# Getting Started with Domains Domains are containers of data sources that allow you to assign data ownership and access management to specific business units, subject matter experts, or teams at the nexus of cross-functional groups. Instead of centralizing your data governance and giving users too much governance over all your data, you control how much power they have over data sources by granting them permission within domains in Immuta. ## Create a domain **Required Immuta permission**: `GOVERNANCE` 1. Navigate to the **Domains** page. 2. Click **+ New Domain**. 3. Enter a **Name** and **Description** for your domain. 4. Click **Save**. To create a domain using the API, see the [Domains API guide](https://documentation.immuta.com/saas/~/changes/l3NnvynMHxi6VvqRtJhK/developer-guides/api-intro/immuta-v1-api/manage-data-access/domains-api#post-collection). For more information about domains, see the [Domains reference guide](https://documentation.immuta.com/saas/~/changes/l3NnvynMHxi6VvqRtJhK/data-and-integrations/domains/domains). ## Assign domain permissions **Required Immuta permission**: `USER_ADMIN` User administrators can assign domain permissions from the [domain permissions tab](#domain-permissions-tab) or the [people page](#people-page). See instructions for both methods below. ### Domain permissions tab 1. Click **Domains** and navigate to the domain. 2. Got to the **Permissions** tab and click **+ Grant Permissions**. 3. Opt to select additional domains to apply the permission assignments to. 4. Choose how to assign the permission: * **Individual selected users**: Select this option from the dropdown and then search for individual users to grant the permission to. * **Users in group**: Select this option from the dropdown and then search for groups to grant the permission to. 5. Choose the permission to assign: * **Manage Policies** permission to allow them to create policies that will apply to the data sources within the domain. * **Audit Activity** permission to allow them to view audit events within the domain. 6. Review your changes and click **Grant Permissions**. To assign permissions using the API, see the [Domains API guide](https://documentation.immuta.com/saas/~/changes/l3NnvynMHxi6VvqRtJhK/developer-guides/api-intro/immuta-v1-api/manage-data-access/domains-api#post-collection-collectionid-permissions). For a list of permissions associated with domains, see the [Domains reference guide](https://documentation.immuta.com/saas/~/changes/l3NnvynMHxi6VvqRtJhK/data-and-integrations/domains#permissions). ### People page 1. Click **People** in the left navigation menu and select **Users** or **Groups**. 2. Select your user or group and then click the **Settings** tab. 3. Click **+ Add Domain Permissions**. 4. Select the **Domain** for which the user or group should have the permission. 5. Opt to select additional users or groups to grant the permission to within the selected domains. 6. Choose the permission to assign: * **Manage Policies** permission to allow them to create policies that will apply to the data sources within the domain. * **Audit Activity** permission to allow them to view audit events within the domain. 7. Review your changes and click **Grant Permissions**. ## Assign data sources to a domain **Required Immuta permission**: `GOVERNANCE` 1. Navigate to the **Domains** page and select your domain. 2. Click the **Data Sources** tab, and then click **+ Add Data Sources**. 3. Select the **checkboxes** for the data sources you want to add to your domain. 4. Click **+ Add to Domain**. To assign data sources using the API, see the [Domains API guide](https://documentation.immuta.com/saas/~/changes/l3NnvynMHxi6VvqRtJhK/developer-guides/api-intro/immuta-v1-api/manage-data-access/domains-api#post-collection-collectionid-datasources). For more information about domain data sources, see the [Domains reference guide](https://documentation.immuta.com/saas/~/changes/l3NnvynMHxi6VvqRtJhK/data-and-integrations/domains#domain-data-sources). ## Author a domain-scoped policy **Required Immuta permission**: `GOVERNANCE` or `Manage Policies` 1. Navigate to the **Domains** page and select your domain. 2. Click the **Subscription Policies** or **Data Policies** tab. 3. Click **Create Policy** and select **Subscription Policy** or **Data Policy**. 4. Write your [subscription policy](https://documentation.immuta.com/saas/~/changes/l3NnvynMHxi6VvqRtJhK/secure-your-data/authoring-policies-in-secure/section-contents/how-to-guides/subscription-policy-tutorial) or [data policy](https://documentation.immuta.com/saas/~/changes/l3NnvynMHxi6VvqRtJhK/secure-your-data/authoring-policies-in-secure/data-policies/how-to-guides/data-policy-tutorial) as outlined in the policies how-to guide. 5. When building your policy, your domain should automatically be added in the **What domain(s) should this policy be restricted to?** section. However, you can select more domains that you have the `Manage Policies` permission for here as well. This step will assign the policy to all data sources added to that domain. For more information about domain policies, see the [Domains reference guide](https://documentation.immuta.com/saas/~/changes/l3NnvynMHxi6VvqRtJhK/data-and-integrations/domains#domain-policies). ## Audit domain-related activity **Required Immuta permission**: `Audit Activity` Domain-related activity can be audited from the domain page, the audit page, the people page, or the data sources overview page. To find a specific audit record, 1. Navigate to the **Audit** page - records are automatically filtered to your authorized domains only. 2. Optional: Use filters to narrow down the search for activities. 3. Click on a record to see details about a specific activity. ## Delete a domain **Required Immuta permission**: `GOVERNANCE` 1. Navigate to the **Domains** page and select your domain. 2. Click **Remove Domain**. 3. **Confirm** your changes. To delete a domain using the API, see the [Domains API guide](https://documentation.immuta.com/saas/~/changes/l3NnvynMHxi6VvqRtJhK/developer-guides/api-intro/immuta-v1-api/manage-data-access/domains-api#delete-collection-collectionid).