Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This section of API documentation is specific to searching for data and audit logs, managing policies and access requests, and auditing user activity.
Policies can also be created and managed using the V2 API.
Data and subscription policies: Manage and review data and subscription policies in Immuta.
Write access policies: Author policies to manage write access to data sources.
Domains reference guide: Create and manage a domain.
Manage access requests: View and manage data source and project access requests.
Policy handler object: View examples of policy handler objects.
Search audit logs: Search Immuta audit logs.
Search connection strings: Search by connection string.
Search for organizations: Search by organization.
Search schemas: Search by schema.
Write policies API endpoint reference guide
The policies resource allows you to manage and apply policies to your data sources. The endpoints and examples provided in this guide are specific to creating global write policies.
POST
/dataSource/{dataSourceId}/access
Manually grants write access to a user.
The request accepts a JSON or YAML payload. See the write access manual grant payload description for parameter details.
The response returns the following JSON object. See the payload reference guide for details about the response schema.
POST
/policy/global
Creates a global policy.
The example below grants write access to users with the attribute has.write
and applies the global policy to all data sources.
The example below grants users write access when they are individually selected by data owners and applies the policy to data sources with columns tagged Discovered.Person Name
.
The request accepts a JSON or YAML payload. See the global policy payload description for parameter details.
The response returns the global policy configuration. See the payload reference guide for details about the response schema.
DELETE
/policy/global/{policyId}
Deletes the specified policy.
The response returns the deleted global policy configuration. See the payload reference guide for details about the response schema.
GET
/policy/global/{policyId}
Gets the specified policy.
The response returns the global policy configuration. See the payload reference guide for details about the response schema.
PUT
/policy/global/{policyId}
Updates the specified policy.
The request accepts a JSON or YAML payload. See the global policy payload description for parameter details.
The response returns the updated global policy configuration. See the payload reference guide for details about the response schema.
Domains API reference guide
The collections object represents a domain you've created that contains data sources and assigned permissions. Currently, the only collection type available is a domain, so collections and domains are referred to interchangeably throughout this page.
POST
/collection
GET
/collection
Retrieve domains created in Immuta. These results can be filtered by permission or by name.
The following table describes optional query parameters for retrieving domains.
GET
/collection/{collectionId}
Retrieve a domain with the given collectionId
to view the data sources, description, and assigned permissions associated with the domain.
GET
/collection/{collectionType}/{collectionName}
Retrieve a domain with the given collectionName
to view the data sources, description, and assigned permissions associated with the domain.
PUT
/collection/{collectionId}
Change the domain name or description. You must have the global GOVERNANCE
permission to update the domain.
Path parameter
Body parameters
DELETE
/collection/{collectionId}
Delete a domain. The domain must have zero data sources for a user with the global GOVERNANCE
permission to delete the domain.
Path parameter
Query parameter
Returns a 204 code when the domain is successfully deleted. Additional responses are provided below:
400: An invalid ID was provided.
404: The domain was not found.
POST
/collection/{collectionId}/datasources
Add existing data sources to a domain. You must have the GOVERNANCE
permission.
The request will fail if any data source IDs that have already been assigned to a domain are included in the payload.
Path parameter
Body parameter
Returns a unique identifier of the background job that adds the data sources to the domain.
GET
/collection/{collectionId}/datasources
Retrieve the data sources within a domain.
Path parameter
Query parameters
Returns a data property that contains an array of up to size
data sources. Each entry in the array is a separate data source. If there are no data sources in the domain, the array will be empty.
DELETE
/collection/{collectionId}/datasources/{dataSourceId}
Remove data sources from a domain. To remove data sources from a domain, you must have the global CREATE_DATA_SOURCE
permission.
Returns a 204 code when the data source is successfully removed from the domain. Additional responses are included below:
403: Requesting user does not have permission to remove the data source.
404: The specified collection or data source was not found.
POST
/collection/{collectionId}/permissions
Assign domain permissions to a specific user. You must have the global USER_ADMIN
permission to assign domain permissions to users.
Path parameter
Body parameters
GET
/collection/{collectionId}/permissions/{memberType}
Retrieve a list of permissions associated with the domain.
Path parameters
Query parameters
Returns a data property that contains an array of users or groups who have been assigned that permission in the domain.
GET
/collection/permissions/{memberType}/{memberId}
Retrieve a list of permissions for the specified user or group across all domains they are a member of.
Returns a data property that contains an array of permissions that have been assigned to the user or group in all the domains they are a member of.
DELETE
/collection/{collectionId}/permissions/{permissionId}
Remove a domain permission from a specific user or group. You must have the global USER_ADMIN
permission to remove domain permissions from users and groups.
