# PrPr 1 - Access Summary Export Schema
**Version**: `prpr1`
When creating external tables from this schema, create a view on top of them for data consumers so that you can more easily manage data model version changes. For more details, see the [Access summary export page](/saas/govern/detect-your-data/access-summary-export.md#viewing-the-export).
## `policy-metadata`
| Field name | Abstract data type | Nullability | Description |
| ---------------------- | ------------------ | ----------- | ---------------------------------------------------------------------------------------- |
| `who` | String (UTF-8) | NOT NULL | The attribute(s) or group(s) the policy targets. |
| `object` | String (UTF-8) | NOT NULL | Tag(s) the policy targets. |
| `access_type` | String (UTF-8) | NOT NULL | The type of subscription policy:
GRANT or GUARDRAIL
|
| `policy` | String (UTF-8) | NOT NULL | Immuta policy expression. |
| `scope` | String (UTF-8) | NOT NULL | The type of access policy: `READ` or `WRITE` |
| `policy_id` | Integer (BigInt) | NOT NULL | Unique numerical identifier for the specific policy. |
| `policy_name` | String (UTF-8) | NOT NULL | The human-readable name of the policy. |
| `creation_date` | Timestamp | NOT NULL | The point-in-time when the access policy or record was originally created. |
| `owner` | String (UTF-8) | NOT NULL | The username or display name of the policy owner. |
| `owner_global_user_id` | String (UTF-8) | NOT NULL | The universally unique identifier (UUID) for the policy owner. |
| `link` | String (UTF-8) | NOT NULL | A URL or URI providing a direct reference to the policy or resource. |
| `source` | String (UTF-8) | NOT NULL | The source of the policy. |
| `export_date` | Timestamp | NOT NULL | The timestamp when this metadata record was exported. |
Example: To create a Snowflake external table for the policy-metadata file:
```sql
CREATE OR REPLACE EXTERNAL TABLE EXT_POLICY_METADATA_ (
"who" VARCHAR AS (VALUE:"who"::VARCHAR),
"object" VARCHAR AS (VALUE:"object"::VARCHAR),
"access_type" VARCHAR AS (VALUE:"access_type"::VARCHAR),
"policy" VARCHAR AS (VALUE:"policy"::VARCHAR),
"scope" VARCHAR AS (VALUE:"scope"::VARCHAR),
"policy_id" NUMBER AS (VALUE:"policy_id"::NUMBER),
"policy_name" VARCHAR AS (VALUE:"policy_name"::VARCHAR),
"creation_date" TIMESTAMP_NTZ AS (VALUE:"creation_date"::TIMESTAMP_NTZ),
"owner" VARCHAR AS (VALUE:"owner"::VARCHAR),
"owner_global_user_id" VARCHAR AS (VALUE:"owner_global_user_id"::VARCHAR),
"link" VARCHAR AS (VALUE:"link"::VARCHAR),
"source" VARCHAR AS (VALUE:"source"::VARCHAR),
"export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ)
)
LOCATION = @/policy-metadata//
FILE_FORMAT =
AUTO_REFRESH = TRUE;
```
## `user-metadata`
| Field name | Abstract data type | Nullability | Description |
| -------------------- | ------------------ | ----------- | ----------------------------------------------------------------------------------------- |
| `user_id` | String (UTF-8) | NOT NULL | Unique identifier for the user within the source system. |
| `global_user_id` | String (UTF-8) | NOT NULL | Universally unique identifier (UUID) for the user across all systems. |
| `email` | String (UTF-8) | NULL | Primary email address associated with the user profile. |
| `identity_source` | String (UTF-8) | NOT NULL | The originating source of the user identity (e.g., Okta, LDAP, System). |
| `global_permissions` | List\ | NULL | Collection of global permissions assigned to the user. |
| `group_name` | String (UTF-8) | NULL | Name of the organizational group or team the user belongs to. |
| `attribute_key` | String (UTF-8) | NULL | The key/name for a specific user metadata attribute. |
| `attribute_value` | String (UTF-8) | NULL | The specific value assigned to the attribute key. |
| `source` | String (UTF-8) | NOT NULL | Describes if the attribute comes from a group or direct assignment. |
| `association` | String (UTF-8) | NOT NULL | Describes how the user is linked to the group or attribute (e.g., `Direct`, `Inherited`). |
