Latest Access Summary Export Schema Reference Guide
Version: prpr2
When creating external tables from this schema, create a view on top of them for data consumers so that you can more easily manage data model version changes. For more details, see the Access summary export page.
policy-metadata
policy-metadataThis table contains one row per unique access policy (subscription policy).
who
String (UTF-8)
No
The attribute(s) or group(s) the policy targets.
object
String (UTF-8)
No
Tag(s) the policy targets.
access_type
String (UTF-8)
No
The type of subscription policy:
GRANT or GUARDRAIL
policy
String (UTF-8)
No
Immuta policy expression.
scope
String (UTF-8)
No
The type of access policy: READ or WRITE
policy_id
Integer (BigInt)
No
Unique numerical identifier for the specific policy.
policy_name
String (UTF-8)
No
The human-readable name of the policy.
creation_date
Timestamp
No
The point-in-time when the access policy or record was originally created.
owner
String (UTF-8)
No
The username or display name of the policy owner.
owner_global_user_id
String (UTF-8)
No
The universally unique identifier (UUID) for the policy owner.
link
String (UTF-8)
No
A URL or URI providing a direct reference to the policy or resource.
source
String (UTF-8)
No
The source of the policy.
export_date
Timestamp
No
The timestamp when this metadata record was exported.
Example: To create a Snowflake external table for the policy-metadata file:
CREATE OR REPLACE EXTERNAL TABLE EXT_POLICY_METADATA_<version> (
"who" VARCHAR AS (VALUE:"who"::VARCHAR),
"object" VARCHAR AS (VALUE:"object"::VARCHAR),
"access_type" VARCHAR AS (VALUE:"access_type"::VARCHAR),
"policy" VARCHAR AS (VALUE:"policy"::VARCHAR),
"scope" VARCHAR AS (VALUE:"scope"::VARCHAR),
"policy_id" NUMBER AS (VALUE:"policy_id"::NUMBER),
"policy_name" VARCHAR AS (VALUE:"policy_name"::VARCHAR),
"creation_date" TIMESTAMP_NTZ AS (VALUE:"creation_date"::TIMESTAMP_NTZ),
"owner" VARCHAR AS (VALUE:"owner"::VARCHAR),
"owner_global_user_id" VARCHAR AS (VALUE:"owner_global_user_id"::VARCHAR),
"link" VARCHAR AS (VALUE:"link"::VARCHAR),
"source" VARCHAR AS (VALUE:"source"::VARCHAR),
"export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ)
)
LOCATION = @<your-stage>/policy-metadata/<version>/
FILE_FORMAT = <your-format>
AUTO_REFRESH = TRUE;datasource-metadata
datasource-metadataNew table
This table contains one row per unique data source.
data_source_id
Integer (BigInt)
No
Unique numerical ID for the data source system.
data_source_name
String (UTF-8)
No
The name of the data source (e.g., table or object name).
data_source_description
String (UTF-8)
Yes
Detailed description of the data source.
is_enabled
Boolean
No
A boolean flag indicating if the data source is currently enabled.
technology
String (UTF-8)
No
The platform type backing the data source (e.g., Snowflake, S3, Azure SQL).
connection
String (UTF-8)
Yes
Connection identifier in Immuta.
data_source_type
String (UTF-8)
No
The native data type of the data source in the source system (e.g., TABLE, VIEW, etc.).
data_source_created_at
Timestamp
No
Date the data source was registered in Immuta.
data_source_health
String (UTF-8)
No
The health status of the data source.
export_date
Timestamp
No
The timestamp when this metadata record was exported.
column-metadata
column-metadataNew table
This table contains one row per unique column in any data source.
column_id
String (UTF-8)
No
Unique ID for the column.
data_source_id
Integer (BigInt)
No
Unique numerical ID for the data source system.
column_name
String (UTF-8)
No
Name of the column.
column_description
String (UTF-8)
Yes
Detailed description of the specific column.
