LogoLogo
SaaS
  • Immuta Documentation - SaaS
  • Configuration
    • Connect Data Platforms
      • Data Platforms Overview
      • Amazon S3 Integration
      • AWS Lake Formation
        • Getting Started with AWS Lake Formation
        • Register an AWS Lake Formation Connection
        • Reference Guides
          • AWS Lake Formation
          • Security and Compliance
          • Protecting Data
          • Accessing Data
      • Azure Synapse Analytics
        • Getting Started with Azure Synapse Analytics
        • Configure Azure Synapse Analytics Integration
        • Reference Guides
          • Azure Synapse Analytics Overview
          • Azure Synapse Analytics Pre-Configuration Details
      • Databricks
        • Databricks Spark
          • Getting Started with Databricks Spark
          • How-to Guides
            • Configure a Databricks Spark Integration
            • Manually Update Your Databricks Cluster
            • Install a Trusted Library
            • Project UDFs Cache Settings
            • Run R and Scala spark-submit Jobs on Databricks
            • DBFS Access
            • Troubleshooting
          • Reference Guides
            • Databricks Spark Integration Configuration
              • Installation and Compliance
              • Customizing the Integration
              • Setting Up Users
              • Spark Environment Variables
              • Ephemeral Overrides
            • Security and Compliance
            • Registering and Protecting Data
            • Accessing Data
              • Delta Lake API
        • Databricks Unity Catalog
          • Getting Started with Databricks Unity Catalog
          • How-to Guides
            • Configure a Databricks Unity Catalog Integration
            • Migrating to Unity Catalog
          • Databricks Unity Catalog Integration Reference Guide
      • Google BigQuery Integration
      • Redshift
        • Getting Started with Redshift
        • How-to Guides
          • Configure Redshift Integration
          • Configure Redshift Spectrum
        • Reference Guides
          • Redshift Overview
          • Redshift Pre-Configuration Details
      • Snowflake
        • Getting Started with Snowflake
        • How-to Guides
          • Configure a Snowflake Integration
          • Edit or Remove Your Snowflake Integration
          • Integration Settings
            • Snowflake Table Grants Private Preview Migration
            • Enable Snowflake Table Grants
            • Using Snowflake Data Sharing with Immuta
            • Enable Snowflake Low Row Access Policy Mode
              • Upgrade Snowflake Low Row Access Policy Mode
            • Configure Snowflake Lineage Tag Propagation
        • Reference Guides
          • Snowflake Integration
          • Snowflake Table Grants
          • Snowflake Data Sharing with Immuta
          • Snowflake Low Row Access Policy Mode
          • Snowflake Lineage Tag Propagation
          • Warehouse Sizing Recommendations
        • Explanatory Guides
          • Phased Snowflake Onboarding
      • Starburst (Trino)
        • Getting Started with Starburst (Trino)
        • How-to Guides
          • Configure Starburst (Trino) Integration
          • Customize Read and Write Access Policies for Starburst (Trino)
        • Starburst (Trino) Integration Reference Guide
      • Queries Immuta Runs in Your Data Platform
      • Connect Your Data
        • Registering a Connection
          • How-to Guides
            • Register a Snowflake Connection
            • Register a Databricks Unity Catalog Connection
            • Manually Run Object Sync
            • Manage Connection Settings
            • Use the Connection Upgrade Manager
              • Troubleshooting
          • Reference Guides
            • Connections
            • Upgrading to Connections
              • Before You Begin
              • API Changes
              • FAQ
        • Registering Metadata
          • Data Sources in Immuta
          • Register Data Sources
            • Amazon S3 Data Source
            • Azure Synapse Analytics Data Source
            • Databricks Data Source
            • Google BigQuery Data Source
            • Redshift Data Source
            • Snowflake Data Source
              • Bulk Create Snowflake Data Sources
            • Create a Starburst (Trino) Data Source
          • Data Source Settings
            • How-to Guides
              • Manage Data Source Settings
              • Manage Data Source Members
              • Manage Access Requests and Tasks
              • Manage Data Dictionary Descriptions
              • Disable Immuta from Sampling Raw Data
            • Data Source Health Checks Reference Guide
          • Schema Monitoring
            • How-to Guides
              • Manage Schema Monitoring
              • Run Schema Monitoring and Column Detection Jobs
            • Reference Guides
              • Schema Monitoring
              • Schema Projects
            • Why Use Schema Monitoring Concept Guide
    • Manage Data Metadata
      • Connect External Catalogs
        • Configure an External Catalog
        • Reference Guides
          • External Catalog Introduction
          • Custom REST Catalog Interface Introduction
          • Custom REST Catalog Interface Endpoints
      • Data Discovery
        • Introduction
        • Getting Started with Data Discovery
        • How-to Guides
          • Use Identifiers in Domains
          • Use Sensitive Data Discovery (SDD)
          • Manage Identification Frameworks
          • Manage Identifiers
          • Run and Manage Sensitive Data Discovery on Data Sources
        • Reference Guides
          • Identifiers in Domains
          • Built-in Identifier Reference
          • Improved Pack: Built-in Identifier Reference
          • Built-in Discovered Tags Reference
          • How Competitive Pattern Analysis Works
      • Data Classification
        • How-to Guides
          • Activate Classification Frameworks
          • Adjust Identification and Classification Framework Tags
          • How to Use a Classification Framework with Your Own Tags
        • Reference Guide
          • Classification Frameworks
      • Manage Tags
        • How-to Guides
          • Create and Manage Tags
          • Add Tags to Data Sources and Projects
        • Tags Reference Guide
    • Manage Users
      • Getting Started with Users
      • Identity Managers (IAMs)
        • How-to Guides
          • Okta LDAP Interface
          • OpenID Connect
            • OpenID Connect Protocol
            • Okta and OpenID Connect
            • OneLogin with OpenID Connect
          • SAML
            • SAML Protocol
            • Microsoft Entra ID
            • Okta SAML SCIM
        • Reference Guides
          • Identity Managers
          • SAML Protocol Configuration Options
          • SAML Single Logout
      • Immuta Users
        • How-to Guides
          • Managing Personas and Permissions
          • User Impersonation
          • Manage Attributes and Groups
          • External User ID Mapping
          • External User Info Endpoint
        • Reference Guides
          • Permissions and Personas
          • Attributes and Groups in Immuta
    • Organize Data into Domains
      • Getting Started with Domains
      • Domains Reference Guide
    • Application Settings
      • How-to Guides
        • App Settings
        • Private Networking Support
          • Data Connection Private Networking
            • AWS PrivateLink for Redshift
            • AWS PrivateLink for API Gateway
            • Databricks Private Connectivity
              • AWS PrivateLink for Databricks
              • Azure Private Link for Databricks
            • Snowflake Private Connectivity
              • AWS PrivateLink for Snowflake
              • Azure Private Link for Snowflake
            • Starburst (Trino) Private Connectivity
              • AWS PrivateLink for Starburst (Trino)
              • Azure Private Link for Starburst (Trino)
          • Immuta SaaS Private Networking
            • Immuta SaaS Private Networking Over AWS PrivateLink
        • BI Tools
          • BI Tool Configuration Recommendations
          • Power BI Configuration Example
          • Tableau Configuration Example
        • IP Filtering
        • System Status Bundle
      • Reference Guides
        • Deployment Options
        • Data Processing
        • Encryption and Masking Practices
  • Marketplace
    • Introduction
      • User Types
