PrPr 1 - Access Summary Export Schema

Version: prpr1

When creating external tables from this schema, create a view on top of them for data consumers so that you can more easily manage data model version changes. For more details, see the Access summary export page.

`policy-metadata`

Field name

Abstract data type

Nullability

Description

who

String (UTF-8)

NOT NULL

The attribute(s) or group(s) the policy targets.

object

String (UTF-8)

NOT NULL

Tag(s) the policy targets.

access_type

String (UTF-8)

NOT NULL

The type of subscription policy: GRANT or GUARDRAIL

policy

String (UTF-8)

NOT NULL

Immuta policy expression.

scope

String (UTF-8)

NOT NULL

The type of access policy: READ or WRITE

policy_id

Integer (BigInt)

NOT NULL

Unique numerical identifier for the specific policy.

policy_name

String (UTF-8)

NOT NULL

The human-readable name of the policy.

creation_date

Timestamp

NOT NULL

The point-in-time when the access policy or record was originally created.

owner

String (UTF-8)

NOT NULL

The username or display name of the policy owner.

owner_global_user_id

String (UTF-8)

NOT NULL

The universally unique identifier (UUID) for the policy owner.

link

String (UTF-8)

NOT NULL

A URL or URI providing a direct reference to the policy or resource.

source

String (UTF-8)

NOT NULL

The source of the policy.

export_date

Timestamp

NOT NULL

The timestamp when this metadata record was exported.

Example: To create a Snowflake external table for the policy-metadata file:

CREATE OR REPLACE EXTERNAL TABLE EXT_POLICY_METADATA_<version> (
    "who"                  VARCHAR AS (VALUE:"who"::VARCHAR),
    "object"               VARCHAR AS (VALUE:"object"::VARCHAR),
    "access_type"          VARCHAR AS (VALUE:"access_type"::VARCHAR),
    "policy"               VARCHAR AS (VALUE:"policy"::VARCHAR),
    "scope"                VARCHAR AS (VALUE:"scope"::VARCHAR),
    "policy_id"            NUMBER  AS (VALUE:"policy_id"::NUMBER),
    "policy_name"          VARCHAR AS (VALUE:"policy_name"::VARCHAR),
    "creation_date"        TIMESTAMP_NTZ AS (VALUE:"creation_date"::TIMESTAMP_NTZ),
    "owner"                VARCHAR AS (VALUE:"owner"::VARCHAR),
    "owner_global_user_id" VARCHAR AS (VALUE:"owner_global_user_id"::VARCHAR),
    "link"                 VARCHAR AS (VALUE:"link"::VARCHAR),
    "source"               VARCHAR AS (VALUE:"source"::VARCHAR),
    "export_date"          TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ)
)
LOCATION = @<your-stage>/policy-metadata/<version>/
FILE_FORMAT = <your-format>
AUTO_REFRESH = TRUE;

`user-metadata`

Field name

Abstract data type

Nullability

Description

user_id

String (UTF-8)

NOT NULL

Unique identifier for the user within the source system.

global_user_id

String (UTF-8)

NOT NULL

Universally unique identifier (UUID) for the user across all systems.

email

String (UTF-8)

NULL

Primary email address associated with the user profile.

identity_source

String (UTF-8)

NOT NULL

The originating source of the user identity (e.g., Okta, LDAP, System).

global_permissions

List<String>

NULL

Collection of global permissions assigned to the user.

group_name

String (UTF-8)

NULL

Name of the organizational group or team the user belongs to.

attribute_key

String (UTF-8)

NULL

The key/name for a specific user metadata attribute.

attribute_value

String (UTF-8)

NULL

The specific value assigned to the attribute key.

source

String (UTF-8)

NOT NULL

Describes if the attribute comes from a group or direct assignment.

association

String (UTF-8)

NOT NULL

Describes how the user is linked to the group or attribute (e.g., Direct, Inherited).

export_date

Timestamp

NOT NULL

The timestamp when this metadata record was exported.

