# Latest Access Summary Export Schema Reference Guide **Version**: `prpr2` When creating external tables from this schema, create a view on top of them for data consumers so that you can more easily manage data model version changes. For more details, see the [Access summary export page](https://documentation.immuta.com/saas/govern/detect-your-data/access-summary-export/..#viewing-the-export). ## `policy-metadata` This table contains one row per unique access policy (subscription policy).
Field nameAbstract data typeNullableDescription
whoString (UTF-8)NoThe attribute(s) or group(s) the policy targets.
objectString (UTF-8)NoTag(s) the policy targets.
access_typeString (UTF-8)NoThe type of subscription policy:
GRANT or GUARDRAIL
policyString (UTF-8)NoImmuta policy expression.
scopeString (UTF-8)NoThe type of access policy: READ or WRITE
policy_idInteger (BigInt)NoUnique numerical identifier for the specific policy.
policy_nameString (UTF-8)NoThe human-readable name of the policy.
creation_dateTimestampNoThe point-in-time when the access policy or record was originally created.
ownerString (UTF-8)NoThe username or display name of the policy owner.
owner_global_user_idString (UTF-8)NoThe universally unique identifier (UUID) for the policy owner.
linkString (UTF-8)NoA URL or URI providing a direct reference to the policy or resource.
sourceString (UTF-8)NoThe source of the policy.
export_dateTimestampNoThe timestamp when this metadata record was exported.
Example: To create a Snowflake external table for the policy-metadata file: ```sql CREATE OR REPLACE EXTERNAL TABLE EXT_POLICY_METADATA_ ( "who" VARCHAR AS (VALUE:"who"::VARCHAR), "object" VARCHAR AS (VALUE:"object"::VARCHAR), "access_type" VARCHAR AS (VALUE:"access_type"::VARCHAR), "policy" VARCHAR AS (VALUE:"policy"::VARCHAR), "scope" VARCHAR AS (VALUE:"scope"::VARCHAR), "policy_id" NUMBER AS (VALUE:"policy_id"::NUMBER), "policy_name" VARCHAR AS (VALUE:"policy_name"::VARCHAR), "creation_date" TIMESTAMP_NTZ AS (VALUE:"creation_date"::TIMESTAMP_NTZ), "owner" VARCHAR AS (VALUE:"owner"::VARCHAR), "owner_global_user_id" VARCHAR AS (VALUE:"owner_global_user_id"::VARCHAR), "link" VARCHAR AS (VALUE:"link"::VARCHAR), "source" VARCHAR AS (VALUE:"source"::VARCHAR), "export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ) ) LOCATION = @/policy-metadata// FILE_FORMAT = AUTO_REFRESH = TRUE; ```
## `datasource-metadata` **New table** This table contains one row per unique data source.
Field nameAbstract data typeNullableDescription
data_source_idInteger (BigInt)NoUnique numerical ID for the data source system.
data_source_nameString (UTF-8)NoThe name of the data source (e.g., table or object name).
data_source_descriptionString (UTF-8)YesDetailed description of the data source.
is_enabledBooleanNoA boolean flag indicating if the data source is currently enabled.
technologyString (UTF-8)NoThe platform type backing the data source (e.g., Snowflake, S3, Azure SQL).
connectionString (UTF-8)YesConnection identifier in Immuta.
data_source_typeString (UTF-8)NoThe native data type of the data source in the source system (e.g., TABLE, VIEW, etc.).
data_source_created_atTimestampNoDate the data source was registered in Immuta.
data_source_healthString (UTF-8)NoThe health status of the data source.
export_dateTimestampNoThe timestamp when this metadata record was exported.
Example: To create a Snowflake external table for the datasource-metadata file: ```sql CREATE OR REPLACE EXTERNAL TABLE EXT_DATASOURCE_METADATA_ ( "data_source_id" NUMBER AS (VALUE:"data_source_id"::NUMBER), "data_source_name" VARCHAR AS (VALUE:"data_source_name"::VARCHAR), "data_source_description" VARCHAR AS (VALUE:"data_source_description"::VARCHAR), "is_enabled" BOOLEAN AS (VALUE:"is_enabled"::BOOLEAN), "technology" VARCHAR AS (VALUE:"technology"::VARCHAR), "connection" VARCHAR AS (VALUE:"connection"::VARCHAR), "data_source_type" VARCHAR AS (VALUE:"data_source_type"::VARCHAR), "data_source_created_at" TIMESTAMP_NTZ AS (VALUE:"data_source_created_at"::TIMESTAMP_NTZ), "data_source_health" VARCHAR AS (VALUE:"data_source_health"::VARCHAR), "export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ) ) LOCATION = @/datasource-metadata// FILE_FORMAT = AUTO_REFRESH = TRUE; ```
## `column-metadata` **New table** This table contains one row per unique column in any data source.
Field nameAbstract data typeNullableDescription
column_id​String (UTF-8)No​Unique ID for the column.
