Create Policies API Examples

Subscription Policies

Anyone Can Subscribe

name: Anyone
policyKey: subscription anyone
type: subscription
actions:
  type: anyone
  automaticSubscription: false
  description: Rationale
circumstances:
- type: tags
  tag: Discovered

Anyone Can Subscribe When Approved

name: Approval
policyKey: subscription approval
type: subscription
actions:
  type: approval
  approvals:
  - specificApproverRequired: false
    requiredPermission: OWNER
  - specificApproverRequired: true
    requiredPermission: GOVERNANCE
  description: Rationale
circumstances:
- type: columnTags
  columnTag: Discovered

Users with Specific Groups or Attributes

Users with Specific Groups or Attributes (Advanced)

Individual Users You Select

Data Policies

Data Owner Restrictions

Masking Policies

Conditional Masking

Conditional Masking (Using Otherwise Clause)

With a Constant

Format Preserving Masking

With Hashing (No Tags)

K-Anonymization (Using Fingerprint)

Sample data is processed during computation of k-anonymization policies

When a k-anonymization policy is applied to a data source, the columns targeted by the policy are queried under a fingerprinting process that generates rules enforcing k-anonymity. The results of this query, which may contain data that is subject to regulatory constraints such as GDPR or HIPAA, are stored in Immuta's metadata database.

The location of the metadata database depends on your deployment:

• Self-managed Immuta deployment: The metadata database is located in the server where you have your external metadata database deployed.

• SaaS Immuta deployment: The metadata database is located in the AWS global segment you have chosen to deploy Immuta.

To ensure this process does not violate your organization's data localization regulations, you need to first activate this masking policy type before you can use it in your Immuta tenant. To enable k-anonymization for your account, see the k-anonymization section on the app settings how-to guide.

K-Anonymization (by Specifying K)

Sample data is processed during computation of k-anonymization policies

When a k-anonymization policy is applied to a data source, the columns targeted by the policy are queried under a fingerprinting process that generates rules enforcing k-anonymity. The results of this query, which may contain data that is subject to regulatory constraints such as GDPR or HIPAA, are stored in Immuta's metadata database.

The location of the metadata database depends on your deployment:

• Self-managed Immuta deployment: The metadata database is located in the server where you have your external metadata database deployed.

• SaaS Immuta deployment: The metadata database is located in the AWS global segment you have chosen to deploy Immuta.

To ensure this process does not violate your organization's data localization regulations, you need to first activate this masking policy type before you can use it in your Immuta tenant. To enable k-anonymization for your account, see the k-anonymization section on the app settings how-to guide.

K-Anonymization (by Specifying Re-identification Probability)

Sample data is processed during computation of k-anonymization policies

When a k-anonymization policy is applied to a data source, the columns targeted by the policy are queried under a fingerprinting process that generates rules enforcing k-anonymity. The results of this query, which may contain data that is subject to regulatory constraints such as GDPR or HIPAA, are stored in Immuta's metadata database.

The location of the metadata database depends on your deployment:

• Self-managed Immuta deployment: The metadata database is located in the server where you have your external metadata database deployed.

• SaaS Immuta deployment: The metadata database is located in the AWS global segment you have chosen to deploy Immuta.

To ensure this process does not violate your organization's data localization regulations, you need to first activate this masking policy type before you can use it in your Immuta tenant. To enable k-anonymization for your account, see the k-anonymization section on the app settings how-to guide.

Make Null Using Column Regex

Randomized Response

Randomized Response (by Specifying Standard Deviation)

Using a Regex

With Reversibility

Using Rounding (Date)

Using Rounding (Using Fingerprint)

Using Rounding (Numeric)

Minimize Data Created Between

Purpose Restrictions

Any Purpose

Purpose in Server

Row-level Policy

By Time

Where User

Custom Where Clause

Multiple Policies