Data Policies

Data policies determine what users see when they query data in a table they have access to.

Overview

This guide provides a general overview of data policies and their behavior.

How-to guides

• Author a masking data policy

• Author a minimization policy

• Author a purpose-based restriction policy

• Author a restricted data policy

• Author a row-level policy

• Author a time-based restriction policy

• Certification, exemptions, and diffs: Certify policies, exempt users from policies, and view policy diffs on a data source.

• External masking interface: Set up Immuta to use the encryption or masking algorithm in your external masking service.

Reference guides

• All data policy types: This guide describes all the data policies available in Immuta.

• Masking policies: This guide describes the types of masking policies available and when to use each.

• Row-level policies: Row-level policies compare data values with user metadata at query-time to determine whether or not the querying user should have access to the individual rows of data.

• Custom WHERE clause functions: This guide describes the custom functions you can use to extend the PostgreSQL WHERE syntax.

• Data policy conflicts and fallback: In some cases, two conflicting global masking policies apply to a single data source. This guide describes how Immuta handles those conflicts.

• Custom data policy certifications: When building a global data policy, governors can create custom certifications that must be acknowledged by data owners when the policy is applied to data sources.

• Orchestrated masking policies: These policies reduce conflicts between masking policies that apply to a single column, allowing policies to scale more effectively across your organization.