Author Policy How-to Guide
3 - Author policy how-to guide
Authoring global subscription policies to automate access controls involves using the data metadata and user metadata in Immuta to identify the data that should be governed and the users the policy should target.
This how-to guide demonstrates how to author a global subscription policy in Immuta to automat access decisions.
For detailed explanations and examples of how to author subscription policies, see the Author policy guide.
Requirements
Immuta permission: GOVERNANCE
global permission, Manage Policies
domain permission, or own the data source
Prerequisites
Understand your metadata
How you author policies is dictated by how your user and data metadata is organized to grant access:
Fact-based (ABAC): determine access, and data sources are tagged at the column and table level.
Logic-based (orchestrated RBAC): A determines access, and data sources are tagged at the table level. With orchestrated RBAC you have established one-to-one relationships with how your users are tagged (attribute or group) and what that single tag explicitly gives them access to.
Author a subscription policy
Next steps
Learn
Explore this use case to learn more about using Immuta to mask sensitive data.
Compliantly open more sensitive data for ML and analytics: This section focuses on how to safely and compliantly open more sensitive data for your organization to support machine learning and analytics needs.
Implement
Follow these guides to test your policies and use Immuta to enforce fine-grained access controls.
Optionally test and deploy policy.
Last updated
Was this helpful?