search
Ctrlk
Book a demoStatus page

Accessing Data

Learn how end users can access policy-enforced data in Amazon Redshift

Once data is registered through the Amazon Redshift connection, you will access your data through Amazon Redshift as you normally would. If you are subscribed to the data source, Immuta grants you access to the data in Amazon Redshift.

When you submit a query, the SQL client submits the query to Amazon Redshift, which then processes the query and determines what data your role is allowed to see. Then, Amazon Redshift queries the database and returns the query results to the SQL client, which then returns policy-enforced data to you.

The diagram below illustrates how Immuta, Amazon Redshift, and the SQL client interact when a user queries data registered in Immuta.

After a user subscribes to a data source, Immuta issues GRANT statements that assign a role and object privileges to that user in Amazon Redshift. Amazon Redshift then stores that role in an internal system catalog, and when a user submits a query to the SQL client, Amazon Redshift returns the data the user's role is allowed to see. The SQL client then returns that data to the user.

hashtag
Querying data

Because subscription policies are managed through roles, you must be acting under the role Immuta creates for you (immuta_<username>) to get access to the data sources you are subscribed to.

PreviousProtecting DataNextAmazon Redshift Spectrum Integration

Last updated

Was this helpful?