data_source_idInteger (BigInt)NoUnique numerical ID for the data source system.
column_name​String (UTF-8)No​Name of the column.
column_descriptionString (UTF-8)YesDetailed description of the specific column.
column_data_type​String (UTF-8)No​The data type of the column in the source system (e.g., string, BigInt, etc.).
export_dateTimestampNoThe timestamp when this metadata record was exported.
Example: To create a Snowflake external table for the column-metadata file: ```sql CREATE OR REPLACE EXTERNAL TABLE EXT_COLUMN_METADATA_ ( "column_id" VARCHAR AS (VALUE:"column_id"::VARCHAR), "data_source_id" NUMBER AS (VALUE:"data_source_id"::NUMBER), "column_name" VARCHAR AS (VALUE:"column_name"::VARCHAR), "column_description" VARCHAR AS (VALUE:"column_description"::VARCHAR), "column_data_type" VARCHAR AS (VALUE:"column_data_type"::VARCHAR), "export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ) ) LOCATION = @/column-metadata// FILE_FORMAT = AUTO_REFRESH = TRUE; ```
## `user-metadata` This table contains one row per unique user.
Field nameAbstract data typeNullableDescription
user_idString (UTF-8)NoUnique identifier for the user within the source system.
global_user_idString (UTF-8)NoUniversally unique identifier (UUID) for the user across all systems.
emailString (UTF-8)YesPrimary email address associated with the user profile.
identity_sourceString (UTF-8)NoThe originating source of the user identity (e.g., Okta, LDAP, System).
global_permissionsList<String>YesCollection of global permissions assigned to the user.
group_nameString (UTF-8)YesName of the organizational group or team the user belongs to.
attribute_keyString (UTF-8)YesThe key/name for a specific user metadata attribute.
attribute_valueString (UTF-8)YesThe specific value assigned to the attribute key.
sourceString (UTF-8)NoDescribes if the attribute comes from a group or direct assignment.
associationString (UTF-8)NoDescribes how the user is linked to the group or attribute (e.g., Direct, Inherited).
export_dateTimestampNoThe timestamp when this metadata record was exported.
Example: To create a Snowflake external table for the user-metadata file: ```sql CREATE OR REPLACE EXTERNAL TABLE EXT_USER_METADATA_ ( "user_id" VARCHAR AS (VALUE:"user_id"::VARCHAR), "global_user_id" VARCHAR AS (VALUE:"global_user_id"::VARCHAR), "email" VARCHAR AS (VALUE:"email"::VARCHAR), "identity_source" VARCHAR AS (VALUE:"identity_source"::VARCHAR), "global_permissions" ARRAY AS (VALUE:"global_permissions"::ARRAY), -- List "group_name" VARCHAR AS (VALUE:"group_name"::VARCHAR), "attribute_key" VARCHAR AS (VALUE:"attribute_key"::VARCHAR), "attribute_value" VARCHAR AS (VALUE:"attribute_value"::VARCHAR), "source" VARCHAR AS (VALUE:"source"::VARCHAR), "association" VARCHAR AS (VALUE:"association"::VARCHAR), "export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ) ) LOCATION = @/user-metadata// FILE_FORMAT = AUTO_REFRESH = TRUE; ```
## `tag-metadata` [**Updated table**](#user-content-fn-1)[^1] This table contains one row per unique tag applied to a data object.
Field nameAbstract data typeNullableDescription
tag_nameString (UTF-8)NoThe name of the tag applied to the data object.
tag_descriptionString (UTF-8)YesDetailed description of the tag's purpose or meaning.
target_id
New		String (UTF-8)NoThe ID of the data source or column depending on the target type
target_type
Updated		String (UTF-8)NoDistinguishes between DATA_SOURCE level and COLUMN level tags.
sourceString (UTF-8)NoThe system or component that generated the tag metadata (e.g., marketplace, collibra, databricksUnityCatalog).
contextString (UTF-8)NoThe approach used to create the tag (e.g., catalog, sdd, schemaEvolution, marketplace).
as_ofTimestampNoWhen the tag was added.
export_dateTimestampNoThe timestamp when this metadata record was exported.