| `export_date` | Timestamp | NOT NULL | The timestamp when this metadata record was exported. |
Example: To create a Snowflake external table for the user-metadata file:
```sql
CREATE OR REPLACE EXTERNAL TABLE EXT_USER_METADATA_ (
"user_id" VARCHAR AS (VALUE:"user_id"::VARCHAR),
"global_user_id" VARCHAR AS (VALUE:"global_user_id"::VARCHAR),
"email" VARCHAR AS (VALUE:"email"::VARCHAR),
"identity_source" VARCHAR AS (VALUE:"identity_source"::VARCHAR),
"global_permissions" ARRAY AS (VALUE:"global_permissions"::ARRAY), -- List
"group_name" VARCHAR AS (VALUE:"group_name"::VARCHAR),
"attribute_key" VARCHAR AS (VALUE:"attribute_key"::VARCHAR),
"attribute_value" VARCHAR AS (VALUE:"attribute_value"::VARCHAR),
"source" VARCHAR AS (VALUE:"source"::VARCHAR),
"association" VARCHAR AS (VALUE:"association"::VARCHAR),
"export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ)
)
LOCATION = @/user-metadata//
FILE_FORMAT =
AUTO_REFRESH = TRUE;
```
## `tag-metadata`
| Field name | Abstract data type | Nullability | Description |
| ------------------------- | ------------------ | ----------- | -------------------------------------------------------------------------------------------------------------------- |
| `tag_name` | String (UTF-8) | NOT NULL | The name of the tag applied to the data object. |
| `tag_description` | String (UTF-8) | NULL | Detailed description of the tag's purpose or meaning. |
| `tag_type` | String (UTF-8) | NOT NULL | Distinguishes between `DATA_SOURCE` level and `COLUMN` level tags. |
| `source` | String (UTF-8) | NOT NULL | The system or component that generated the tag metadata (e.g., `marketplace`, `collibra`, `databricksUnityCatalog`). |
| `context` | String (UTF-8) | NOT NULL | The approach used to create the tag (e.g., `catalog`, `sdd`, `schemaEvolution`, `marketplace`). |
| `as_of` | Timestamp | NOT NULL | When the tag was added. |
| `data_source` | String (UTF-8) | NOT NULL | The name of the data source (e.g., table or object name). |
| `data_source_id` | Integer (BigInt) | NOT NULL | Unique numerical ID for the data source system. |
| `data_source_description` | String (UTF-8) | NULL | Detailed description of the data source whose column is tagged. |
| `is_enabled` | Boolean | NOT NULL | A boolean flag indicating if the data source the tag is applied to is currently enabled. |
| `column_description` | String (UTF-8) | NULL | Detailed description of the specific column being tagged. |
| `data_source_type` | String (UTF-8) | NOT NULL | The native data type of the column in the source system. |
| `technology` | String (UTF-8) | NOT NULL | The platform type (e.g., Snowflake, S3, Azure SQL). |
| `connection` | String (UTF-8) | NULL | Connection identifier in Immuta. |
| `export_date` | Timestamp | NOT NULL | The timestamp when this metadata record was exported. |
Example: To create a Snowflake external table for the tag-metadata file:
```sql
CREATE OR REPLACE EXTERNAL TABLE EXT_TAG_METADATA_ (
"tag_name" VARCHAR AS (VALUE:"tag_name"::VARCHAR),
"tag_description" VARCHAR AS (VALUE:"tag_description"::VARCHAR),
"tag_type" VARCHAR AS (VALUE:"tag_type"::VARCHAR),
"source" VARCHAR AS (VALUE:"source"::VARCHAR),
"context" VARCHAR AS (VALUE:"context"::VARCHAR),
"as_of" TIMESTAMP_NTZ AS (VALUE:"as_of"::TIMESTAMP_NTZ),
"data_source" VARCHAR AS (VALUE:"data_source"::VARCHAR),
"data_source_id" NUMBER AS (VALUE:"data_source_id"::NUMBER),
"data_source_description" VARCHAR AS (VALUE:"data_source_description"::VARCHAR),
"is_enabled" BOOLEAN AS (VALUE:"is_enabled"::BOOLEAN),
"column_description" VARCHAR AS (VALUE:"column_description"::VARCHAR),
"data_source_type" VARCHAR AS (VALUE:"data_source_type"::VARCHAR),
"technology" VARCHAR AS (VALUE:"technology"::VARCHAR),
"connection" VARCHAR AS (VALUE:"connection"::VARCHAR),
"export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ)
)
LOCATION = @/tag-metadata//
FILE_FORMAT =
AUTO_REFRESH = TRUE;
```
## `policy-outcomes`
| Field name | Abstract data type | Nullability | Description |
