dataactions:- rules: - type:Row Restriction By User Entitlementsconfig:operator:allmatches:type:grouptag:Discovered.EntitycircumstanceOperator:ANYcircumstances:- type:columnTagscolumnTag:Discovered.Entity
Custom Where Clause
name:Row Level WherepolicyKey:data custom wheretype:dataactions:- rules: - type:Row Restriction by Custom Where Clauseconfig:predicate:"@columnTagged('Discovered.Country') in ('USA', 'CANADA', 'MEXICO')"circumstances:- type:tagstag:Discovered.Country