Returns a 204 code when the permission is successfully removed from the user. Additional responses are provided below:
400: Invalid permission
404: Collection or permission not found
DELETE
/collection/{collectionId}/permissions/{memberType}/{memberId}/{permissionType}
Remove a domain permission based on the permission type. You must have the global USER_ADMIN
permission to remove domain permissions from users and groups.
Returns a 204 code when the permission is successfully removed. Additional responses are provided below:
400: Invalid permission
404: Collection or permission not found
Subscription API reference guide
This page describes the subscription
endpoint, which allows you to view and manage access requests.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
GET
/subscription/getPendingRequestsForUser
Get pending access requests the calling user can approve.
The following request gets pending access requests the calling user can approve.
GET
/subscription/requestInfo/{modelType}/{modelId}
Get pending request information for specified model and requesting user (or specified entity).
The following request gets pending access requests for the data source with the ID 6
for the current user.
POST
/subscription/approve
Approve specified access requests.
The following request approves the subscription request.
POST
/subscription/approve/bulk
Bulk approve access requests.
The following request approves all of the subscription requests.
POST
/subscription/deny
Deny specified access requests.
The following request denies the subscription request.
POST
/subscription/deny/bulk
Bulk deny access requests.
The following request with the payload below denies the subscription requests with the IDs 40
and 41
.
The parameters for manually granting write access to a data source without using a policy are outlined in the table below.
The parameters for creating a global write policy are outlined in the table below.
The actions array specifies the policy access type and restriction level. Its child parameters are outlined in the table below.
The circumstances object specifies the conditions under which the policy applies to a data source. Its child parameters are outlined in the table below.
This page describes how to update policies using the Policy Handler API.
dataSourceId
(integer): ID of the data source the policy will be applied to.
Example: 1
jsonRules
(array[object]): Array of JSON rules objects.
The jsonRules
array contains rules objects. The following types of policy rules are supported:
Not all combination of policy rules are valid. The examples below are supported policy rule combinations:
Prerequisite, Visibility, Masking
Prerequisite, Masking, Minimization
Prerequisite policies are used to limit usage to one or more purposes.
type
(string): Policy rule type. Must be prerequisite
for prerequisite policy rules.
Example: "prerequisite"
operator
(string): Operator to be applied on conditions. Possible values: and, or.
Example: "or"
conditions
(array[object]): Conditions to be applied for the rule. Multiple values will be evaluated according to the operator.
Example:
In this example, users will only have access to data from this data source when they are acting under the purpose
named Purpose Name
.
Visibility policies are used to enforce row-level security.
type
(string): Policy rule type. Must be visibility
for row-level security policy rules.
Example: "visibility"
operator
(string): Operator to be applied on conditions. Possible values: and, or.
Example: "or"
conditions
(array[object]): Conditions to be applied for the rule. Multiple values will be evaluated according to the operator.
Note: When adding conditions to a visibility policy rule, the field
is required, and the condition value
should be left empty. For example, for a group policy condition, the group name is not specified.
The user must possess the group, attribute, or purpose that matches the value stored in the field
.
Example:
In this example, users will only see rows when they have an authorization
that matches the value in the field department
and they belong to a group
that matches the value in the field organization
.
Masking policy rules will mask the value in one or more columns.
type
(string): Policy rule type. Must be masking
for masking policy rules.
Example: "masking"
fields
(array[string]): Fields that will be masked when a user does not fulfill policy conditions.
Example: ["email", "location"]
operator
(string): Operator to be applied on conditions. Possible values: and, or.
Example: "or"
conditions
(array[object]): Conditions to be applied for the rule. Multiple values will be evaluated according to the operator.
Note: When adding conditions to a masking policy rule, the field
will be left blank, and the condition value
should be populated.
name
(string): Name of the field being masked.
Example: "social"
type
(string): Type of masking to apply. Supported values are "Consistent Value"
, "Grouping"
, "Regular Expression"
Example: "Consistent Value"
metadata
(object): Extra metadata used when masking the value.
Consistent value
constant
(string|null): Constant value to mask to. If this field is not defined, the value will be hashed.
Example: "REDACTED"
Regular expression
regex
(string): Regex to match against when masking columns.
Example: "[0-9]{3}-[0-9]{2}"
replacement
(string): String used to replace the matched regex.
Example: "xxx-xx"
Grouping
bucketSize
(integer): For number fields. Size of buckets to round numbers to.
