Manage User Metadata How-to Guide
1 - Manage user metadata how-to guide
Before authoring global subscription policies to automate access controls, user metadata must exist in Immuta so that it can be used in the policy to identify the users that should be granted or revoked access to data.
This how-to guide demonstrates how to manually add groups and attributes or use existing groups in external identity managers to identify users that should be targeted by a subscription policy.
For detailed explanations and examples of how to manage user metadata, see the Managing user metadata guide.
Requirements
Immuta permission: USER_ADMIN
Prerequisite
Identity access manager configured
Select your metadata strategy
Fact-based (ABAC): Use this strategy if you have that determine access.
Logic-based (orchestrated RBAC): Use this strategy if a determines access.
Organize your user metadata
Add user metadata to Immuta
Once you've organized your user metadata, you can add that metadata in Immuta in these ways:
Add attributes and groups to users in your identity manager. Then, sync your users, groups, and attributes from your external identity manager to Immuta:
LDAP: Enable LDAP sync and sync groups and attributes to Immuta for your provider.
OpenID Connect or SAML: Enable SCIM for your provider and enable sync attributes and groups.
Next steps
Learn
Read these guides to learn more about using Immuta to automate data access control decisions.
Choose your path: orchestrated RBAC and ABAC: This section describes the two different approaches (or mix) you can take to managing policy and their tradeoffs.
Managing data metadata: This guide describes how to manage your data metadata and create meaningful tags before you use them to author policies.
Author policy: This guide describes how to define your global subscription policy logic.
Implement
Follow these guides to start using Immuta to automate data access control decisions.
Manage data metadata. Tag your columns with tags that are meaningful.
Author policy. Define your global subscription policy logic.
Optionally test and deploy policy.
Last updated
Was this helpful?