Getting Started with Domains

Domains are containers of data sources that allow you to assign data ownership and access management to specific business units, subject matter experts, or teams at the nexus of cross-functional groups. Instead of centralizing your data governance and giving users too much governance over all your data, you control how much power they have over data sources by granting them permission within domains in Immuta.

Create a domain

Required Immuta permission: GOVERNANCE

1. Navigate to the Domains page.

2. Click + New Domain.

3. Enter a Name and Description for your domain.

4. Select Dynamically (recommended) or Manually for data source assignment:

   1. Dynamically: Data sources are added based on a tag. Every data source with that tag is added to the domain, and the domain will continually be updated to ensure every data source with that tag is in the domain.

      1. Use the search box to start typing a tag name.

      2. Select a tag to use to dynamically assign data sources to the domain now and in the future. If using a parent tag in a hierarchy, all data sources with the parent or its child tags will be added.

         Note: The data sources will populate in the table and can only be added or removed by editing the tag; no manual changes are supported.

   2. Manually: Data sources are individually picked by the domain owner. No changes will be made to the domain's data sources without user intervention.

      1. Use the list of data sources and select the checkbox for the data sources you want in the domain.

5. Click Next.

6. Opt to assign user permissions; select how you want to assign permissions in the dropdown:

   1. Individual users: All the users you select will get the permission you assign.

      1. Use the search box to start typing a username and select the user from the list.

      2. Use the dropdown to select the permission to grant the user.

   2. Users in group: All the users in the group you select will get the permission you assign. If any user is added or removed from the group, their permission will be updated.

      1. Use the search box to start typing a group name and select the group from the list.

      2. Use the dropdown to select the permission to grant the user.

7. Click Next. Review the information, and then select Create Domain.

Assign domain permissions

User administrators can assign domain permissions from the domain permissions tab or the people page.

Required Immuta permission: USER_ADMIN

1. Click Domains and navigate to the domain.

2. Go to the Permissions tab and click + Grant Permissions.

3. Choose how to assign the permission:

   • Individual selected users: Select this option from the dropdown and then search for individual users to grant the permission to.

   • Users in group: Select this option from the dropdown and then search for groups to grant the permission to.

4. Choose the permission to assign:

   • Audit Activity permission to allow them to view audit events within the domain.

   • Manage Identifiers permission to allow them to create and manage identifiers for sensitive data discovery, and to create and manage system tags (private preview).

   • Manage Policies permission to allow them to create policies that will apply to the data sources within the domain.

5. Review your changes and click Grant Permissions.

Assign data sources to a domain

Required Immuta permission: GOVERNANCE

1. Navigate to the Domains page and select your domain.

2. Click the Data Sources tab, and then click + Add Data Sources.

3. Select the checkboxes for the data sources you want to add to your domain.

4. Click + Add to Domain.

Author a domain-scoped policy

Required Immuta permission: GOVERNANCE or Manage Policies

1. Navigate to the Domains page and select your domain.

2. Click the Subscription Policies or Data Policies tab.

3. Click Create Policy and select Subscription Policy or Data Policy.

5. When building your policy, your domain will automatically be added in the What domain(s) should this policy be restricted to? section. You can select more domains that you have the Manage Policies permission for here as well. This step will assign the policy to all data sources added to that domain.

Audit domain-related activity

Domain-related activity can be audited from the domain page, the audit page, the people page, or the data sources overview page. To find a specific audit record,

Required Immuta permission: Audit Activity

1. Click Insights in the navigation menu and select Audit - records are automatically filtered to your authorized domains only.

2. Optional: Use filters to narrow down the search for activities.

3. Click on a record to see details about a specific activity.

Edit domain assignment setting

Required Immuta permission: GOVERNANCE

1. Navigate to the Domains page and select your domain.

2. Click the Settings tab.

3. Select the data source assignment on the toggle:

   2. Dynamic: If updating the setting to dynamic, the impact to data sources will be shown on the modal. To change the data sources assigned to the domain in the future, update the tag in the domain or on your data sources.

      1. Select the tag to assign data sources by.

      2. Check the impact of the setting change:

         1. Remain: These are the data sources currently in the domain that have the dynamic tag and will remain in the domain.

         2. Removed: These are the data sources currently in the domain that do not have the dynamic tag and will be removed from the domain.

         3. Added: These are the data sources not currently in the domain that do have the dynamic tag and will be added to the domain.

      3. Click Update.

Delete a domain

A domain can only be deleted if no data sources are assigned and there are no identifiers in the domain.

Required Immuta permission: GOVERNANCE

1. Navigate to the Domains page and select your domain.

2. Click the more actions icon.

3. Select Delete Domain.

4. Confirm your changes.