column_data_type
String (UTF-8)
No
The data type of the column in the source system (e.g., string, BigInt, etc.).
export_date
Timestamp
No
The timestamp when this metadata record was exported.
user-metadata
user-metadataThis table contains one row per unique user.
user_id
String (UTF-8)
No
Unique identifier for the user within the source system.
global_user_id
String (UTF-8)
No
Universally unique identifier (UUID) for the user across all systems.
email
String (UTF-8)
Yes
Primary email address associated with the user profile.
identity_source
String (UTF-8)
No
The originating source of the user identity (e.g., Okta, LDAP, System).
global_permissions
List<String>
Yes
Collection of global permissions assigned to the user.
group_name
String (UTF-8)
Yes
Name of the organizational group or team the user belongs to.
attribute_key
String (UTF-8)
Yes
The key/name for a specific user metadata attribute.
attribute_value
String (UTF-8)
Yes
The specific value assigned to the attribute key.
source
String (UTF-8)
No
Describes if the attribute comes from a group or direct assignment.
association
String (UTF-8)
No
Describes how the user is linked to the group or attribute (e.g., Direct, Inherited).
export_date
Timestamp
No
The timestamp when this metadata record was exported.
tag-metadata
tag-metadataUpdated table
This table contains one row per unique tag applied to a data object.
tag_name
String (UTF-8)
No
The name of the tag applied to the data object.
tag_description
String (UTF-8)
Yes
Detailed description of the tag's purpose or meaning.
target_id
New
String (UTF-8)
No
The ID of the data source or column depending on the target type
target_type
Updated
String (UTF-8)
No
Distinguishes between DATA_SOURCE level and COLUMN level tags.
source
String (UTF-8)
No
The system or component that generated the tag metadata (e.g., marketplace, collibra, databricksUnityCatalog).
context
String (UTF-8)
No
The approach used to create the tag (e.g., catalog, sdd, schemaEvolution, marketplace).
as_of
Timestamp
No
When the tag was added.
export_date
Timestamp
No
The timestamp when this metadata record was exported.
policy-outcomes
policy-outcomesUpdated table
This table contains one row per unique instance where a user gained access to a data object through an Immuta policy.
global_user_id
String (UTF-8)
No
Universally unique identifier (UUID) for the user whose access is determined by these policies.
data_source_id
Integer (BigInt)
No
Unique numerical identifier for the data source on which the policies were applied.
column_id
New
String (UTF-8)
Yes
Unique numerical identifier for the data source on which the reveal policies were applied. Note this is not supported yet and will always be null.
policy_ids
List<Integer (BigInt)>
Yes
A collection of unique identifiers for all policies that contributed to the final access outcome.
merged_policy
String (UTF-8)
Yes
The combined boolean logic resulting from merging multiple policies.
scope
New
String (UTF-8)
No
The type of access policy: READ or WRITE
is_owner
Boolean
No
Flag indicating if the user is an owner of the resource, which carries additional power.
source
String (UTF-8)
No
If the user was added manually or via the policy.
export_date
Timestamp
No
The timestamp when this metadata record was exported.
domain-metadata
domain-metadataThis table contains one row per unique domain.
id
String (UTF-8)
No
Unique identifier for the domain.
name
String (UTF-8)
No
The display name of the domain.
description
String (UTF-8)
Yes
Detailed description of the domain.
creator_global_user_id
String (UTF-8)
No
The universally unique identifier (UUID) of the user who created the domain.
data_source_id
Integer (BigInt)
No
The unique numerical ID of the data source associated with this domain.
privileged_user
String (UTF-8)
No
The identity of the user with elevated administrative rights over the domain.
permissions
List<String>
No
A collection of access rights or roles specifically granted within this domain.
export_date
Timestamp
No
The timestamp when this metadata record was exported.
access-requests
access-requestsNew table
This table contains one row per unique access request made in the Request app.
request_id
String (UTF-8)
No
Universally unique identifier (UUID) for the access request.