Example: To create a Snowflake external table for the tag-metadata file: ```sql CREATE OR REPLACE EXTERNAL TABLE EXT_TAG_METADATA_ ( "tag_name" VARCHAR AS (VALUE:"tag_name"::VARCHAR), "tag_description" VARCHAR AS (VALUE:"tag_description"::VARCHAR), "target_id" VARCHAR AS (VALUE:"target_id"::VARCHAR), "target_type" VARCHAR AS (VALUE:"target_type"::VARCHAR), "source" VARCHAR AS (VALUE:"source"::VARCHAR), "context" VARCHAR AS (VALUE:"context"::VARCHAR), "as_of" TIMESTAMP_NTZ AS (VALUE:"as_of"::TIMESTAMP_NTZ), "export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ) ) LOCATION = @/tag-metadata// FILE_FORMAT = AUTO_REFRESH = TRUE; ```
## `policy-outcomes` **Updated table** This table contains one row per unique instance where a user gained access to a data object through an Immuta policy.
Field nameAbstract data typeNullableDescription
global_user_idString (UTF-8)NoUniversally unique identifier (UUID) for the user whose access is determined by these policies.
data_source_idInteger (BigInt)NoUnique numerical identifier for the data source on which the policies were applied.
column_id
New		String (UTF-8)YesUnique numerical identifier for the data source on which the reveal policies were applied. Note this is not supported yet and will always be null.
policy_idsList<Integer (BigInt)>YesA collection of unique identifiers for all policies that contributed to the final access outcome.
merged_policyString (UTF-8)YesThe combined boolean logic resulting from merging multiple policies.
is_ownerBooleanNoFlag indicating if the user is an owner of the resource, which carries additional power.
sourceString (UTF-8)NoIf the user was added manually or via the policy.
export_dateTimestampNoThe timestamp when this metadata record was exported.
Example: To create a Snowflake external table for the policy-outcomes file: ```sql CREATE OR REPLACE EXTERNAL TABLE EXT_POLICY_OUTCOMES_ ( "global_user_id" VARCHAR AS (VALUE:"global_user_id"::VARCHAR), "data_source_id" NUMBER AS (VALUE:"data_source_id"::NUMBER), "column_id" VARCHAR AS (VALUE:"column_id"::VARCHAR), "policy_ids" ARRAY AS (VALUE:"policy_ids"::ARRAY), "merged_policy" VARCHAR AS (VALUE:"merged_policy"::VARCHAR), "is_owner" BOOLEAN AS (VALUE:"is_owner"::BOOLEAN), "source" VARCHAR AS (VALUE:"source"::VARCHAR), "export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ) ) LOCATION = @/policy-outcomes// FILE_FORMAT = AUTO_REFRESH = TRUE; ```
## `domain-metadata` This table contains one row per unique domain.
Field nameAbstract data typeNullableDescription
idString (UTF-8)NoUnique identifier for the domain.
nameString (UTF-8)NoThe display name of the domain.
descriptionString (UTF-8)YesDetailed description of the domain.
creator_global_user_idString (UTF-8)NoThe universally unique identifier (UUID) of the user who created the domain.
data_source_idInteger (BigInt)NoThe unique numerical ID of the data source associated with this domain.
privileged_userString (UTF-8)NoThe identity of the user with elevated administrative rights over the domain.
permissionsList<String>NoA collection of access rights or roles specifically granted within this domain.
export_dateTimestampNoThe timestamp when this metadata record was exported.
Example: To create a Snowflake external table for the domain-metadata file: ```sql CREATE OR REPLACE EXTERNAL TABLE EXT_DOMAIN_METADATA_ ( "id" VARCHAR AS (VALUE:"id"::VARCHAR), "name" VARCHAR AS (VALUE:"name"::VARCHAR), "description" VARCHAR AS (VALUE:"description"::VARCHAR), "creator_global_user_id" VARCHAR AS (VALUE:"creator_global_user_id"::VARCHAR), "data_source_id" NUMBER AS (VALUE:"data_source_id"::NUMBER), "privileged_user" VARCHAR AS (VALUE:"privileged_user"::VARCHAR), "permissions" ARRAY AS (VALUE:"permissions"::ARRAY), -- List "export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ) ) LOCATION = @/domain-metadata// FILE_FORMAT = AUTO_REFRESH = TRUE; ```
## `access-requests` **New table** This table contains one row per unique access request made in the Request app.
Field nameAbstract data typeNullableDescription
request_idString (UTF-8)NoUniversally unique identifier (UUID) for the access request.