      • Walkthrough
    • Share Data Products
      • How-to Guides
        • Manage Data Products
        • View and Respond to Access Requests
        • Manage Request Forms
        • Customize the Marketplace Branding
      • Reference Guides
        • Marketplace App Requirements
        • Data Products
        • Marketplace Permissions Matrix
        • Understanding Access Provisioning and Underlying Policies in Immuta
          • S3 Provisioning Best Practices
        • Integrating with Existing Catalogs
        • Setting Up Domains for Marketplace
    • Access Data Products
      • How-to Guides
        • Logging into Marketplace
        • Requesting Access to a Data Product
      • Reference Guide
        • Data Source Access Status
    • Short-Term Limitations
  • Governance
    • Introduction
      • Automate Data Access Control Decisions
        • The Two Paths
        • Managing User Metadata
        • Managing Data Metadata
        • Author Policy
        • Test and Deploy Policy
      • Compliantly Open More Sensitive Data for ML and Analytics
        • Managing User Metadata
        • Managing Data Metadata
        • Author Policy
    • Author Policies for Data Access Control
      • Introduction
        • Scalability and Evolvability
        • Understandability
        • Distributed Stewardship
        • Consistency
        • Availability of Data
      • Policies
        • Authoring Policies at Scale
        • Data Engineering with Limited Policy Downtime
        • Subscription Policies
          • Overview
          • How-to Guides
            • Author a Subscription Policy
            • Author an ABAC Subscription Policy
            • Subscription Policies Advanced DSL Guide
            • Author a Restricted Subscription Policy
            • Clone, Activate, or Stage a Global Policy
          • Reference Guides
            • Subscription Policy Access Types
            • Advanced Use of Special Functions
        • Data Policies
          • Overview
          • How-to Guides
            • Author a Masking Data Policy
            • Author a Minimization Policy
            • Author a Purpose-Based Restriction Policy
            • Author a Restricted Data Policy
            • Author a Row-Level Policy
            • Author a Time-Based Restriction Policy
            • Policy Certifications and Diffs
          • Reference Guides
            • Data Policy Types
            • Masking Policies
            • Row-Level Policies
            • Custom WHERE Clause Functions
            • Data Policy Conflicts and Fallback
            • Custom Data Policy Certifications
            • Orchestrated Masking Policies
      • Projects and Purpose-Based Access Control
        • Projects and Purpose Controls
          • Getting Started
          • How-to Guides
            • Create a Project
            • Create and Manage Purposes
            • Adjust a Policy
            • Project Management
              • Manage Projects and Project Settings
              • Manage Project Data Sources
              • Manage Project Members
          • Reference Guides
            • Projects and Purposes
            • Policy Adjustments
          • Concept Guide
            • Why Use Purposes?
        • Equalized Access
          • Manage Project Equalization How-to Guide
          • Equalized Access Reference Guide
          • Why Use Project Equalization?
        • Masked Joins
          • Enable Masked Joins How-to Guide
          • Why Use Masked Joins?
        • Writing to Projects
          • How-to Guides
            • Create and Manage Snowflake Project Workspaces
            • Create and Manage Databricks Spark Project Workspaces
            • Write Data to the Workspace
          • Reference Guides
            • Writing to Projects
            • Project UDFs (Databricks)
      • Data Consumers
        • Subscribe to a Data Source
        • Query Data
          • Querying Snowflake Data
          • Querying Databricks Data
          • Querying Starburst (Trino) Data
          • Querying Databricks SQL Data
          • Querying Redshift Data
          • Querying Azure Synapse Analytics Data
        • Subscribe to Projects
    • Observe Access and Activity
      • Introduction
      • Audit
        • How-to Guides
          • Export Audit Logs to S3
          • Export Audit Logs to ADLS
          • Use Immuta Audit
          • Run Governance Reports
        • Reference Guides
          • Universal Audit Model (UAM)
            • UAM Schema Reference Guide
          • Query Audit Logs
            • Snowflake Query Audit Logs
            • Databricks Unity Catalog Query Audit Logs
            • Databricks Spark Query Audit Logs
            • Starburst (Trino) Query Audit Logs
          • Audit Export GraphQL Reference Guide
          • Unknown Users in Audit Logs
          • Governance Report Types
      • Dashboards
        • Use the Audit Dashboards How-To Guide
        • Audit Dashboards Reference Guide
      • Monitors
        • Manage Monitors and Observations
        • Monitors Reference Guide
  • Releases
    • Deployment Notes
      • 2024
      • 2023
      • 2022
    • Scheduled Maintenance Windows
    • Immuta Support Matrix Overview
    • Immuta CLI Release Notes
    • Preview Features
      • Features in Preview
    • Deprecations
  • Developer Guides
    • The Immuta CLI
      • Install and Configure the Immuta CLI
      • Manage Your Immuta Tenant
      • Manage Data Sources
      • Manage Sensitive Data Discovery
        • Manage Sensitive Data Discovery Rules
        • Manage Identification Frameworks
        • Run Sensitive Data Discovery on Data Sources
      • Manage Policies
      • Manage Projects
      • Manage Purposes
      • Manage Audit Export
    • The Immuta API
      • Integrations API
        • Getting Started
        • How-to Guides
          • Configure an Amazon S3 Integration
          • Configure an Azure Synapse Analytics Integration
          • Configure a Databricks Unity Catalog Integration
          • Configure a Google BigQuery Integration
          • Configure a Redshift Integration
          • Configure a Snowflake Integration
          • Configure a Starburst (Trino) Integration
        • Reference Guides
          • Integrations API Endpoints
          • Integration Configuration Payload
          • Response Schema
          • HTTP Status Codes and Error Messages
      • Connections API
        • How-to Guides
          • Register a Connection
            • Register a Snowflake Connection
            • Register a Databricks Unity Catalog Connection
            • Register an AWS Lake Formation Connection
          • Manage a Connection
          • Deregister a Connection
        • Connection Registration Payloads Reference Guide
      • Marketplace API
        • Marketplace API Endpoints
        • Source Controlling Data Products
      • Immuta V2 API
        • Data Source Payload Attribute Details
          • Data Source Request Payload Examples
        • Create Policies API Examples
        • Create Projects API Examples
        • Create Purposes API Examples
      • Immuta V1 API
        • Authenticate with the API
        • Configure Your Instance of Immuta
          • Get Job Status
          • Manage Frameworks
          • Manage IAMs
          • Manage Licenses
          • Manage Notifications
          • Manage Identifiers in Domains
            • API Changes - Identification Frameworks to Identifiers in Domains
          • Manage Sensitive Data Discovery (SDD)
          • Manage Tags
          • Manage Webhooks
          • Search Filters
        • Connect Your Data
          • Create and Manage an Amazon S3 Data Source
          • Create an Azure Synapse Analytics Data Source
          • Create a Databricks Data Source
          • Create a Redshift Data Source
          • Create a Snowflake Data Source
          • Create a Starburst (Trino) Data Source
          • Manage the Data Dictionary
        • Use Domains
        • Manage Data Access
          • Manage Access Requests
          • Manage Data and Subscription Policies
          • Manage Write Policies
            • Write Policies Payloads and Response Schema Reference Guide
          • Policy Handler Objects
          • Search Connection Strings
          • Search for Organizations
          • Search Schemas
        • Subscribe to and Manage Data Sources
        • Manage Projects and Purposes
          • Manage Projects
          • Manage Purposes
        • Generate Governance Reports
Powered by GitBook

