search
Book a demoStatus page

Introduction

circle-info

Private preview: This feature is available to select accounts. Contact your Immuta representative for details.

Immuta agentic data access is a centralized authorization framework that governs how AI agents and LLMs interact with sensitive data. This framework ensures that your stringent access and compliance requirements are enforced for your agents and your users, reducing your exposure risk, removing access bottlenecks, and providing clear audit trails of data accessed.

Immuta supports governing agents used in the scenarios below. Because a single agent can perform both use cases, Immuta distinguishes how an agent is triggered to determine which access model to apply. See the implement agentic data access section for guidance on setting up your agent.

Use case
Access model
Permissions
Feature

Agent acts for a human user to perform text-to-SQL tasks: chatbots and AI analysts

Ephemeral and just-in-time access

Union: Agent’s permissions + users’ entitlements

On-behalf-of (OBO) agent

Agent acts on its own to perform scheduled tasks: bots, ETL, model training, PII scanning

Persistent access as defined in Immuta

Direct: Agent’s assigned access

Autonomous agent

hashtag
The agentic breaking point

When organizations broadly adopt AI, they often hit the agentic breaking point, where the scale of AI access to data eclipses human-centric security. To solve this issue, they are typically forced to choose between two problematic options:

  • Over-privileged service accounts: Organizations give an agent full access so it can serve any user, which creates a security vulnerability.

  • Account sprawl: Organizations create unique database credentials and access permissions for every user in every data platform, just in case they ask an agent a question. This creates access bottlenecks, account management overhead, and security vulnerabilities.

Immuta solves these problems by addressing the issue at the authorization layer instead of the authentication layer: Immuta treats agents as top-level identities that can dynamically borrow a user's data access through a role-vending mechanism, giving your organization the benefits described in the section below.

hashtag
Governing AI agents with Immuta

When you use Immuta to govern agentic data access, you can

  • Use zero standing privileges (ZSP): Immuta grants minimal, temporary access to agents by vending an ephemeral access role to that agent in the data platform that represents the users' access. After an agent has completed an action for a user, that role is deleted and access is revoked.

  • Reduce account sprawl: Human users are not required to have an account in the data platforms the agents query to answer their question, which reduces security overhead for administrators.

  • Eliminate rights inflation: If an agent acts on behalf of a power user, that agent's access is determined by the policy you have authored in Immuta, not the admin-level permissions of the human user. Because agents are treated as a distinct identity in Immuta, governors and data stewards can author policies for Immuta users, ensuring that users only access data that they're meant to. For more details about how policies are enforced for agents on behalf of users, see the Agentic data access reference guide.

  • Provide clear audit trails: Immuta offers visibility into what data was accessed and by whom, making it clear when an agent acted on behalf of a user, the user acted on their own, and when an agent acted autonomously.

Instead of having agents authenticate as users to control access, Immuta enforces agentic data access controls by vending a role that represents the user's access, combining the requesting user's entitlements with the agent's additional (and optional) entitlements. Users and agents are both top-level entities in Immuta, each with their own entitlements and policies:

Human user identity

  • Name: Taylor

  • Group: Marketing

  • Account: Immuta

Agent identity

  • Name: Marketing department agent

  • Group: Agents

  • Accounts: Immuta, Snowflake, Databricks

If Taylor, the human user who is a member of the Marketing department, wants to see the most recent customer orders to examine trends, they can chat with the Marketing department agent:

The Marketing agent then requests an ephemeral role from Immuta that represents its own access combined with Taylor's access as defined in Immuta. Immuta then vends the ephemeral role to the agent so the agent can authenticate to the data platform and query data.

If a data policy on the Customer orders data source masked columns tagged PII for Taylor, the agent would return the following data to Taylor:

lastname PII

region (no tags)

order_total (no tags)

total_with_shipping (no tags)

REDACTED

US-EAST

89.00

95.67

REDACTED

US-EAST

117.00

127.95

REDACTED

US-WEST

225.00

245.73

REDACTED

US-CENTRAL

356.00

370.16

REDACTED

US-EAST

50.00

54.13

Taylor has read access to the table, but because they cannot see personally identifiable information (the content in the lastname column) in the clear, that column is masked when the result is returned to them.

hashtag
Implement agentic data access

Follow the steps below to enforce access controls for users and agents registered in Immuta.

1

Register your agents

  1. Register your agents in Immuta using one the following methods:

  2. Generate an API key for your agent to use to make requests to the Immuta API.

  3. Optionally add groups and attributes to your agent, just as you would a human user. Once these entitlements are added, they can be used in global policies to target agents and grant or limit their access to data.

  4. Configure external mapping: Map agents registered in Immuta to the external data platforms they will access.

2

Author policy

  1. Optionally author global data policies and global subscription that grant the agent access to the resources it needs to do its job (such as lookup tables) so that you don't have to grant that access to every human user.

  2. Author global subscription and data policies that apply to your users. These policies do not necessarily grant persistent access unless those users also have accounts in the data platforms in question and those accounts are mapped to that user in Immuta.

Once these policies are created, and a human user asks the agent a question, agents' access will be combined with the requesting user's access entitlements, per the above policies, in an ephemeral role Immuta vends so that it only returns the data the user is allowed to see.

For more details about how policy enforcement works for agents, see the Agentic data access reference guide.

3

Audit access

View audit logs on the audit page or on the agent's activity tab to understand what agents are accessing and on behalf of what users.

For more details about audit logs for agents, see the Agentic data access reference guide.

PreviousWork with LLMsNextAgentic Data Access Reference Guide

Last updated

Was this helpful?