Example: To create a Snowflake external table for the user-metadata file:

CREATE OR REPLACE EXTERNAL TABLE EXT_USER_METADATA_<version> (
    "user_id"            VARCHAR AS (VALUE:"user_id"::VARCHAR),
    "global_user_id"     VARCHAR AS (VALUE:"global_user_id"::VARCHAR),
    "email"              VARCHAR AS (VALUE:"email"::VARCHAR),
    "identity_source"    VARCHAR AS (VALUE:"identity_source"::VARCHAR),
    "global_permissions" ARRAY   AS (VALUE:"global_permissions"::ARRAY), -- List<String>
    "group_name"         VARCHAR AS (VALUE:"group_name"::VARCHAR),
    "attribute_key"      VARCHAR AS (VALUE:"attribute_key"::VARCHAR),
    "attribute_value"    VARCHAR AS (VALUE:"attribute_value"::VARCHAR),
    "source"             VARCHAR AS (VALUE:"source"::VARCHAR),
    "association"        VARCHAR AS (VALUE:"association"::VARCHAR),
    "export_date"        TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ)
)
LOCATION = @<your-stage>/user-metadata/<version>/
FILE_FORMAT = <your-format>
AUTO_REFRESH = TRUE;

`tag-metadata`

Field name

Abstract data type

Nullability

Description

tag_name

String (UTF-8)

NOT NULL

The name of the tag applied to the data object.

tag_description

String (UTF-8)

NULL

Detailed description of the tag's purpose or meaning.

tag_type

String (UTF-8)

NOT NULL

Distinguishes between DATA_SOURCE level and COLUMN level tags.

source

String (UTF-8)

NOT NULL

The system or component that generated the tag metadata (e.g., marketplace, collibra, databricksUnityCatalog).

context

String (UTF-8)

NOT NULL

The approach used to create the tag (e.g., catalog, sdd, schemaEvolution, marketplace).

as_of

Timestamp

NOT NULL

When the tag was added.

data_source

String (UTF-8)

NOT NULL

The name of the data source (e.g., table or object name).

data_source_id

Integer (BigInt)

NOT NULL

Unique numerical ID for the data source system.

data_source_description

String (UTF-8)

NULL

Detailed description of the data source whose column is tagged.

is_enabled

Boolean

NOT NULL

A boolean flag indicating if the data source the tag is applied to is currently enabled.

column_description

String (UTF-8)

NULL

Detailed description of the specific column being tagged.

data_source_type

String (UTF-8)

NOT NULL

The native data type of the column in the source system.

technology

String (UTF-8)

NOT NULL

The platform type (e.g., Snowflake, S3, Azure SQL).

connection

String (UTF-8)

NULL

Connection identifier in Immuta.

export_date

Timestamp

NOT NULL

The timestamp when this metadata record was exported.

Example: To create a Snowflake external table for the tag-metadata file:

CREATE OR REPLACE EXTERNAL TABLE EXT_TAG_METADATA_<version> (
    "tag_name"                VARCHAR AS (VALUE:"tag_name"::VARCHAR),
    "tag_description"         VARCHAR AS (VALUE:"tag_description"::VARCHAR),
    "tag_type"                VARCHAR AS (VALUE:"tag_type"::VARCHAR),
    "source"                  VARCHAR AS (VALUE:"source"::VARCHAR),
    "context"                 VARCHAR AS (VALUE:"context"::VARCHAR),
    "as_of"                   TIMESTAMP_NTZ AS (VALUE:"as_of"::TIMESTAMP_NTZ),
    "data_source"             VARCHAR AS (VALUE:"data_source"::VARCHAR),
    "data_source_id"          NUMBER  AS (VALUE:"data_source_id"::NUMBER),
    "data_source_description" VARCHAR AS (VALUE:"data_source_description"::VARCHAR),
    "is_enabled"              BOOLEAN AS (VALUE:"is_enabled"::BOOLEAN),
    "column_description"      VARCHAR AS (VALUE:"column_description"::VARCHAR),
    "data_source_type"        VARCHAR AS (VALUE:"data_source_type"::VARCHAR),
    "technology"              VARCHAR AS (VALUE:"technology"::VARCHAR),
    "connection"              VARCHAR AS (VALUE:"connection"::VARCHAR),
    "export_date"             TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ)
)
LOCATION = @<your-stage>/tag-metadata/<version>/
FILE_FORMAT = <your-format>
AUTO_REFRESH = TRUE;

`policy-outcomes`

Field name

Abstract data type

Nullability

Description

global_user_id

String (UTF-8)

