Protecting Data
In the PostgreSQL connection, Immuta administers PostgreSQL privileges on data registered in Immuta. Then, Immuta users who have been granted access to the tables can query them with policies enforced.
The sequence diagram below outlines the events that occur when an Immuta user who is subscribed to a data source queries it in PostgreSQL.
Registering a connection
PostgreSQL is configured and data is registered through connections, an Immuta feature that allows administrators to register data objects in a technology through a single connection to make data registration more scalable for your organization.
Once the PostgreSQL connection is registered, you can author subscription policies in Immuta to enforce access controls.
See the PostgreSQL connection reference guide for more details about registering a connection.
Protecting data
After tables are registered in Immuta, you can author subscription policies in Immuta to enforce access controls.
When a policy is applied to a data source, users who meet the conditions of the policy will be . Then, Immuta issues a SQL statement in PostgreSQL that grants the SELECT privilege to users on those tables.
Consider the following example that illustrates how Immuta enforces a subscription policy that only allows users in the analysts group to access to yellow-table. When this policy is authored and applied to the data source, Immuta issues a SQL statement in PostgreSQL that grants the SELECT privilege on yellow-table to users (registered in Immuta) that are part of the analysts group.
In the image above, the user in the analysts group accesses yellow-table , while the user who is a part of the research group is denied access.
See the Author a subscription policy page for guidance on applying a subscription policy to a data source. See the Subscription policy access types page details about the subscription policy types supported and PostgreSQL privileges Immuta grants on tables registered as Immuta data sources.
Last updated
Was this helpful?