Adjust Identification and Classification Framework Tags
Last updated
Was this helpful?
Last updated
Was this helpful?
Requirements:
Registered
Immuta permission GOVERNANCE
Immuta Discover provides identification frameworks out-of-the-box to recognize and tag data, and Discover also provides classification frameworks out-of-the-box to categorize and classify data. These frameworks are all generic to industry practices and should be customized to each organization's specific needs.
Tune SDD frameworks and identifiers first to adjust where Discovered tags are applied. Because classification frameworks apply classification tags from the Discovered tags, tuning SDD should come first and will have trickle-down effects on classification. Customizing SDD requires some initial work but will automate data tagging for all data sources in the future.
Follow the steps below to tune SDD from the Default Framework:
.
.
: This will remove the tags from any previous identification frameworks and re-run identification with your new framework. From here, either continue to edit identifiers to reconfigure the applied tags, or if you are happy with the results, proceed to the next step.
.
After SDD has applied entity tags, classification frameworks will automatically reapply their tags to account for any changes to Discovered tags. It may be necessary to adjust the classification tags based on your organization's data, security, and compliance needs.
Requirements:
Immuta permission AUDIT
Use the Detect dashboards to review queries at different sensitivity levels and review the tags that have been applied to your data source columns to understand the tags that Immuta applied there:
Have an Immuta user subscribed to a data source make multiple queries to a data source in Snowflake. The user should query both non-sensitive and sensitive data.
Navigate to the Audit page and click ↻Load Audit Events to pull in queries made in Snowflake.
Navigate to the Events (Beta) page. Note that Snowflake has a 15-minute data latency for all audit events.
Select the Event Id of one of the queries. Click the Columns tab.
The Column tab lists the columns in the query organized from highest to lowest sensitivity and the tags applied to each column. Check that the columns you know to be sensitive are here.
For example, if the query has a column with last names, you should see a minimum of the following tags: DSF. Personal, DSF.Record.Subject.Type.Individual, DSF.Record.Identifiability.Identifiable, and DSF.Control.Personal.
Note any sensitive columns not labeled as sensitive.
Complete steps 2-5 for as many queries as you want.
Requirement: Immuta permission GOVERNANCE or data owner
Target some data sources to manually review tags:
Navigate to the data dictionary for the data source by opening the Data Sources page and selecting a data source. Click the Data Dictionary tab to open the data dictionary.
The data dictionary lists the data source columns, with details about the name, data type, and a list of the tags on each column. Assess whether the tags are accurate to your data.
Tags may be unexpected but still accurate to your data. Additionally, they may have been applied because they were found to be the best match from the identifiers in the framework.
If you want to improve SDD and personalize it to your data,
Assess why the tag was applied to your data.
Is the identifier incorrectly matching this specific column, but correct in other places? It must have been the most correct match found by identification. Create a better match by completing the following steps:
If you want to remove the unexpected tags, use one of the following how-to guides:
Ensure the Discovered tags are applied properly by adjusting SDD.
If you were expecting some sensitive data to be tagged and it is not, enable additional tags using one of the following how-to guides:
Ensure the Discovered tags are applied properly by adjusting SDD.
Requirement: Immuta permissions GOVERNANCE and AUDIT
Navigate to the Data Sources page and select the data sources that you assessed and noted issues.
Click the Data Dictionary tab.
Delete unnecessary tags by clicking on the tag you want to remove from the column, and select Disable from the tag side sheet.
To add tags,
Click Add Tags in the Actions column.
Begin typing the name of the tag you want to add in the Search by Name field and select the tag from the dropdown list.
Click Add.
Snowflake integration (If you are using Databricks, use the how-to below.)
Is the identifier incorrectly matching your data and irrelevant to your organization? .
.
so this column is correctly matched by identification.
.
. Note that classification tags build off of other tags, so removing a single classification or Discovered tag can have trickle-down effects on the data source.
.
.
. Note that classification tags build off of other tags, so adding a single classification or Discovered tag can have trickle-down effects on the data source.
.
Tags can be edited on an individual basis for each data source. If broad changes to the classification framework are necessary to re-tag your data, use the .