NOT NULL

Universally unique identifier (UUID) for the user whose access is determined by these policies.

data_source_id

Integer (BigInt)

NOT NULL

Unique numerical identifier for the data source on which the policies were applied.

policy_ids

List<Integer (BigInt)>

NULL

A collection of unique identifiers for all policies that contributed to the final access outcome.

merged_policy

String (UTF-8)

NULL

The combined boolean logic resulting from merging multiple policies.

is_owner

Boolean

NOT NULL

Flag indicating if the user is an owner of the resource, which carries additional power.

source

String (UTF-8)

NOT NULL

If the user was added manually or via the policy.

export_date

Timestamp

NOT NULL

The timestamp when this metadata record was exported.

Example: To create a Snowflake external table for the policy-outcomes file:

CREATE OR REPLACE EXTERNAL TABLE EXT_POLICY_OUTCOMES_<version> (
    "global_user_id" VARCHAR AS (VALUE:"global_user_id"::VARCHAR),
    "data_source_id" NUMBER  AS (VALUE:"data_source_id"::NUMBER),
    "policy_ids"     ARRAY   AS (VALUE:"policy_ids"::ARRAY), -- List<Integer>
    "merged_policy"  VARCHAR AS (VALUE:"merged_policy"::VARCHAR),
    "is_owner"       BOOLEAN AS (VALUE:"is_owner"::BOOLEAN),
    "source"         VARCHAR AS (VALUE:"source"::VARCHAR),
    "export_date"    TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ)
)
LOCATION = @<your-stage>/policy-outcomes/<version>/
FILE_FORMAT = <your-format>
AUTO_REFRESH = TRUE;

`domain-metadata`

Field name

Abstract data type

Nullability

Description

id

String (UTF-8)

NOT NULL

Unique identifier for the domain.

name

String (UTF-8)

NOT NULL

The display name of the domain.

description

String (UTF-8)

NULL

Detailed description of the domain.

creator_global_user_id

String (UTF-8)

NOT NULL

The universally unique identifier (UUID) of the user who created the domain.

data_source_id

Integer (BigInt)

NOT NULL

The unique numerical ID of the data source associated with this domain.

privileged_user

String (UTF-8)

NOT NULL

The identity of the user with elevated administrative rights over the domain.

permissions

List<String>

NOT NULL

A collection of access rights or roles specifically granted within this domain.

export_date

Timestamp

NOT NULL

The timestamp when this metadata record was exported.

Example: To create a Snowflake external table for the domain-metadata file:

CREATE OR REPLACE EXTERNAL TABLE EXT_DOMAIN_METADATA_<version> (
    "id"                     VARCHAR AS (VALUE:"id"::VARCHAR),
    "name"                   VARCHAR AS (VALUE:"name"::VARCHAR),
    "description"            VARCHAR AS (VALUE:"description"::VARCHAR),
    "creator_global_user_id" VARCHAR AS (VALUE:"creator_global_user_id"::VARCHAR),
    "data_source_id"         NUMBER  AS (VALUE:"data_source_id"::NUMBER),
    "privileged_user"        VARCHAR AS (VALUE:"privileged_user"::VARCHAR),
    "permissions"            ARRAY   AS (VALUE:"permissions"::ARRAY), -- List<String>
    "export_date"            TIMESTAMP_NTZ AS (VALUE:"export_date"::TIMESTAMP_NTZ)
)
LOCATION = @<your-stage>/domain-metadata/<version>/
FILE_FORMAT = <your-format>
AUTO_REFRESH = TRUE;

Possible joins

Relationship

Join key(s)

Users to realized access

global_user_id

Realized access to policy details

policy_ids ←→ policy_id

Data sources to tags

data_source_id

Domains to data sources

data_source_id

Users to policy authorship

global_user_id ←→ owner_global_user_id

PreviousLatest Access Summary Export Schema Reference Guide NextEarly Access Data Model Changes

Last updated 27 days ago

Was this helpful?

Good evening

hashtagpolicy-metadata

hashtaguser-metadata

hashtagtag-metadata

hashtagpolicy-outcomes

hashtagdomain-metadata

hashtagPossible joins

`policy-metadata`

`user-metadata`

`tag-metadata`

`policy-outcomes`

`domain-metadata`

Possible joins