global_user_id
String (UTF-8)
No
Universally unique identifier (UUID) for the user who will gain access from the request.
global_requestor_id
String (UTF-8)
No
Universally unique identifier (UUID) for the user who made the access request.
target_id
String (UTF-8)
No
The ID of the data product, data source, or column that is being requested.
target_type
String (UTF-8)
No
The type of target being requested. Options are DATA_SOURCE, COLUMN, or DATA_PRODUCT.
request_date
Timestamp
No
The timestamp when the request was made.
request_responses
String (UTF-8)
No
The responses the user submitted when making the access request.
request_form_id
String (UTF-8)
No
The globally unique identifier of the request form.
final_determination_date
Timestamp
No
The timestamp when the final determination was made.
determination
String (UTF-8)
No
The determination of the request. Options are PENDING, APPROVED, DENIED, REVOKED, CANCELED, or EXPIRED.
expiration_date
Timestamp
Yes
The timestamp when the request expires if it is a temporary request.
export_date
Timestamp
No
The timestamp when this metadata record was exported.
request-determinations
request-determinationsNew table
This table contains one row per unique user or group that had to review an access request made in the Request app.
approval_id
String (UTF-8)
No
The globally unique identifier of the approval record.
request_id
String (UTF-8)
No
Universally unique identifier (UUID) for the access request.
global_reviewer_id
String (UTF-8)
Yes
Universally unique identifier (UUID) for the user who reviewed the request.
reviewer_source
String (UTF-8)
Yes
The condition the reviewer met to be a reviewer for the request.
reviewer_determination
String (UTF-8)
No
The determination of the reviewer. Options include PENDING, APPROVED, DENIED, and CANCELED.
determination_date
Timestamp
Yes
The timestamp when the determination was made.
justification
String (UTF-8)
Yes
The justification for the determination.
status
String (UTF-8)
No
Whether the determination is still pending or completed. Options include WAITING and COMPLETED.
pending_reviewers
String (UTF-8)
No
If the determination is still pending, a JSON array of the reviewers.
export_date
Timestamp
No
The timestamp when this metadata record was exported.
request-duas
request-duasNew table
This table contains one row per unique access request that is linked to a data use agreement (DUA).
request_id
String (UTF-8)
No
Universally unique identifier (UUID) for the access request.
dua_id
String (UTF-8)
No
The globally unique identifier of the DUA.
name
String (UTF-8)
No
The name of the DUA.
export_date
Timestamp
No
The timestamp when this metadata record was exported.
data-products
data-productsNew table
This table contains one row per unique data product.
data_product_id
String (UTF-8)
No
The globally unique identifier of the data product.
data_product_name
String (UTF-8)
No
The name of the data product.
data_product_domain
String (UTF-8)
No
The ID of the domain associated with the data product.
data_product_description
String (UTF-8)
Yes
The description of the data product.
data_product_creator
String (UTF-8)
No
The universally unique identifier (UUID) for the user who registered the data product.
data_product_smes
List [String (UTF-8)]
Yes
A list of the universally unique identifiers (UUID) for the subject matter experts for the data product.
data_product_suspended
Boolean
No
Whether the data product is currently suspended.
export_date
Timestamp
No
The timestamp when this metadata record was exported.
data-product-assets
data-product-assetsNew table
This table contains one row per data source within a data product.
data_product_id
String (UTF-8)
No
The globally unique identifier of the data product.
data_source_id
String (UTF-8)
No
The unique numerical ID of the data source associated with this data product.
export_date
Timestamp
No
The timestamp when this metadata record was exported.
Possible joins
Users to policy outcomes
global_user_id
Policy outcomes to policy details
policy_ids ←→ policy_id
Data sources to tags
data_source_id
Domains to data sources
data_source_id
Users to policy authorship
global_user_id ←→ owner_global_user_id
Data sources in a data product
data_product_id
Last updated
Was this helpful?