Self-managed versions

  • 2024.3
  • 2024.2

Resources

  • Immuta Changelog

Copyright © 2014-2025 Immuta Inc. All rights reserved.

On this page

Was this helpful?

Export as PDF

December 2023

December 20, 2023

Changes and enhancements

The Immuta system account user for the Unity Catalog integration requires the OWNER permission on catalogs with schemas and tables registered as Immuta data sources. This permission allows Immuta to administer Unity Catalog row-level and column-level security controls. This permission can be applied by granting OWNER on a catalog to a Databricks group that includes the Immuta system account user to allow for multiple owners. If the OWNER permission cannot be applied at the catalog- or schema-level, each table registered as an Immuta data source must individually have the OWNER permission granted to the Immuta system account user.

Bug fixes

  • Uploading a non-existent data source through the databricks/handler API endpoint resulted in a 500 error instead of a 404 error.

  • After a Redshift integration connection test was successful in the Immuta UI, users encountered an Internal server error when attempting to save the integration settings.

  • Immuta was not granting access to data sources with a hasTagAs policy applied correctly. If users did not initially have the attribute specified when the policy was created, they were not granted access to the data source if they were later given the specified attribute.

December 14, 2023

Bug fixes

  • Snowflake lineage was not propagating tags properly to child data sources.

  • Fixes to address validation test failures when configuring a Redshift integration.

December 12, 2023

Minor enhancements and fixes that are not user-facing.

December 7, 2023

Enhancement

Performance improvements when disabling a Snowflake integration.

Bug fixes

  • The Databricks Unity Catalog OAuth certificate field was broken when users attempted to add certificates on the integrations page.

  • If the token used to configure the Databricks Unity Catalog integration was expired or revoked, applying masking policies to data sources or syncing policies displayed as being successful in the Immuta UI even though the job failed.

  • Vulnerability: CVE-2023-44270

November 2023

November 30, 2023

Bug fix

Snowflake user impersonation roles were being removed incorrectly.

November 28, 2023

UI enhancements

  • Users can select a light or dark mode theme for the Immuta UI from the user profile menu.

  • Design improvements of the user profile page.

Bug fixes

  • CVE-2023-45803

  • CVE-2023-43804

  • CVE-2023-46136

November 16, 2023

Minor enhancements and fixes that are not user-facing.

November 14, 2023

Bug fix

When users attempted to register data sources from two different Starburst (Trino) catalogs, they encountered a remote table validation error if the table and schema names were the same.

