Walkthrough

Register a connection

An application admin will register the connection to pull in object metadata and create data objects. Immuta will then represent those data objects as assets.

This action must be completed in the Governance app.

Set up a request form for your assets

Immuta sets a default request form for all assets; however, you can set up a customized request form to suit your organization's needs.

A governance user will create a request form that data consumers will complete when requesting access to assets; then, the governance user will attach it to an asset. The request form contains the questions requesters must answer, ensuring that data stewards have all the necessary details to make determinations on access requests.

Once the request form is attached to an asset, any user that requests access to that asset through their data catalog by clicking an access request link will be taken to the Request access page in Immuta to fill out the questions and submit the request.

Add access request links to your catalog

Your catalog administrator will configure access request links within the objects of your data catalog.

This will allow your data catalog users to browse for data within their catalog, and once they find data they want access to, they can click the access request link to take them to the request form attached to that asset.

Users request access through links in your catalog

Users browse through your data catalog as they normally do. When they come across data which they do not have access to, they click a link within that data object directly in the data catalog.

This link will take them to the request form attached to the asset that corresponds to the data object. If you have an IAM configured, and the data consumer is already signed in, they will be taken directly into the app.

Data consumer submits the access request

The data consumer is taken to the Request access page in Immuta to fill out the questions for the request form that corresponds to the asset (database, schema, table, etc.). They answer the exact questions that your data stewards need to properly determine whether or not the requester should gain access.

Once they request access, a webhook is sent off and Immuta will send notifications to the data stewards designated in the request form or asset.

Data stewards review and make a determination for the access request

Data stewards review the access requests within Immuta and can make determinations by approving, denying, or temporarily approving the access request. Using AI review assist, they can quickly and easily make determinations of access with exactly the information they need, provided by the answers to the questions in the request form.

Data stewards are assigned in the request form:

• If any data steward can approve, just a single determination will dictate the user's access.

• If all data stewards must approve, one determination must be made by one data steward belonging to each of the assigned groups, attributes, or permissions.

If a single data steward denies access, the user will not get access. If the access request is approved, Immuta will automatically provision access by granting access to the requested data within the data platform, completing the workflow.

When a final determination is made for an access request, a webhook is sent off and the requester and all other data stewards assigned in the request form or asset will receive a notification with the decision.

Immuta automatically provisions access

After an access request is approved by the necessary data stewards, Immuta provisions access for the data consumer in the data platform. This access is represented as scalable Immuta policies and, for supported connections, pushed as native grants into the data platform so the user can query the data.