Setting Up Domains for Marketplace

Typically, you would give a data product manager CREATE permission in a schema or database that they can use as their sandbox for generating new tables/views natively in their data platform using data engineering tools like dbt. Those newly generated tables/views (or even S3 objects) are what they can use as the .

You must get these new data objects from the data platform as registered in Immuta and assigned to a domain so that they can be published in data products:

• Immuta automatically registers objects through periodic polling (24 hours by default) to detect changes in the data platform and represent those changes in Immuta, as data sources. These checks can also be .

• Once the objects are registered in Immuta as data sources, they are assigned to a domain one of two ways:

  • Manually: The data source is assigned to the domain through the (or ) by a user with GOVERNANCE permission.

  • Dynamically (recommended): The data source is automatically assigned to the domain based on if it has a specific tag.

    Tags can be applied directly to the tables/views in the data platform (Snowflake and Databricks Unity Catalog only), imported from a , or applied through the Immuta UI.

See the examples in the tabs below to understand your options when dynamically assigning data sources to domains for data products

As you can see in all the examples, the GOVERNANCE user was able to still limit what data sources land in the HR Domain by limiting the scope of power where the data engineer could apply tags. In the first two examples, they are limited to applying tags only in the schema where they have CREATE permission in the data platform. In the second example, they are limited to where they can apply tags by where they were made data owners.