# Data Sources in Immuta Data owners expose their data across their organization to other users by registering that data in Immuta as a data source. When data is registered, Immuta does not affect existing policies on those tables in the remote system (unless an existing global policy in Immuta applies to the data source), so users who had access to a table before it was registered can still access that data without interruption. ## Data sources with nested columns When data sources support nested columns, these columns get parsed into a nested Data Dictionary. Below is a list of data sources that support nested columns: * S3 * Azure Blob * Databricks sources with [complex data types enabled](/latest/configuration/application-settings/how-to-guides/config-builder-guide.md#preview-features) * When complex types are enabled, Databricks data sources can have columns that are arrays, maps, or structs that can be nested. ## Data source user roles There are various roles users and groups can play relating to each data source. These roles are managed through the members tab of the data source. Roles include the following types: * **Owners**: Those who create and manage new data sources and their users, documentation, and [data dictionaries](#data-dictionary). * **Subscribers**: Those who have access to the data source data. With the appropriate data accesses and attributes, these users and groups can view files, run queries, and generate analytics against the data source data. All users and groups granted access to a data source have subscriber status. * **Experts**: Those who are knowledgeable about the data source data and can elaborate on it. They are responsible for managing the data source's documentation and [data dictionary](#data-dictionary) tags and descriptions. See [Manage data source members](/latest/configuration/integrations/registering-metadata/data-sources/data-source-settings/how-to-guides/manage-members.md#modify-user-or-group-roles-within-a-data-source) for a tutorial on modifying user roles. ## Data dictionary The data dictionary provides information about the columns within the data source, including column names and value types. Dictionary columns are automatically generated when the data source is created. However, data owners and experts can [tag columns in the data dictionary](/latest/configuration/manage-data-metadata/tags/how-to-guides/managing-tags.md) and [add descriptions to these entries](/latest/configuration/integrations/registering-metadata/data-sources/data-source-settings/how-to-guides/manage-dictionary.md). ### Data dictionary column icons The data dictionary displays icons on columns that have a masking policy applied to them. The appearance of these icons varies depending on the permission of the user. **Governors and data owners** If you have the `GOVERNANCE` permission or are the data source owner, the data dictionary column icons will appear in these ways: * **No icon**: No masking policy applies to the column. * **Yellow eye**: A masking policy applies to the column, but the column is unmasked for the current user because they meet the exception criteria for the policy. * **Red eye**: A policy on the column masks it for the current user. **All other users** The data dictionary column icons will appear in these ways for all other users: * **No icon**: Either no masking policy applies to the column or a masking policy applies to the column, but the column is unmasked for the current user because they meet the exception criteria for the policy. * **Red eye**: A policy on the column masks it for the current user. ## Audit The following events related to data sources are audited and can be found on the audit page in the UI: * [DatasourceCreated](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#datasourcecreated-event): A data source is created. * [DatasourceDeleted](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#datasourcedeleted-event): A data source is deleted. * [DatasourceDisabled](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#datasourcedisabled-event): A data source is disabled. * [DatasourceUpdated](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#datasourceupdated-event): A data source is updated. * [DatasourceAppliedToProject](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#datasourceappliedtoproject-event): A data source is added to a project. * [DatasourceRemovedFromProject](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#datasourceremovedfromproject-event): A data source is removed from a project. * [DatasourceCatalogSynced](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#datasourcecatalogsynced-event): An external catalog is linked and synced for the data source. * [DatasourceGlobalPolicyApplied](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#datasourceglobalpolicyapplied-event): A global policy is applied to a data source. * [DatasourceGlobalPolicyConflictResolved](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#datasourceglobalpolicyconflictresolved-event): A policy conflict between two global policies on a data source is resolved. * [DatasourceGlobalPolicyDisabled](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#datasourceglobalpolicydisabled-event): A global policy is disabled on a data source. * [DatasourceGlobalPolicyRemoved](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#datasourceglobalpolicyremoved-event): A global policy is removed from a data source. * [LocalPolicyCreated](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#localpolicycreated-event): A local policy is created on a data source. * [LocalPolicyUpdated](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#localpolicyupdated-event): A local policy is updated on a data source. * [SubscriptionCreated](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#subscriptioncreated-event): A user is subscribed to a data source or project. * [SubscriptionDeleted](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#subscriptiondeleted-event): A user's subscription to a data source or project is removed. * [SubscriptionRequestApproved](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#subscriptionrequestapproved-event): A user's request to subscribe to a data source or project is approved. * [SubscriptionRequestDenied](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#subscriptionrequestdenied-event): A user's request to subscribe to a data source or project is denied. * [SubscriptionRequested](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#subscriptionrequested-event): A user requests to subscribe to a data source or project. * [SubscriptionUpdated](/latest/governance/detect-your-activity/audit/reference-guides/universal-audit-model-uam/uam-schema.md#subscriptionupdated-event): A user's subscription to a data source or project is updated. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://documentation.immuta.com/latest/configuration/integrations/registering-metadata/data-sources/data-source-overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.