Getting Started with Immuta's Request Application
Immuta's Request app helps organizations streamline data access requests and approvals, at both the table- and column-level. By replacing ticketing systems, fragmented workflows, and manual grants, the Request app delivers secure, self-service access to datasets, while governance teams maintain complete visibility, control, and auditability.
Business users can easily discover and request access to data products, and organizations can enforce consistent, auditable workflows for access approvals. This approach reduces operational overhead, accelerates insights, and ensures compliance as your data ecosystem grows.
This guide gives Immuta users a clear path to
Provision secure, auditable access to datasets.
Delegate governance responsibilities closer to business domains.
Accelerate time-to-data for analysts and data consumers.
If your data platforms and users are connected to Immuta, you’re ready to publish data products and operationalize governed self-service—whether setting up the Request app for the first time or expanding it across business units.
Identify where the Request app adds value
Start by evaluating where Immuta's Request app can deliver the most impact across your organization. Focus on:
High volumes of access requests currently handled through tickets or manual grants.
Teams with time-bound access needs (e.g., contractors or short-term projects).
Datasets already protected by policies (e.g., masking PII) that could be safely shared more broadly.
Use cases where users need temporary, scoped unmasking of sensitive fields, rather than full unrestricted access.
Over-provisioned access that can be reduced through more precise access controls.
Diverse datasets requiring custom access workflows (e.g., the approval flow for HR is very different from Finance or Marketing).
Engaged teams ready to participate in streamlined access workflows.
Example use cases
Enable temporary unmasking for investigative or support use cases
Certain teams—such as customer support, fraud, or compliance—occasionally need to view sensitive fields in clear text to resolve specific issues or investigations. Granting permanent, broad unmasked access increases risk and administrative overhead. With Immuta’s Request app, users can request time-bound, scoped unmasking of columns. Requests are routed through the appropriate approvers, automatically expire, and are fully audited, allowing teams to do their jobs effectively while maintaining strict data protection controls.
Automate contractor access with built-in expiration
Contractors often receive manual, open-ended access that’s hard to track and revoke. The Request app streamlines requests, enforces time-bound access with auto-expiration, and gives governance teams clear visibility into who has access and when.
Streamline approvals for recurring finance reporting requests
Regional analysts frequently request access to financial summary tables for quarterly reporting, creating repetitive work for approvers. With Immuta's Request app, access requests are routed directly to designated approvers, accelerating turnaround times while maintaining oversight through fully auditable workflows.
Automate recertification for highly sensitive data
Access to highly sensitive datasets often requires periodic recertification to ensure only authorized users retain access. Manual recertification processes are time-consuming and error-prone. Immuta enforces time-bound access with auto-expiration, prompting users to re-request access when needed and giving governance teams full visibility into approvals and expirations.
Step 1: Create a domain
Domains are the foundation of federated governance in Immuta. They group related data sources and assign responsibility to the teams closest to the data. This structure decentralizes access decision-making while preserving enterprise-wide visibility and control.
To set up your domain(s) for a successful implementation of a request and approve workflow,
Use dynamic assignment Leverage metadata—such as Connections tags, catalog tags, or tags curated in Immuta—to automatically place new data sources into the right domain as they’re onboarded. This ensures governance workflows are applied consistently without manual effort.
Set user permissions strategically Assign users or groups with Manage Data Products permissions to create and publish data products from this domain. Users with Manage Data Products permission can also act as approvers for access requests if needed.
Tip: Add identifiers for sensitive data discovery and create domain-scoped data policies to align fine-grained access control with business requirements, such as masking PCI or restricting rows by location.
By completing this step, you’re laying the foundation for a seamless experience—empowering teams to manage their domains confidently while ensuring all governance actions remain fully auditable.
Learn more: Getting Started with Domains, Data Identification
Step 2: Publish a data product
By publishing a data product, you make data discoverable to business users, enable self-service requests, and establish a workflow that enforces approvals, usage agreements, and auditability. If data products include datasets with masked columns, users will be able to request access to unmask specific fields through masking exception workflows as well. This step turns static datasets into governed assets that can be shared with confidence, speeding up time-to-data while maintaining control.
To publish your data product,
Select datasources from your domain Choose one or more datasets that align with your initial use case. These should already be grouped under a domain you set up.
Add metadata for discovery Name your data product clearly and provide a description that helps consumers understand its purpose.
Customize the request workflow Define questions requestors must answer when requesting access (e.g., purpose, duration). Configure approvals to be manual, routed to approvers or reviewers, or automated for low-risk datasets. Include a data use agreement (DUA) requiring consumers to accept terms before access is granted. This helps enforce compliance expectations upfront.
Publish your data product Once configured, publish the data product to make it searchable and requestable in Immuta.
Tip: If your access strategy is based on data assets (tables, schemas, databases), you can skip data product creation and allow users to request access directly from the data platform.
By completing this step, you’re enabling governed self-service access to data sources—reducing provisioning bottlenecks and giving business users faster access to the data they need.
Learn more: Manage Data Products
Step 3: Request access to a data product
Once data products are published in the Request app, consumers can quickly find and request access without relying on tickets or manual provisioning. It streamlines the process while enforcing governance policies and approvals behind the scenes.
As a requestor,
Discover the data product in the Request app Search for the published data product to confirm it's visible and discoverable.
Submit an access request for a data product Click on the data product to review its description, metadata, and any attached DUA. Submit a request, answering any custom questions defined in the workflow.
Track your request status After submitting, you can monitor the status of your request. If configured for auto-approval, access may be granted instantly for low-risk, fully protected datasets. Otherwise, requests are routed to approvers and reviewers for evaluation.
Request a masking exception (if applicable) If the data product includes masked columns, you can submit a masking exception request to unmask specific fields. Masking exceptions follow the same request and approval workflow but are reviewed and approved separately from data product access.
Tip: If users already discover data products in your data catalog, enable catalog coexistence to let users request access from the catalog while Immuta provisions approved access.
By completing this step, you validate that business users can access curated datasets quickly and that compliance requirements are communicated upfront through the request process.
Learn more: Requesting Access to a Data Product
Step 4: Make a determination on an access request
When a requestor submits an access request, Immuta routes the request to the designated approver(s). Depending on your organization’s workflow, additional reviewers may assist in evaluating the request.
As an approver,
Review access requests In the Request app, view all pending requests for data products within your domain.
Approve or deny requests with confidence Click on a request to view the requestor’s responses to workflow questions and any attached DUA. Approve the request to grant access or deny it if it doesn’t meet governance requirements.
Automate approvals for low-risk data If the data product was configured for auto-approval, requests are granted instantly—reducing manual workload.
By completing this step, you’ll see how access decisions are made efficiently while maintaining oversight and full auditability.
Learn more: View and Respond to Access Requests
Next steps: expand usage of the Request app
As you publish more data products, Immuta's Request app becomes a central hub for governed self-service across your organization.
Onboard additional domains and datasets for other business units.
Delegate approvers and reviewers to relevant business workflows.
Automate approvals for low-risk, fully protected datasets.
Monitor usage with audit logs to refine governance over time.
Last updated
Was this helpful?