Deprecation

Update to the deprecation of legacy audit UI and /audit API; originally the EOL was set to March 2024. However, the EOL time frame has been delayed based on customer feedback. Check future release notes for the updated EOL date.

November 9, 2023

Enhancements

  • The Databricks Unity Catalog integration supports rotating personal access tokens.

  • Pages in the UI have a branded Detect footer to signify that they belong to the Detect module.

Bug fix

Fixes related to Databricks Unity Catalog custom certificate authority configuration. This feature is currently in preview and only available to select accounts.

November 7, 2023

Enhancements

  • The Databricks Unity Catalog integration supports OAuth token passthrough as an authentication method for configuring the integration and registering data sources. This feature is currently in preview and only available to select accounts.

Bug fixes

  • Fixes to address performance degradation in the Immuta UI.

  • Vulnerability: CVE-2023-45857

Breaking change

October 2023

October 31, 2023

Enhancements

  • Users can configure their Databricks Unity Catalog integration to support their proxy server.

  • The Databricks Unity Catalog integration supports OAuth token passthrough. This feature is currently in preview and only available to select accounts.

Feature removal

The query editor page has been removed from the product. Users can no longer enable the query editor on the app settings page.

Bug fixes

  • Creating a governance report on all data sources failed for instances with more than 10,000 data sources.

  • The Immuta CLI returned a 500 error when creating data sources if the payload had an empty string for the columnDescriptions.description parameter.

  • Schema monitoring did not create or delete views in Redshift Spectrum if data sources were registered through the Immuta V2 API /data endpoint.

October 25, 2023

Bug fixes

  • If data sources had tags applied through Snowflake lineage and then an external catalog was updated with new tags, the lineage tags were dropped and the new tags were applied to the column.

  • The /detectRemoteChanges endpoint behaved inconsistently for Snowflake integrations.

  • Fixes to address a Snowflake table grants issue that caused data source background jobs to fail.

  • Vulnerability: CVE-2023-43804

October 23, 2023

Enhancements

UI change

The option to enable the dbt integration has been removed from the Immuta application for new instances.

Bug fix

October 18, 2023

Minor write policy (private preview) fixes and enhancements.

October 16, 2023

Bug fixes

  • Attempting to GRANT SELECT on a shared view in Snowflake failed with the following error: UDF IMMUTA_PROD.IMMUTA_SYSTEM.GET_ALLOW_LIST is not secure.

  • The data source health check was not running on Snowflake data sources.

  • Vulnerability addressed: CVE-2023-45133

October 11, 2023

Enhancement

SDD is enabled by default in all new Immuta tenants.

Bug fixes

  • After editing a Databricks Unity Catalog data source, the configuration could not be saved.

  • Users encountered this error when disabling Snowflake table grants: Error: Query timed out. The connection information may be incorrect. Please double check and try again.

October 4, 2023

New feature

Bug fixes

Fixes to address Immuta UI performance issues.

September 2023

September deprecations

Deprecated items remain in the product with minimal support until their end of life date.

September 27, 2023

Bug fixes

  • Users could not add all schemas when registering Databricks data sources in the Unity Catalog integration.

September 25, 2023

Bug fixes

  • Schema monitoring was not properly creating new data sources in the Databricks Unity Catalog integration when new tables were detected.

  • The data source members tab did not display all subscribed users when a subscription policy that used advanced DSL rules with special subscription variables was enforced on the data source.

  • Vulnerability: CVE-2023-41419

September 21, 2023

Bug fix

Global subscription policies that used the @hasTagAsGroup or @hasTagAsAttribute variable were not granting and revoking users' access to tables properly. This fix addresses the issue for the Databricks Unity Catalog integration.

September 20, 2023

UI change

The data source details tab UI has been redesigned to consolidate data source connection information and remove the query editor button, the SQL connection snippets, and the copy schema button. This redesign aligns the format of this data source details page with the audit dashboards.

Bug fix

Global subscription policies that used the @hasTagAsGroup or @hasTagAsAttribute variable were not granting and revoking users' access to tables properly. This fix addresses the issue for Azure Synapse Analytics, Databricks Spark, Redshift, and Snowflake integrations.

September 19, 2023

New feature

Bug fixes

  • Fixes to address slow or unresponsive Immuta tenants.

  • Data source health status warning messages were not properly displayed for views.

  • Fixes to the Redshift integration configuration to address the impact of a change in the Okta Redshift application, which now requires usernames to have the prefix IAM.

September 13, 2023

UI enhancement

The user profile menu icon is now a user icon instead of the user's first initial.

Bug fixes

When an automatic subscription policy using the @hasTagAsAttribute variable was applied to a Snowflake data source, users were not granted access to the table in Snowflake.

September 11, 2023

Enhancement

Users can override the default storage URI for Databricks Spark project workspaces, so they can create project workspaces against storage in a different location if they have an alternative hostname, DNS, or other requirements.

Bug fixes

  • The schema evolution owner was unset when data sources were removed from a schema project.

  • Fixes to address Immuta UI performance issues.

  • Vulnerability: CVE-2023-41037

September 6, 2023

Enhancement

Bug fix

Syncing a Snowflake external catalog failed on data sources with more than 300 tagged columns.

August 2023

August 30, 2023

UI change

The local subscription policy builder and project subscription policy builder now align with the format of the global subscription policy builder.

Bug fixes

  • Fix to prevent enabling column detection on derived data sources, as column detection is unsupported for derived data sources.

  • Vulnerability addressed: CVE-2022-25883

August 23, 2023

Feature

Bug fixes

  • Users were able to change a schema project owner's role, which could leave Immuta in a state where the schema project could not be deleted.

  • Fix to address a validate connection error with Snowflake External OAuth.

  • Vulnerability addressed: CVE-2023-37920

August 18, 2023

Enhancements

  • Data source and user activity views for Snowflake are now GA.

