# Integrations Overview Immuta does not require users to learn a new API or language to access protected data. Instead, Immuta integrates with existing tools and data platforms while remaining invisible to downstream consumers. The table below outlines features supported by each of Immuta's data platform integrations.
Subscription policiesData policiesIdentificationImpersonationQuery auditTag ingestion
Amazon Redshift
Amazon S3
Azure Synapse Analytics
Databricks Spark
Databricks Unity Catalog
Google BigQuery
SnowflakeSupported with caveats
Starburst (Trino)
## Subscription policy support matrix The table below illustrates the subscription policy access types supported by each integration. If a data platform isn't included in the table, that integration does not support any subscription policies. For more details about read and write access policy support for these data platforms, see the [Subscription policy access types reference guide](/latest/governance/author-policies-for-data-access-control/authoring-policies-in-secure/section-contents/reference-guides/subscription-access-types.md).
IntegrationRead access policiesWrite access policies
Amazon Redshift View-based integrations are read-only
Amazon S3
Azure Synapse Analytics View-based integrations are read-only
Databricks Spark Write access is controlled through workspaces and scratch paths
Databricks Unity Catalog
Google BigQuery View-based integrations are read-only
Snowflake
Starburst (Trino)
## Data policy support matrix The table below outlines the types of data policies supported for various data platforms. If a data platform isn't included in the table, that integration does not support any data policies. For details about each of these policies, see the [Data policy types page](/latest/governance/author-policies-for-data-access-control/authoring-policies-in-secure/data-policies/reference-guides/data-policies.md). | | Amazon Redshift | Azure Synapse Analytics | Databricks Spark | Databricks Unity Catalog | Google BigQuery | Snowflake | Starburst (Trino) | | ----------------------------------------- | -------------------- | ----------------------- | ------------------------------------------------ | ------------------------------------------------ | -------------------- | -------------------- | -------------------- | | Cell-level masking | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :x: | :white\_check\_mark: | :white\_check\_mark: | | [Custom function](#user-content-fn-2)[^2] | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Format preserving masking | :x: | :x: | :x: | :x: | :x: | :white\_check\_mark: | :x: | | Hashing | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Masking fields within STRUCT columns | :x: | :x: | :white\_check\_mark: | [Supported with caveats](#user-content-fn-3)[^3] | :x: | :x: | :x: | | Minimize | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Only show data by time | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Only show rows (matching) | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Randomized response | :x: | :x: | :x: | :x: | :x: | :white\_check\_mark: | :x: | | Regex | :white\_check\_mark: | :x: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Replace with NULL or constant | :white\_check\_mark: | :white\_check\_mark: | [Supported with caveats](#user-content-fn-4)[^4] | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Reversible masking | :white\_check\_mark: | :x: | :white\_check\_mark: | :x: | :x: | :white\_check\_mark: | :white\_check\_mark: | | Rounding | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | WHERE clause | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | ## Identification support matrix Identification has varied support for data sources from different technologies based on the identifier type. For details about how identification works in Immuta, see the [Data identification page](/latest/configuration/manage-data-metadata/data-discovery.md). | Technology | Regex | Dictionary | Column name regex | | ----------------------- | -------------------- | -------------------- | -------------------- | | Amazon Redshift | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Amazon S3 | :x: | :x: | :white\_check\_mark: | | Azure Synapse Analytics | :x: | :x: | :white\_check\_mark: | | Databricks | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Google BigQuery | :x: | :x: | :white\_check\_mark: | | Snowflake | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | | Starburst (Trino) | :white\_check\_mark: | :white\_check\_mark: | :white\_check\_mark: | ## Query audit support for platform queries The table below outlines what information is included in the query audit logs for each integration where query audit is supported.
Databricks SparkDatabricks Unity CatalogSnowflakeStarburst (Trino)
Table and user coverageRegistered data sources and usersAll tables and usersRegistered data sources and usersRegistered data sources and users
Object queried
Columns returned
Rows returned
Query text
Unauthorized informationLimited support
**Legend**: * :white\_check\_mark: This is available and the information is included in audit logs. * :x: This is not available and the information is not included in audit logs. [^1]: Impersonation is not supported in Snowflake if [table grants](/latest/configuration/integrations/snowflake/reference-guides/table-grants-overview.md) or [low row access policy mode](/latest/configuration/integrations/snowflake/reference-guides/low-row-access-overview.md) is enabled. [^2]: Poorly written functions can lead to data leaks. [^3]: Databricks Unity Catalog ARRAY, MAP, or STRUCT type columns only support masking with NULL. [^4]: On Databricks data sources, joins will not be allowed on data protected with replace with NULL or constant policies. [^5]: Unauthorized information is only available when the integration has table grants enabled. Unauthorized audit records will show a table name, but will not be connected to an Immuta data source. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://documentation.immuta.com/latest/configuration/integrations/integrations-overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.