SaaS
Search powered by AI

Data Source Access Status

Private preview: The Marketplace app is available to select accounts. Reach out to your Immuta representative for details.

When viewing a data product, among other metadata, you are presented details about the data objects you will be able to query if approved:

  • The data product's data sources (tables, views, files)

  • Your Access Status to each of those data sources

Understanding data source access status

There are three possible access statuses for the data sources in a data product:

  1. Current access: You already have access to this data source through existing policies or a data product approval.

  2. Access if approved: You will gain access to this data source should you request access and it is approved.

  3. Access prevented: There are existing required policies on this data source which you do not meet.

Note: It is still worth requesting access to a data product even if the user has access to all the data sources it contains because new data sources may be added later which they do not have birthright access to. In this case, if approved to the data product, they will gain access to the new data sources as soon as they are added to the data product.

Access prevented status

Just because a data consumer is approved to a data product does not necessarily mean they will gain access to every data source in that data product. If there are existing birthright policies created through the Governance app on those data sources that the requesting user does not meet, and if those policies are always required, the user cannot gain access to those policy-protected data sources in the data product, even if approved.

For example, there may be sensitive employee salary data in a data source. Because of that, there is a birthright subscription policy created through the Governance app on that data source that states:

Only members of group HR can access this data source. Always required.

This is effective; it provides global governance a guarantee that nobody can bypass policies on extremely sensitive data sources.

If that data source is now made part of a data product, the requesting user must be a member of group HR to gain access to that particular data source in the data product, even if approved to the data product. Should that policy change in a way that the user now meets the requirements or the user is added to group HR, Immuta will react by updating the access, giving the user access to that particular data source.

What happens once approved?

If approved, Immuta will auto-provision access in the data platforms to the data sources in the data product. This provisioning is represented as an understandable and scalable Immuta policy which will be combined with existing birthright policies, if any.

If approved, the user's Access Status will be updated:

  • Current access —> Current access

  • Access if approved —> Current access

  • Access prevented —> Access prevented

PreviousReference GuideNextShort-Term Limitations

Last updated

Was this helpful?