August 16, 2023

Feature

Bug fixes

  • When users created an IAM on the app settings page and set immuta as the ID, users could not sign in to Immuta using their Immuta Account on the login screen.

  • Sensitive data discovery failed to run on data sources that were registered using Snowflake External Oauth.

  • Redshift validation tests required CREATE ON PUBLIC for the Immuta system account, and it should not have been a requirement.

August 10, 2023

Bug fixes

  • If a user other than the data owner navigated to the policies page of a Snowflake or Redshift data source, the activity panel displayed that "undefined" created the data source.

  • Fix to re-sync automatic subscription policies after schema detection runs on Snowflake tables that use CREATE OR REPLACE.

  • Vulnerabilities addressed:

    • CVE-2021-46708: Immuta no longer publishes the Swagger API, which removes the ability to exploit this vulnerability. Although the affected library is a downstream dependency of a package Immuta uses, the library that contains the vulnerability is not used by Immuta.

    • CVE-2023-37920

    • CVE-2023-38704

Breaking change

August 2, 2023

Enhancements

  • External catalog health checks now include a timestamp so that users can easily determine when the catalog last attempted to sync with Immuta.

Bug fixes

  • Fix to address column detection error on Snowflake data sources: TypeError: Cannot read properties of null.

  • Fix to address audit ingestion failures.

July 2023

July 27, 2023

Enhancement

Bug fixes

  • Snowflake policies and grants were not properly synced when users performed CREATE OR REPLACE on a table.

  • If OAuth was used as the authentication method, users encountered an error when creating a data source with schema monitoring enabled or enabling schema monitoring for an existing data source.

July 25, 2023

Bug fixes

  • Fix to mitigate audit ingestion failures.

  • Fix to address the impact of a recent Databricks change that caused a NoSuchFieldException error when querying data on Databricks clusters with Unity Catalog enabled.

  • If whitespaces trailed or prefixed a project name when creating a Google BigQuery data source, the view was not created in Google BigQuery.

July 19, 2023

Enhancements

  • The duration of a Databricks Unity Catalog query is available on the Events page.

  • Immuta governance reports include query records for Snowflake and Databricks Unity Catalog.

Bug fixes

  • Fixes to address Snowflake audit record collection errors.

  • Vulnerability addressed: CVE-2023-37466

Breaking changes

July 13, 2023

Feature

The data sources overview and user activity dashboards can be used with Databricks Unity Catalog integrations.

Bug fixes

  • Fix to address an issue that caused schema detection and audit record ingestion to fail in Snowflake when using Snowflake External OAuth for authentication.

  • Immuta data sources were inconsistently linked to the Snowflake external catalog when automatically ingesting Snowflake object tags.

  • Vulnerabilities addressed:

    • CVE-2022-25883

    • CVE-2023-36665

July 11, 2023

Bug fixes

  • Members with timed access to a data source in Immuta could still query data in Snowflake after their access had been revoked in Immuta.

  • If a Snowflake integration was configured with a Snowflake catalog, users could not configure another external catalog because the test connection button remained disabled.

  • Removing users from a group in Okta did not remove them from that group in Immuta.

July 7, 2023

Feature

User access events from Databricks Unity Catalog are now captured in UAM and can be exported to S3.

June 2023

June 30, 2023

Bug fixes

  • User attributes that included . were not handled properly by Unity Catalog policies.

  • Fix to address issue that caused some Snowflake audit records to be missing.

June 28, 2023

Feature

Bug fixes

  • The example query on the data source overview page for Databricks data sources was missing the catalog, schema, and table name.

  • Fix to address loading time and error when switching between data source activity monitoring dashboard and other data source tabs.

  • Multiple data sources could appear to have the same name in the UI because of white space between characters.

  • Snowflake data sources could not be created if they had a ' in the name.

June 22, 2023

Enhancement

Bug fixes

  • Snowflake integration manual installation: After editing a setting on the app settings page (such as the custom login message), the key pair for the Snowflake integration authentication method disappeared when the configuration was saved.

  • Fix to address an issue with the Databricks Spark integration with Unity Catalog Support that caused an error when creating external tables.

  • Vulnerability: CVE-2023-32681

Deprecations and breaking changes

  • Support for configuring data source expiration dates has been deprecated.

  • Support for the Snowflake integration without Snowflake governance features has been deprecated and will be removed in December 2023.

June 15, 2023

Enhancement

Tags improvements: Tags now have a details page that provides valuable information about the tag itself and where it is applied within your data environment.

Bug fixes

  • Fix to address the impact of a recent Databricks change that caused a NoSuchFieldException error when querying data in Unity Catalog.

  • Subscription policies with enhanced variables did not work when Snowflake table grants was enabled.

  • Vulnerability: CVE-2023-34104

June 8, 2023

New feature

June 7, 2023

New features and enhancements

  • The data sources overview and user activity dashboards can be used with both Snowflake and Databricks integrations together.

  • The data source overview page shows an icon of the data access technology.

  • Create a row-level policy using a custom WHERE clause without Immuta validating your custom SQL. Previously, Immuta checked these custom SQL policies by running a query with the WHERE clause in the data platform. For organizations that do not grant Immuta SELECT access to their data platforms, this validation returned an error and locked down the tables. This validation check no longer exists.

Bug fix

With Snowflake table grants enabled, changing a user's attribute through a group updated the Snowflake profiles table to reflect the entitlement changes. However, if a subscription policy specifying that group had already been applied to a data source, the visibility of the table did not change in Snowflake for the user. Instead, users who should have been restricted access from the table could still see that the table existed in Snowflake (but they could not query it to access data). Conversely, users who should have been granted access to the table could not see it.

May 2023

May 31, 2023

Enhancements

  • Filter the data sources overview dashboard by data platform type (Databricks or Snowflake).