global_user_idString (UTF-8)NoUniversally unique identifier (UUID) for the user who will gain access from the request.
global_requestor_idString (UTF-8)NoUniversally unique identifier (UUID) for the user who made the access request.
target_idString (UTF-8)NoThe ID of the data product, data source, or column that is being requested.
target_typeString (UTF-8)NoThe type of target being requested. Options are DATA_SOURCE, COLUMN, or DATA_PRODUCT.
request_dateTimestampNoThe timestamp when the request was made.
request_responsesString (UTF-8)NoThe responses the user submitted when making the access request.
request_form_idString (UTF-8)NoThe globally unique identifier of the request form.
final_determination_dateTimestampNoThe timestamp when the final determination was made.
determinationString (UTF-8)NoThe determination of the request. Options are PENDING, APPROVED, DENIED, REVOKED, CANCELED, or EXPIRED.
expiration_dateTimestampYesThe timestamp when the request expires if it is a temporary request.
export_dateTimestampNoThe timestamp when this metadata record was exported.
Example: To create a Snowflake external table for the access-requests file: ```sql CREATE OR REPLACE EXTERNAL TABLE EXT_ACCESS_REQUESTS_ ( "request_id" VARCHAR AS (VALUE:"request_id"::VARCHAR), "global_user_id" VARCHAR AS (VALUE:"global_user_id"::VARCHAR), "global_requestor_id" VARCHAR AS (VALUE:"global_requestor_id"::VARCHAR), "target_id" VARCHAR AS (VALUE:"target_id"::VARCHAR), "target_type" VARCHAR AS (VALUE:"target_type"::VARCHAR), "request_responses" VARCHAR AS (VALUE:"request_responses"::VARCHAR), "request_form_id" VARCHAR AS (VALUE: "request_form_id"::VARCHAR), "determination" VARCHAR AS (VALUE: "determination"::VARCHAR), "request_date" TIMESTAMP_NTZ AS (VALUE:"request_date"::TIMESTAMP_NTZ), "expiration_date" TIMESTAMP_NTZ AS (VALUE: "expiration_date"::TIMESTAMP_NTZ), "final_determination_date" TIMESTAMP_NTZ AS (VALUE: "final_determination_date"::TIMESTAMP_NTZ), "export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ) ) LOCATION = @/access-requests// FILE_FORMAT = AUTO_REFRESH = TRUE; ```
## `request-determinations` **New table** This table contains one row per unique user or group that had to review an access request made in the Request app.
Field nameAbstract data typeNullableDescription
approval_idString (UTF-8)NoThe globally unique identifier of the approval record.
request_idString (UTF-8)NoUniversally unique identifier (UUID) for the access request.
global_reviewer_idString (UTF-8)YesUniversally unique identifier (UUID) for the user who reviewed the request.
reviewer_sourceString (UTF-8)YesThe condition the reviewer met to be a reviewer for the request.
reviewer_determinationString (UTF-8)NoThe determination of the reviewer. Options include PENDING, APPROVED, DENIED, and CANCELED.
determination_dateTimestampYesThe timestamp when the determination was made.
justificationString (UTF-8)YesThe justification for the determination.
statusString (UTF-8)NoWhether the determination is still pending or completed. Options include WAITING and COMPLETED.
pending_reviewersString (UTF-8)NoIf the determination is still pending, a JSON array of the reviewers.
export_dateTimestampNoThe timestamp when this metadata record was exported.
Example: To create a Snowflake external table for the request-determinations file: ```sql CREATE OR REPLACE EXTERNAL TABLE EXT_REQUEST_DETERMINATIONS_ ( "approval_id" VARCHAR AS (VALUE:"approval_id"::VARCHAR), "request_id" VARCHAR AS (VALUE:"request_id"::VARCHAR), "global_reviewer_id" VARCHAR AS (VALUE:"global_reviewer_id"::VARCHAR), "reviewer_source" VARCHAR AS (VALUE:"reviewer_source"::VARCHAR), "reviewer_determination" VARCHAR AS (VALUE:"reviewer_determination"::VARCHAR), "justification" VARCHAR AS (VALUE:"justification"::VARCHAR), "status" VARCHAR AS (VALUE: "status"::VARCHAR), "pending_reviewers" VARCHAR AS (VALUE: "pending_reviewers"::VARCHAR), "determination_date" TIMESTAMP_NTZ AS (VALUE:"determination_date"::TIMESTAMP_NTZ), "export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ) ) LOCATION = @/request-determinations// FILE_FORMAT = AUTO_REFRESH = TRUE; ```
## `request-duas` **New table** This table contains one row per unique access request that is linked to a data use agreement (DUA).
