# Use Immuta as a Marketplace

If you do not currently have a marketplace solution for your data products, you can create a marketplace in Immuta for your users to browse curated data products and request access to those data products. Then your data stewards can make determinations in Immuta that translate directly to Immuta policies and automatic access provisioning.

<figure><img src="https://1751699907-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlWBda5Pt4s8apEhzXGl7%2Fuploads%2Fgit-blob-8d1cf1223439b6665b703ac77724f3fe6e9d7997%2FMarketplace%20Flow%20(1).png?alt=media" alt="The workflows available through the Request app include publishing data products, requesting access to data, and making access determinations."><figcaption><p>Figure 1: Workflow</p></figcaption></figure>

*Figure 1 depicts the workflows available. This walkthrough will guide you through these steps.*

Some of these steps are performed by different user types in Immuta, so this walkthrough is organized by [User type](https://documentation.immuta.com/saas/request/introduction/user-types).

## Governance and user admin users

The data sources that are exposed through your data products are sourced from a domain; so in order to publish a data product, you must have at least one domain with at least one data source in it. Any user with the Immuta `GOVERNANCE` permission is able to publish data products in the Request app using any domain. However, this job can be delegated by [creating data product managers](#data-product-manager-user). You create data product managers by giving them [the `Manage Data Products` permission in a domain](https://documentation.immuta.com/saas/introduction/user-types#delegating-to-data-product-owners).

<figure><img src="https://1751699907-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlWBda5Pt4s8apEhzXGl7%2Fuploads%2Fgit-blob-f718adcd63bed6c6f81bcd2aefc4f5c1379cc0ac%2FScreenshot%202024-12-03%20at%202.51.55%E2%80%AFPM.png?alt=media" alt=""><figcaption><p>Figure 2: Delegating to Data Product Managers</p></figcaption></figure>

As shown in Figure 2, [creating a domain and assigning data sources](https://documentation.immuta.com/saas/configuration/domains/domains) to it is handled by a user with `GOVERNANCE` permission. Assigning the `Manage Data Products` permission is handled by a user with `USER_ADMIN` permission.

These actions are completed in the Govern app, not the Request app.

## Data product manager user

This user is able to publish the data products, manage their metadata, and manage request forms. As mentioned above, a data product manager must have the global `GOVERNANCE` permission or the domain-specific `Manage Data Products` permission in a domain.

From there, data product managers are able to publish and manage data products, from their domains as depicted in Figure 3.

<i class="fa-paper-plane">:paper-plane:</i> When a new data product is published, a webhook is sent off and users with `Manage Data Products` permission in that data product's domain will receive a notification.

<figure><img src="https://1751699907-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlWBda5Pt4s8apEhzXGl7%2Fuploads%2Fgit-blob-71cf5b3c4e66dc814c78a35f0c916693151be6f6%2FScreenshot%202025-06-03%20at%208.51.41%E2%80%AFAM.png?alt=media" alt=""><figcaption><p>Figure 3: Creating and Managing a Data Product</p></figcaption></figure>

However, the first step in creating a data product is ensuring that the data sources that make up the data product are contained in the domain where you have the `Manage Data Products` permission.

### Making data sources available in a domain

See the [Setting up domains for data product management page](https://documentation.immuta.com/saas/configuration/domains/setting-up-domains-for-marketplace) for details about how to automatically have data sources be assigned to domains.

## Data consumer user

A data consumer can be anyone with a login to Immuta. They can visit the Request app, search for data products and [request access](https://documentation.immuta.com/saas/request/access-data-products/how-to-guides/requesting-access-to-a-data-product) to them, or request masking exceptions on specific columns within those products, as shown in Figure 4.

<i class="fa-paper-plane">:paper-plane:</i> Once they request access, a webhook is sent off and Immuta will send notifications to the data stewards of the data product.

<figure><img src="https://1751699907-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlWBda5Pt4s8apEhzXGl7%2Fuploads%2Fgit-blob-ff8fed7c0ce8e42565b08f4f27126be7bc1cbfef%2FScreenshot%202025-06-03%20at%208.52.33%E2%80%AFAM.png?alt=media" alt=""><figcaption><p>Figure 4: Requesting Access</p></figcaption></figure>

## Data steward user

The data stewards are tasked with [making determinations](https://documentation.immuta.com/saas/request/review-access-requests/how-to-guides/view-and-respond-to-access-requests) on access requests, the final step in the workflow depicted in Figure 5.

<figure><img src="https://1751699907-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlWBda5Pt4s8apEhzXGl7%2Fuploads%2Fgit-blob-b2b8135c50fca0662677ae82ef7a1d40e0d03c64%2FScreenshot%202025-06-03%20at%208.53.37%E2%80%AFAM.png?alt=media" alt="If a data steward approves access to the data product, Immuta automatically provisions access."><figcaption><p>Figure 5: Access Request Determination</p></figcaption></figure>

Data stewards are assigned to data products in the request form used; they can be assigned based on their group, attributes, or permissions or the exact user can be assigned. If the data stewards are not assigned in a request form, the data product owner will select them for each data product. The request form will also dictate if any data steward can approve an access request or if all of them must.

<i class="fa-paper-plane">:paper-plane:</i> When an access request is made that requires approval, a webhook is sent off and data stewards will receive a notification with the request. Additionally, it will appear as pending, signaling a determination is required.

The data steward [can make the determination](https://documentation.immuta.com/saas/request/review-access-requests/how-to-guides/view-and-respond-to-access-requests) by approving, denying, or temporarily approving it with a reason. If approved, Immuta will automatically provision access by granting data product access in the data platform or unmasking the approved columns, completing the workflow depending on the request type. When any data steward can approve, just a single determination will dictate the user's access. However, if all data stewards must approve, [one determination must be made by one data steward](#user-content-fn-1)[^1] belonging to each of the assigned groups, attributes, or permissions. If a single data steward denies access, the user will not get access.

<i class="fa-paper-plane">:paper-plane:</i> When a final determination is made for an access request, a webhook is sent off and the requester and all other data stewards for the data product will receive a notification with the decision.

[^1]: For example, if the request form lists users with the `GOVERNANCE` permission and users with the HR group as data stewards, then one user with the `GOVERNANCE` permission and one user with the HR group must approve to satisfy each of those conditions. A single user may approve for all conditions in a request form if they have the necessary permissions.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://documentation.immuta.com/saas/request/configure/reference-guides/walkthrough.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.