Bug fixes

  • Fix to address the following OpenID Connect login error: type error: cb is not a function uncaught exception detected.

  • Users could not save their SAML configuration on the app settings page after enabling SAML single log out and received the following error: options.allowIdPInitiatedSLO is not allowed.

May 25, 2023

New feature

Bug fix

Fix to address an issue that caused sensitive data discovery to run on data sources added by schema detection, even if sensitive data discovery was disabled.

May 22, 2023

New feature

Bug fixes

  • The Redshift integration did not properly create views for tables that included column names with special characters. When users queried those views, they received column doesn't exist errors.

  • When configuring Snowflake object tag ingestion, the connection failed if the host provided was a Snowflake PrivateLink URL.

  • Vulnerability: CVE-2023-32314

May 11, 2023

Bug fix

Fix to address a race condition that prevented job clusters from starting properly on Databricks runtimes 9.1 and 10.4.

May 4, 2023

Enhancements

  • New tag side sheet: Tag experience has been improved with the addition of tag side sheets, which provide contextual information about tags and can be accessed wherever tags are applied.

May 1, 2023

Enhancement

The audit Events page will now show multiple targets for queries that join tables.

Bug fixes

  • Running an external catalog sync did not trigger policy updates when only table tags had changed. If users only added or removed table tags, global policy updates were not applied to data sources.

  • The data source activity monitoring for Snowflake charts were showing the largest value for each data point on the chart rather than the sum of the values.

April 2023

April 27, 2023

Enhancements

  • Data source and user activity monitoring dashboards can now be filtered by Snowflake database or Snowflake schema.

Bug fixes

  • Snowflake connection validation failed if users created a custom system account role name.

  • The data source overview and person overview queries charts were identical to the data overview queries chart, no matter what data source or person was selected.

  • A backend query was modified to improve the response time of the data source and user activity monitoring dashboards.

Deprecation

Deprecated items remain in the product with minimal support until their end of life date.

Support for the interpolated comparison WHERE clause function has been deprecated.

April 20, 2023

This deployment addresses a SAML login issue discovered in the original deployment on April 17. Consequently, the April 17 release notes entry has been replaced with the content below.

New features and enhancements

Bug fixes

  • The enhanced subscription policy variable @hasTagAsAttribute did not unsubscribe users with that attribute from the data source when a matching column tag was removed.

  • Snowflake table grants did not properly update user subscriptions to data sources if their group in Immuta was renamed and the group name was used in an automatic subscription policy.

  • Vulnerabilities:

    • CVE-2023-0842

    • CVE-2023-29199

Feature removal

April 13, 2023

Enhancements

  • Data source and user activity monitoring dashboards can now be filtered by Snowflake cluster, warehouse, and role.

  • Performance improvements of the data source monitoring for Snowflake overview dashboard.

Bug fixes

  • Users could not include duplicate tags in a single row-level policy when using the policy builder.

  • When configuring an external REST catalog, testing the data source link timed out after three seconds, and users received a failed to retrieve data error.

  • Vulnerabilities:

    • CVE-2023-0842

    • CVE-2023-29017

April 5, 2023

Enhancement

Tag enhancements are generally available and update various components of the UI.

Bug fix

Snowflake integration: If a group's access was revoked from a data source in Immuta (manually or through a policy), table grants was not issuing revokes in Snowflake for members of the group that lost its subscription status, allowing them to still access that data. However, if low row access policies for Snowflake was disabled, all the rows in the data source were appropriately hidden.

March 2023

March 30, 2023

Bug fixes

  • Snowflake external catalog tags were not synced or pulled in to Immuta.

  • Users could not enable column detection if they had not made all columns visible in the data source during data source creation.

March 27, 2023

Enhancements

  • Data source and user activity monitoring dashboards will persist the date range selected for all dashboards in that user's session. Once logged out, the data range will return to default.

Bug fixes

  • When using SCIM to sync an identity manager with Immuta, removing a user from a group in the identity manager did not remove the user from that group in the remote database in the following integrations:

    • Snowflake

    • Redshift

    • Synapse

    This issue could allow that user to retain access to data if they were removed from a group that was granted access by a policy.

  • If an Advanced DSL policy used the @columnsTagged function and the policy had multiple conditions, all users were restricted from seeing data.

  • Unity Catalog clusters: A breaking change in Databricks caused a wrong number of arguments error when users ran Unity Catalog queries.

  • When Databricks query plans for tables registered in Immuta were too large, Immuta could not process the audit record.

  • Vulnerabilities:

    • CVE-2023-24807

    • CVE-2023-28154

March 23, 2023

Features and enhancements

  • Left navigation UI enhancement. The left navigation includes two tiers and reorganizes several pages:

    • Data includes the data sources and projects pages.

    • People includes the admin page.

    • Policies includes the subscription policies and data policies pages.

  • Support for Databricks Runtime 11.3 LTS.

Bug fix

  • Vulnerability: CVE-2022-23529

March 16, 2023

Enhancements

  • When executing the Immuta Data Security Framework, the status of the classification job for individual data sources can now be found in the data source health dropdown. The options include the following:

    • Classification complete: Classification has run on the data source and applied the appropriate classification tags.

    • Classification pending: A framework has been created, activated, or updated and will run on the data source.

    • Classification is not applicable: The data source is not affected by classification.

Bug fixes

  • The Databricks Spark integration sometimes provided an incomplete list of databases in the Data Explorer UI or in Databricks clusters after running SHOW DATABASES.

  • Under rare circumstances, a global data policy using a tag failed to apply to some data sources.

  • User accounts created with IAM integrations using the SAML 2.0 protocol before SCIM was enabled were not updated by SCIM provisioning after SCIM was enabled.

  • With data source and user activity monitoring for Snowflake enabled, users without AUDIT permission were brought to an empty overview dashboard when logging in.