Field nameAbstract data typeNullableDescription
request_idString (UTF-8)NoUniversally unique identifier (UUID) for the access request.
dua_idString (UTF-8)NoThe globally unique identifier of the DUA.
nameString (UTF-8)NoThe name of the DUA.
export_dateTimestampNoThe timestamp when this metadata record was exported.
Example: To create a Snowflake external table for the request-duas file: ```sql CREATE OR REPLACE EXTERNAL TABLE EXT_REQUEST_DUAS_ ( "request_id" VARCHAR AS (VALUE:"request_id"::VARCHAR), "dua_id" VARCHAR AS (VALUE:"dua_id"::VARCHAR), "name" VARCHAR AS (VALUE:"name"::VARCHAR), "export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ) ) LOCATION = @/request-duas// FILE_FORMAT = AUTO_REFRESH = TRUE; ```
## `data-products` **New table** This table contains one row per unique data product.
Field nameAbstract data typeNullableDescription
data_product_idString (UTF-8)NoThe globally unique identifier of the data product.
data_product_nameString (UTF-8)NoThe name of the data product.
data_product_domainString (UTF-8)NoThe ID of the domain associated with the data product.
data_product_descriptionString (UTF-8)YesThe description of the data product.
data_product_creatorString (UTF-8)NoThe universally unique identifier (UUID) for the user who registered the data product.
data_product_smesList [String (UTF-8)]YesA list of the universally unique identifiers (UUID) for the subject matter experts for the data product.
data_product_suspendedBooleanNoWhether the data product is currently suspended.
export_dateTimestampNoThe timestamp when this metadata record was exported.
Example: To create a Snowflake external table for the data-products file: ```sql CREATE OR REPLACE EXTERNAL TABLE EXT_DATA_PRODUCTS_ ( "data_product_id" VARCHAR AS (VALUE:"data_product_id"::VARCHAR), "data_product_name" VARCHAR AS (VALUE:"data_product_name"::VARCHAR), "data_product_domain" VARCHAR AS (VALUE:"data_product_domain"::VARCHAR), "data_product_description" VARCHAR AS (VALUE:"data_product_description"::VARCHAR), "data_product_creator" VARCHAR AS (VALUE:"data_product_creator"::VARCHAR), "data_product_smes" VARCHAR AS (VALUE:"data_product_smes"::VARCHAR), "data_product_suspended" BOOLEAN AS (VALUE: "data_product_suspended"::BOOLEAN), "export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ) ) LOCATION = @/data-products// FILE_FORMAT = AUTO_REFRESH = TRUE; ```
## `data-product-assets` **New table** This table contains one row per data source within a data product.
Field nameAbstract data typeNullableDescription
data_product_idString (UTF-8)NoThe globally unique identifier of the data product.
data_source_idString (UTF-8)NoThe unique numerical ID of the data source associated with this data product.
export_dateTimestampNoThe timestamp when this metadata record was exported.
Example: To create a Snowflake external table for the data-product-assets file: ```sql CREATE OR REPLACE EXTERNAL TABLE EXT_DATA_PRODUCT_ASSETS_ ( "data_product_id" VARCHAR AS (VALUE:"data_product_id"::VARCHAR), "data_source_id" VARCHAR AS (VALUE:"data_source_id"::VARCHAR), "export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ) ) LOCATION = @/data-product-assets// FILE_FORMAT = AUTO_REFRESH = TRUE; ```
## Possible joins | Relationship | Join key(s) | | --------------------------------- | ------------------------------------------ | | Users to policy outcomes | `global_user_id` | | Policy outcomes to policy details | `policy_ids` ←→ `policy_id` | | Data sources to tags | `data_source_id` | | Domains to data sources | `data_source_id` | | Users to policy authorship | `global_user_id` ←→ `owner_global_user_id` | | Data sources in a data product | `data_product_id` |
[^1]: The following fields were removed: data\_source, data\_source\_id, data\_source\_description, is\_enabled, column\_description, data\_source\_type, technology, and connection. [^2]: Previously `tag_type` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://documentation.immuta.com/saas/govern/detect-your-data/access-summary-export/latest-access-summary-export-schema-reference-guide.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.