SaaS
Search powered by AI

Data Product Access

Private preview: The Marketplace app is available to select accounts. Reach out to your Immuta representative for details.

Pending requests

All pending requests by the data consumers are listed and contain:

  • What data product was requested

  • When the request was made

  • What set of users can approve

  • Its current state:

    • Pending (These can be canceled by the requestor.)

    • Processing

Mixing approvals with birthright policies that are required

Just because a data consumer is approved to a data product does not necessarily mean they will gain access to every data source in that data product. It is possible there are existing birthright policies on those data sources that the requesting user does not meet, and if those policies are always required, the user cannot gain access to the data product, even if approved.

For example, there may be sensitive employee salary data in a data source. Because of that, there is a birthright subscription policy on that data source that is always required which states, only members of group HR can access this data source. This is effective; it provides global governance a guarantee that nobody can bypass policies on extremely sensitive data sources.

If that data source is now made part of a data product, the requesting user must be a member of group HR to gain access to that particular data source in the data product, even if approved to the data product. Should that policy change in a way that the user now meets the requirements or the user is added to group HR, Immuta will react by updating the policy. The user would then have access to that particular data source.

To provide transparency, the request access page will display the following information about each data source in the data product so the requestor is clear what they will, won't, and already have access to:

  • If the user already has access via a birthright subscription policy

  • If the user cannot gain access due to an existing birthright subscription policy

Note: it is still worth requesting access to a data product even if the user has access to all the data sources it contains because new data sources may be added later which they do not have birthright access to. In this case, if approved to the data product, they will gain access to the new data sources as soon as they are added to the data product.

What happens once approved (or not)?

If approved, Immuta will auto-provision access in the data platform(s) to the data sources in the data product. This is done natively in the data platform so that the user can query those tables/views/S3 objects directly from the data platform. This provisioning is represented as an understandable and scalable Immuta policy which will be combined with existing birthright policies, if any.

PreviousReference GuideNextShort Term Limitations

Last updated

Self-managed versions

2024.32024.22024.1

Copyright © 2014-2024 Immuta Inc. All rights reserved.