Requirement: Immuta permission GOVERNANCE
To activate a classification framework,
Click Metadata in the navigation menu and select Classifications.
Click the more actions icon in the Actions column for the framework you want to activate.
Select Activate.
Click Metadata in the navigation menu and select Classifications.
Click the more actions icon in the Actions column for the framework you want to activate.
Select Deactivate.
To activate a framework using the Immuta API, see the .
After you have registered data sources in Immuta, you can start automating data classification of a column based on its context, which is the combination of
associated tags already applied to the column
tags applied to the neighboring columns and
table tags on the data source.
The starter framework in this how-to is built to map a classification scale of restricted, confidential, internal, and public to Immuta's three-level scale of sensitivity. The sensitivity in the classification tags will then appear in .
Follow this guide to map your tags to the example framework, or consult the for more information about the framework schema.
Using the example framework below, customize the framework for your organization's classification tags:
For more information about these parameters see the .
tags: These tags are automatically created in Immuta with the sensitivity you assign. They must not already exist in Immuta. All tags used in the classificationTag parameter should be defined here.
tags.sensitivities: This is metadata for the sensitivity of the new tag. Use confidentiality for dimension. Options for sensitivity are 1 (shown as sensitive in audit dashboards) and 2
Follow the example below to map your tags to the rules in the example framework.
This example framework has a rule where columns tagged DSF.Interpretation.Credentials.Secret by identification will be tagged RAF.Confidentiality.High:
To translate this to your tags, replace the name and source value of the columnTags, neighborColumnTags, or tableTags with your own. This new example is for a Collibra tag from the external catalog that an organization uses for confidential data. This rule now states: Apply the classification tag RAF.Confidentiality.High to a column if it has the collibra tag Confidential. Repeat this for your organization's remaining classification levels.
name and source for your tagsIf you do not know the name or source for your tags, you can list your tags using the Immuta API:
This request will list all the tags in your Immuta environment, similar to this example response:
Requirement: Immuta permission GOVERNANCE
Once you have made all the customizations to the example framework, make the following request using the Immuta API, with your full customized framework as the payload.
Your new framework will now be visible in the Immuta UI by navigating the Classification section.
rules: These are the rules for applying the tags defined above. Each rule contains the classification tag to apply if the requirements are met and the requirements: the column tags, neighboring column tags, and table tags that must be present. All requirements within each defined rule must be met for the classification tag to be applied.
rules.classificationTag: The name and source of the tag you want applied if the rule requirements are met. This classification tag must be defined in tags. The source is curated.
rules.columnTags: These are the required tags for a column. If the tags defined here are found on a column, and the other tag rules are met, then the rule's classificationTag will be applied to the same column.
rules.neighborColumnTags: These are the required tags on other columns in the data source (or in the query if dynamic query classification is enabled). If the tags defined here are found on any column in the data source, and the other tag rules are met, then the rule's classificationTag will be applied to all the neighboring columns.
rules.tableTags: These are the required tags on the data source. If the tags defined here are found on the data source, and the other tag rules are met, then the rule's classificationTag will be applied to all the columns in that data source.
active: When true the framework is active and will apply tags when the rules are met.
{
"shortName": "ECMC Framework",
"name": "External Catalog Mapping Classification Framework",
"description": "This framework maps the classification tags the organization has in Collibra to Immuta data sources.",
"tags": [
{
"name": "ECMC.Confidentiality.Highly Sensitive",
"source": "curated",
"sensitivities": [
{
"dimension": "confidentiality",
"sensitivity": 2
}
]
},
{
"name": "ECMC.Confidentiality.Sensitive",
"source": "curated",
"sensitivities": [
{
"dimension": "confidentiality",
"sensitivity": 1
}
]
},
{
"name": "ECMC.Confidentiality.Nonsensitive",
"source": "curated",
"sensitivities": []
}
],
"rules": [
{
"name": "ECMC 00001",
"classificationTag": {
"name": "ECMC.Confidentiality.Highly Sensitive",
"source": "curated"
},
"columnTags": [
{
"name": "Restricted",
"source": "collibra"
}
],
"neighborColumnTags": [],
"tableTags": []
},
{
"name": "ECMC 00002",
"classificationTag": {
"name": "ECMC.Confidentiality.Sensitive",
"source": "curated"
},
"columnTags": [
{
"name": "Confidential",
"source": "collibra"
}
],
"neighborColumnTags": [],
"tableTags": []
},
{
"name": "ECMC 00003",
"classificationTag": {
"name": "ECMC.Confidentiality.Sensitive",
"source": "curated"
},
"columnTags": [
{
"name": "Internal",
"source": "collibra"
}
],
"neighborColumnTags": [],
"tableTags": []
},
{
