Short-Term Limitations
Last updated
Was this helpful?
Last updated
Was this helpful?
Marketplace is a private preview feature and has several known limitations that will be addressed by end of Q2 2025 or sooner.
Users must visit the Marketplace to see pending requests or request status. Soon notifications will be supported for email, webhooks, Teams, and Slack.
cannot be assigned to manage approvals. Only users with GOVERNANCE permission or Manage Data Product in the domain where the data product was published from can make determinations on requests. Soon assignment of data stewards will be supported.
All data products will have the same hard coded question asked of every user that requests access to it: What about your responsibilities, your use case, and this data requires you to have access to this data product?
Soon, managing the questions asked will be fully configurable and reusable, similar to data use agreements.
Currently, the only way to add data sources to a domain is by manual selection by a user with GOVERNANCE permission. This can be for ensuring new data created for data products appears in a domain so it can be published in a data product. Soon Immuta will support adding data sources to a domain by the schema or database that contains them or tags placed on them.
For example, deleting users, data sources, and domains in the Governance app can cause errors in Marketplace.
This is problematic for Marketplace because the policy that does the provisioning via Marketplace upon approval is merged with any existing subscription policies on the data sources in the data product. That means if your subscription policy is Always Required it will merge with the Marketplace policy using an AND and revoke all existing users access until they are approved through the Marketplace.
To avoid this, if you are not leveraging subscription policy merging today, convert your Allow users with specific groups/attributes subscription policies that touch data sources in your data products from Always Required to Share Responsibility.
Soon Immuta will alter this behavior in a way that allows you to keep using Always Required as normal, but not result in existing users losing access.
Subscription policy type Allow anyone who asks (and is approved) is still available, but is obsolete, because you should be doing this in Marketplace instead. If you have some of these policies, we recommend the following:
Convert the data sources the policy targets to a data product.
Publish the new data products in Marketplace to allow users to ask for access.
Delete the previous Allow anyone who asks (and is approved) subscription policy.
Subscription policy type Allow users with specific groups/attributes should still be used, but some of the settings are unnecessary with Marketplace:
Require Manual Subscription: If you are using this setting, instead use the following workaround:
Create a separate subscription policy that targets the same data sources:
The Allow users with specific groups/attributes requires you are in a group that contains no users (meaning it subscribes no one)
It is set to Share Responsibility
Uncheck the Require Manual Subscription option in the existing policy
Ensure all data sources this policy targets are published in the Marketplace in data products
Once you complete those steps, the shorthand version of your merged policy per data source will look like this, achieving the same goal: allow users to subscribe who are members of group [your original requirement] AND (are members of group [nobody] OR approved in Marketplace). Soon Immuta will make it easier to set a "required" subscription policy that does not auto-subscribe until access is requested (and potentially auto-approved) in Marketplace.
Allow Data Source Discovery: Instead of this setting, simply publish the data source to the Marketplace in a data product.
Request Approval to Access: Instead of this setting, consider converting the data sources these policies target to data products in the Marketplace, and allow the approvals to happen there.
Soon these obsolete subscription settings will be altered or deprecated.
The following reports in the Governance app are impacted:
What users and groups are subscribed to this data source?
What data sources is this user subscribed to?
What data sources are users subscribed to?
This limitation does not impact the user subscribed to the data sources, which is accurate in this report.
Marketplace actions are not audited yet; that is coming soon.
Currently an access request can be approved or denied. Soon approvals will support being time bound. For example, you are temporarily approved for 30 days, or you are temporarily approved until December 25th 2024.
The default setting for Immuta Allow users with specific groups/attributes subscription policies is Always Required which is how . When the Always Required option is selected (the default) and merged with other subscription policies, they are ANDed together. If Share Responsibility is selected, they are ORed together.
Each of these reports has an Approvers column; however it does not represent Marketplace app approvals. It is only for the subscription policy Allow anyone who asks (and is approved) in the Governance app. Do not rely on the Approvers column in these reports for investigating Marketplace approvals. Instead, view the in the Marketplace app.