Removed feature

Users can no longer register multiple data sources that reference the same underlying table in their remote data platform. Existing duplicate data sources that point to the same remote table will not be affected by this change; this feature removal only applies to data source creation.

March 3, 2023

Fix to repair impact of a recent Databricks Data Explorer change to issue use catalog hive_metastore command on Databricks runtimes older than Databricks runtime 11.x. The Databricks Spark integration now handles this command issued by Databricks Data Explorer.

February 2023

February 23, 2023

Features and enhancements

  • The Default subscription policy option allows you to choose whether or not a subscription policy will automatically restrict access to tables when they are registered as Immuta data sources. By default, Immuta does not apply a subscription policy on data you register (unless an existing global policy applies to it) so that you can preserve policies applied by your underlying data platform on those tables, leaving existing access controls and workflows intact.

  • With data source and user activity monitoring for Snowflake enabled, the Audit tab on the navigation menu defaults to the Events page.

Bug fixes

  • When applying a global subscription policy that uses the @hasTagAsGroup or hasTagAsAttribute enhanced subscription policy variable (for example, "Allow users to subscribe when @hasTagAsAttribute('AllowedAccess', 'dataSource') on all data sources") to a data source, user access was restricted as expected; however, if the data source tag changed through the Immuta V2 API, access wasn't changed, which could potentially allow users to see data that they shouldn't. Additionally, access wasn't changed if the policy was removed.

  • Users could not save configuration changes if they enabled Snowflake table grants after creating the integration.

  • Users could not save configuration changes if they edited an existing Snowflake integration.

  • Detect pages with over ten thousand (10,000) results would error. There is now a notification that only ten thousand (10,000) of the results are available with the recommendation to refine the page by filter or search.

  • Vulnerabilities:

    • CVE-2022-32149

    • CVE-2022-23491

February 7, 2023

Bug fixes

  • When applying a global subscription policy that uses the @hasTagAsGroup or hasTagAsAttribute enhanced subscription policy variable (for example, "Allow users to subscribe when @hasTagAsAttribute('AllowedAccess', 'dataSource') on all data sources") to a data source, user access was restricted as expected; however, if the data source tag changed, access wasn't changed, which could potentially allow users to see data that they shouldn't. Additionally, access wasn't changed if the policy was removed.

  • Users were able to query system tables in the query editor by using some specific Postgres functions.

Breaking change

January 2023

January 26, 2023

Features

Private preview release

Deprecated feature

Deprecated items remain in the product with minimal support until they are removed from the product.

  • External masking

January 23, 2023

Bug fixes

  • Snowflake, Redshift, and Azure Synapse integrations:

  • Vulnerabilities:

    • CVE-2022-23529

    • CVE-2022-40899

Known bugs

  • Editing a schema project to a database that already exists fails.

Last updated 2 days ago

Was this helpful?

is generally available. This mode improves query performance in Immuta's Snowflake integration by decreasing the number of Immuta creates.

To create a to discover data sensitivity using the /framework API endpoint, users must now include the parameter rule.name. This will not affect any current behavior and will only impact a new framework being created.

Users can now adjust the audit frequency for and query audit from the app settings page.

The new Load Audit Events button on the events page will from Snowflake or Databricks into Immuta outside of the scheduled ingestion.

Databricks Spark project workspaces failed to create for Databricks integrations using .

SDD can now be .

Feature
Deprecation notice
End of life (EOL)

Users could not query Starburst data sources registered using OAuth authentication and got the following 400 error: This data source was created using anonymous authentication. Users must now set an when using OAuth or asynchronous authentication to create Starburst data sources.

: Write your policies in Immuta and have them enforced automatically by Databricks across data in your Unity Catalog metastore.

Immuta allows in the Snowflake and Databricks Unity Catalog integrations. This feature is currently in public preview and available to all accounts.

Users can view via the Immuta API to track the number of licensed users.

All new SaaS accounts will have on by default with the activity dashboards visible to users with the AUDIT or GOVERNANCE permission. Current customers are not affected by this change.

With SDD enabled, users now have access to the Discover tab, where they can .

Previously, if users did not have a , Immuta would run all built-in and custom identifiers by default and any new identifiers required no additional action to be run. Now, . A default template is set automatically with all current built-in and custom identifiers. However, any new identifiers you create must be .

Immuta can pass a client secret to obtain token credentials in the .

Performance improvements for identity managers with enabled.

Unity Catalog query audit requires the public preview version of system tables in Unity Catalog to be enabled. Follow the Databricks documentation to .

: Data access activity from Unity Catalog is audited and can be viewed as Immuta audit logs in the UI or exported.

Sensitive data discovery customization is now GA: is an Immuta feature that uses sensitive data patterns to determine what type of data your column represents. SDD customization allows for organizations to create and insert their own patterns into SDD which will be recognized and then tagged when found.

Support for the legacy Starburst integration has been deprecated. Use the instead.

: Monitor data in your Snowflake environment. This feature detects when new tables or columns are created or deleted and automatically registers (or disables) those tables in Immuta for you. Schema monitoring for Snowflake also improves performance of legacy schema monitoring and enhances it by detecting destructively recreated tables (from CREATE OR REPLACE statements), even if the table schema wasn’t changed.

: SDD automatically discovers and tags your data based on the identifiers it matches but, unlike non-SDD, it does not persist or move any of your data.

: Minimize security risks by enabling SAML single log out, which terminates abandoned sessions after a timeout event occurs or after a user logs out of Immuta, their identity provider, or another application.

: Migrate your data from the Databricks legacy Hive metastore to the Unity Catalog metastore while protecting data and maintaining your current processes in a single Immuta tenant.

An additional 20 UAM audit events are captured and can now be exported to S3. See the full list of supported events on the .