| ---------------- | ----------------------- | ----------- | ------------------------------------------------------------------------------------------------- |
| `global_user_id` | String (UTF-8) | NOT NULL | Universally unique identifier (UUID) for the user whose access is determined by these policies. |
| `data_source_id` | Integer (BigInt) | NOT NULL | Unique numerical identifier for the data source on which the policies were applied. |
| `policy_ids` | List\ | NULL | A collection of unique identifiers for all policies that contributed to the final access outcome. |
| `merged_policy` | String (UTF-8) | NULL | The combined boolean logic resulting from merging multiple policies. |
| `is_owner` | Boolean | NOT NULL | Flag indicating if the user is an owner of the resource, which carries additional power. |
| `source` | String (UTF-8) | NOT NULL | If the user was added manually or via the policy. |
| `export_date` | Timestamp | NOT NULL | The timestamp when this metadata record was exported. |
Example: To create a Snowflake external table for the policy-outcomes file:
```sql
CREATE OR REPLACE EXTERNAL TABLE EXT_POLICY_OUTCOMES_ (
"global_user_id" VARCHAR AS (VALUE:"global_user_id"::VARCHAR),
"data_source_id" NUMBER AS (VALUE:"data_source_id"::NUMBER),
"policy_ids" ARRAY AS (VALUE:"policy_ids"::ARRAY), -- List
"merged_policy" VARCHAR AS (VALUE:"merged_policy"::VARCHAR),
"is_owner" BOOLEAN AS (VALUE:"is_owner"::BOOLEAN),
"source" VARCHAR AS (VALUE:"source"::VARCHAR),
"export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ)
)
LOCATION = @/policy-outcomes//
FILE_FORMAT =
AUTO_REFRESH = TRUE;
```
## `domain-metadata`
| Field name | Abstract data type | Nullability | Description |
| ------------------------ | ------------------ | ----------- | ------------------------------------------------------------------------------- |
| `id` | String (UTF-8) | NOT NULL | Unique identifier for the domain. |
| `name` | String (UTF-8) | NOT NULL | The display name of the domain. |
| `description` | String (UTF-8) | NULL | Detailed description of the domain. |
| `creator_global_user_id` | String (UTF-8) | NOT NULL | The universally unique identifier (UUID) of the user who created the domain. |
| `data_source_id` | Integer (BigInt) | NOT NULL | The unique numerical ID of the data source associated with this domain. |
| `privileged_user` | String (UTF-8) | NOT NULL | The identity of the user with elevated administrative rights over the domain. |
| `permissions` | List\ | NOT NULL | A collection of access rights or roles specifically granted within this domain. |
| `export_date` | Timestamp | NOT NULL | The timestamp when this metadata record was exported. |
Example: To create a Snowflake external table for the domain-metadata file:
```sql
CREATE OR REPLACE EXTERNAL TABLE EXT_DOMAIN_METADATA_ (
"id" VARCHAR AS (VALUE:"id"::VARCHAR),
"name" VARCHAR AS (VALUE:"name"::VARCHAR),
"description" VARCHAR AS (VALUE:"description"::VARCHAR),
"creator_global_user_id" VARCHAR AS (VALUE:"creator_global_user_id"::VARCHAR),
"data_source_id" NUMBER AS (VALUE:"data_source_id"::NUMBER),
"privileged_user" VARCHAR AS (VALUE:"privileged_user"::VARCHAR),
"permissions" ARRAY AS (VALUE:"permissions"::ARRAY), -- List
"export_date" TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ)
)
LOCATION = @/domain-metadata//
FILE_FORMAT =
AUTO_REFRESH = TRUE;
```
## Possible joins
| Relationship | Join key(s) |
| --------------------------------- | ------------------------------------------ |
| Users to realized access | `global_user_id` |
| Realized access to policy details | `policy_ids` ←→ `policy_id` |
| Data sources to tags | `data_source_id` |
| Domains to data sources | `data_source_id` |
| Users to policy authorship | `global_user_id` ←→ `owner_global_user_id` |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://documentation.immuta.com/saas/govern/detect-your-data/access-summary-export/latest-access-summary-export-schema-reference-guide/access-summary-export-schema-reference-guide.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.