"name": "ECMC 00004",
"classificationTag": {
"name": "ECMC.Confidentiality.Nonsensitive",
"source": "curated"
},
"columnTags": [
{
"name": "Public",
"source": "curated"
}
],
"neighborColumnTags": [],
"tableTags": []
}
],
"active": true
}"rules": [
{
"name": "RAF 00004",
"classificationTag": {
"name": "RAF.Confidentiality.High",
"source": "curated"
},
"columnTags": [
{
"name": "DSF.Interpretation.Credentials.Secret",
"source": "curated"
}
],
"neighborColumnTags": [],
"tableTags": []
}
]"rules": [
{
"name": "RAF 00004",
"classificationTag": {
"name": "RAF.Confidentiality.High",
"source": "curated"
},
"columnTags": [
{
"name": "Confidential",
"source": "collibra"
}
],
"neighborColumnTags": [],
"tableTags": []
}
]curl \
--request GET \
--header "accept: application/json" \
--header "Authorization: Bearer <your-token." \
https://your-immuta-url.com/tag[
{
"id": 114,
"name": "DataProperties.Cross-Sectional",
"source": "curated",
"deleted": false,
"systemCreated": true
},
{
"id": 2,
"name": "Discovered.Country.Argentina",
"source": "curated",
"deleted": false,
"systemCreated": true
},
{
"id": 9,
"name": "Discovered.Country.Australia",
"source": "collibra",
"deleted": false,
"systemCreated": true
}
]curl \
--request POST \
--header "Content-Type: application/json" \
--header "Authorization: Bearer <your-token>" \
--data @example-payload.json \
https://your.immuta.com/frameworks/Requirements:
Registered data sources; see the reference page for supported technologies
Immuta permission GOVERNANCE
Immuta provides identifiers out-of-the-box to recognize and tag data. Users can then utilize classification frameworks and build them to apply tags based off those identifier tags and their own catalog tags.
Tune identifiers first to adjust where the tags are applied. Because classification frameworks can apply classification tags from the identification applied tags, tuning identification should come first and will have trickle-down effects on classification. Customizing identification requires some initial work but will automate data tagging for all data sources in the future.
Follow the steps below to tune identification for your data:
: This will remove the tags from any previous identification runs and re-run identification with your new identifiers. From here, either continue to edit identifiers to reconfigure the applied tags, or you're finished if you are happy with the results.
After identification has applied entity tags, any active classification frameworks will automatically reapply their tags to account for any changes to tags. It may be necessary to adjust the classification tags based on your organization's data, security, and compliance needs.
After identification runs, you will receive a notification that the job is complete. Then, you can view the results from the data source dictionary.
Navigate to the data source overview page of the data source you added to the framework.
Click the Data Dictionary tab.
Assess whether the tags are applied as expected.
If you are happy with the tags, and .
Requirement: Immuta permission GOVERNANCE or data owner
Target some data sources to manually review tags:
Navigate to the data dictionary for the data source by opening the Data Sources page and selecting a data source. Click the Data Dictionary tab to open the data dictionary.
The data dictionary lists the data source columns, with details about the name, data type, and a list of the tags on each column. Assess whether the tags are accurate to your data.
Tags may be unexpected but still accurate to your data. Additionally, they may have been applied because they were found to be the best match from the identifiers in the framework.
If you want to improve identification and personalize it to your data, assess why the tag was applied to your data:
Is the identifier incorrectly matching your data and irrelevant to your organization? .
Is the identifier incorrectly matching this specific column, but correct in other places? It must have been the most correct match found by identification. Create a better match by completing the following steps:
.
so this column is correctly matched by identification.
If you want to remove the unexpected tags, use one of the following how-to guides:
.
Ensure the tags are applied properly by adjusting identification.
. Note that classification tags build off of other tags, so removing a single classification or identification tag can have trickle-down effects on the data source.
.
If you were expecting some sensitive data to be tagged and it is not, enable additional tags using one of the following how-to guides:
.
Ensure the tags are applied properly by adjusting identification.
. Note that classification tags build off of other tags, so adding a single tag can have trickle-down effects on the data source.
.
Requirement: Immuta permissions GOVERNANCE and AUDIT
Tags can be edited on an individual basis for each data source. If broad changes to the classification framework are necessary to re-tag your data, use the .
Navigate to the Data Sources page and select the data sources that you assessed and noted issues.
Click the Data Dictionary tab.
Delete unnecessary tags by clicking on the tag you want to remove from the column, and select Disable from the tag side sheet.
To add tags,
If you want additional tags, follow the Create an identifier guide to create identifiers that matter to your data.
Click Add Tags in the Actions column.
Begin typing the name of the tag you want to add in the Search by Name field and select the tag from the dropdown list.
Click Add.