Data source and user activity monitoring for Snowflake are now public preview and can be used without . Immuta users with Snowflake data sources can use these features to view visualizations of the with no configuration.

Snowflake integration using Snowflake governance features: Users can create , , , and policies that use masked columns as input.

The data source health check button has been removed from the data source health menu. Use instead.

. Blocking use of these functions allows you to restrict users from changing projects within a session.

The number of months for of data source and user activity monitoring for Snowflake can be configured from the app settings page.

A single query for multiple data sources will result in a single Snowflake event and appear as one event on the Events page.

The custom date range for data source and user activity monitoring dashboards supports .

improves query performance in Immuta's Snowflake integration by decreasing the number of Immuta creates.

. For a query that joins tables, Immuta uses the same classification rules applied to tables and applies those rules to columns of the query. Immuta applies a new set of classification tags to the query columns and calculates sensitivity for the query event in the audit record. These query classification tags are not included on the tables' data dictionary.

Users can no longer set schema to null when bulk updating data sources using the .

is generally available. Let Immuta manage privileges on your Snowflake tables instead of manually granting table access to users. With Snowflake table grants enabled, Snowflake Administrators don't have to manually grant table access to users; instead, Immuta manages privileges on Snowflake tables and views according to the subscription policies on the corresponding Immuta data sources.

: Immuta’s Starburst integration v2.0 allows you to access policy-protected data directly in your Starburst catalogs without rewriting queries or changing your workflows. Instead of generating policy-enforced views and adding them to an Immuta catalog that users have to query (like in the legacy Starburst integration), Immuta policies are translated into Starburst rules and permissions and applied directly to tables within users’ existing catalogs.

is released for private preview. Detect is a tool that monitors your data environment and provides analytic dashboards in the Immuta UI based on audit information of your data use.

If a was applied to a data source and a user updated a (create, update, delete) that also applied to that data source, the data policy was not applied to the data source. Consequently, a user querying that table could see values of masked columns in plaintext.

If an existing and an existing applied to the same data source, then modifications to that data source (or the creation of a new data source targeted by those policies), only the global subscription policy was applied to the data source. Consequently, a user querying that table could see values of masked columns in plaintext.

  1. Releases
  2. Deployment Notes

2023

Previous2024Next2022
  • December 2023
  • December 20, 2023
  • December 14, 2023
  • December 12, 2023
  • December 7, 2023
  • November 2023
  • November 30, 2023
  • November 28, 2023
  • November 16, 2023
  • November 14, 2023
  • November 9, 2023
  • November 7, 2023
  • October 2023
  • October 31, 2023
  • October 25, 2023
  • October 23, 2023
  • October 18, 2023
  • October 16, 2023
  • October 11, 2023
  • October 4, 2023
  • September 2023
  • September deprecations
  • September 27, 2023
  • September 25, 2023
  • September 21, 2023
  • September 20, 2023
  • September 19, 2023
  • September 13, 2023
  • September 11, 2023
  • September 6, 2023
  • August 2023
  • August 30, 2023
  • August 23, 2023
  • August 18, 2023
  • August 16, 2023
  • August 10, 2023
  • August 2, 2023
  • July 2023
  • July 27, 2023
  • July 25, 2023
  • July 19, 2023
  • July 13, 2023
  • July 11, 2023
  • July 7, 2023
  • June 2023
  • June 30, 2023
  • June 28, 2023
  • June 22, 2023
  • June 15, 2023
  • June 8, 2023
  • June 7, 2023
  • May 2023
  • May 31, 2023
  • May 25, 2023
  • May 22, 2023
  • May 11, 2023
  • May 4, 2023
  • May 1, 2023
  • April 2023
  • April 27, 2023
  • April 20, 2023
  • April 13, 2023
  • April 5, 2023
  • March 2023
  • March 30, 2023
  • March 27, 2023
  • March 23, 2023
  • March 16, 2023
  • March 3, 2023
  • February 2023
  • February 23, 2023
  • February 7, 2023
  • January 2023
  • January 26, 2023
  • January 23, 2023
Snowflake low row access policy mode
Snowflake row access policies
classification framework
fully customized using the UI
Databricks Unity Catalog integration
Detect
view their identification frameworks and adjust the rules within a framework
enable system tables
Query audit is now available for the Databricks Unity Catalog integration
Sensitive data discovery (SDD)
Starburst v2.0 integration
SDD for Snowflake and Databricks is now public preview
SAML single log out
classification enabled
audit information
these health checks
historical ingestion
universal audit model (UAM)
Snowflake low row access policy mode
Snowflake row access policies
Snowflake table grants
Starburst Integration v2.0
Immuta Detect
global subscription policy
global data policy
Databricks Unity Catalog
Snowflake
masked columns to be used in row-level policies
conditional masking
minimization
WHERE clause
time-based restriction
metastore magic
Databricks metastore magic

Legacy audit UI and /audit API

September 2023

October 2024

September 2023

March 2024

Discussions tab on projects and data sources

September 2023

March 2024

HIPAA Expert Determination

September 2023

March 2024

Query editor

September 2023

October 2023

September 2023

January 2024

September 2023

March 2024

global data policy

Legacy Databricks SQL integration (Use the instead.)

Non-native sensitive data discovery (Use instead.)

Snowflake integration with low row access policy mode disabled (Follow this to enable low row access policy mode. You must also .)

Unity Catalog integration
native sensitive data discovery
Snowflake guide
enable table grants
admin username globally in Immuta
Snowflake External OAuth authentication method
manually sync audit events
custom time ranges
license usage
a global template must be set
global framework set for sensitive data discovery
Classification for query sensitivity is now dynamic
Universal audit model (UAM) page
Schema monitoring for Snowflake
manually added to the global template
api/v2/data endpoint
combined global subscription policy
SCIM support
Block a set of Immuta's custom user-defined functions (UDFs) from being used on your Databricks Spark clusters