Example: 100
timePrecision
(string): For time fields. Time precision to round to. Possible values: "MIN"
, "HOUR"
, "DAY"
, "WEEK"
, "MONTH"
, "YEAR"
Example: "HOUR"
Example policy handler update with masking configuration metadata:
Example:
In this example, the fields email
and location
will be masked unless the user belongs to the group admins
.
Minimization policy rules will show a limited percentage of the data, based on a high cardinality column, for everyone unless the user fulfills the policy conditions.
type
(string): Policy rule type. Must be additional
for minimization policy rules.
Example: "additional"
name
(string): Name of additional policy. Must be minimization
for minimization policy rules.
Example: "minimization"
operator
(string): Operator to be applied on conditions. Possible values: and, or.
Example: "or"
conditions
(array[object]): Conditions to be applied for the rule. Multiple values will be evaluated according to the operator.
Note: When adding conditions to a minimization policy rule the field
will be left blank.
percent
(integer): Percentage of the data to show to the users. This percentage will be based off of unique values in the hashPhrase
column.
Example: 50
hashPhrase
(string): Column to base the percentage off of. This should be a high cardinality column in the data source.
Example: "name"
Example policy handler rule:
In this example, 50 percent of the data, based on the name
field, will be visible to users unless they fulfill the policy conditions.
Example data source update (partial):
Time-based rules will make a limited portion of the data available based on event time. The data source must contain an event time column in order for this policy type to be valid. For instance, users who do not fulfill the policy conditions will only see data from within the defined time window.
type
(string): Policy rule type. Must be additional
for minimization policy rules.
Example: "additional"
name
(string): Name of additional policy. Must be time
for time based policy rules.
Example: "time"
operator
(string): Operator to be applied on conditions. Possible values: and, or.
Example: "or"
conditions
(array[object]): Conditions to be applied for the rule. Multiple values will be evaluated according to the operator.
Note: When adding conditions to a time based policy rule the field
will be left blank.
time
(integer): Age in seconds of the oldest data a user will be allowed to see. This counts backward from the present.
Example: 14400
Example policy handler rule:
In this example, only data from the last 4 hours will be visible to users unless they fulfill the policy conditions.
Example data source update (partial):
There are three types of policy conditions:
The group policy condition restricts access to the condition when a user is a member of a group.
type
(string): Type of policy condition. Must be "groups"
for the group policy condition.
Example: "groups"
group
(object): Object describing group user must belong to in order to satisfy the policy condition.
field
(string): Data field to match group name against when checking policy.
Example: "department"
Example:
name
(string): Name of group user must belong to in order to satisfy the policy condition.
Example: "users"
iam
(string): ID of the IAM containing the group.
Example: "active_directory"
The attribute policy condition restricts access to the condition when a user possesses an attribute.
type
(string): Type of policy condition. Must be "authorizations"
for the attribute policy condition.
Example: "authorizations"
authorization
(object): Object describing attribute user must possess in order to satisfy the policy condition.
field
(string): Data field to match attribute value against when checking policy.
Example: "department"
Example:
auth
(string): Name of attribute to check for attribute value.
Example: "accesses"
value
(string): Value of attribute user must possess in order to satisfy the policy condition.
Example: "PII"
iam
(string): ID of the IAM user must receive the attribute from.
Example: "active_directory"
The purpose policy condition restricts access to the condition when a user is acting under a purpose.
type
(string): Type of policy condition. Must be "purposes"
for the purpose policy condition.
Example: "purpopses"
value
(string): Purpose name user must be acting under in order to satisfy the policy condition.
Example: "Purpose"
field
(string): Data field to match purpose name against when checking policy.
Example: "department"
Example:
Audit API reference guide
This page describes the audit
endpoint API. The audit API allows users to programmatically search for audit records in Immuta.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
GET
/audit
Search for audit records.
The following request searches for all audit records.
GET
/audit/{recordId}
Retrieve a specific audit record.
The following request retrieves a specific audit record.
GET
/audit/apikey/activity
Queries for the recent activity using the API key.
The following request queries for the recent activity using the API key.
GET
/audit/queries/dataSource/{dataSourceId}/mine
Returns the list of the current user's distinct queries for the specified data source.
The following request returns the list of the current user's distinct queries.
Policy API reference guide
The policy
endpoint allows you to manage and review policies in Immuta. This page outlines the endpoint and its request and response parameters.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
POST
/policy/global
Create a Global Policy with a given entityType
.
When successful, the response returns the body of the request payload.
This example request creates a Global Policy (saved in the example-payload.json
file) in the Immuta tenant.
Request payload example
POST
or PUT
/policy/handler/{dataSourceId}
Create (POST) or update (PUT) a policy for the specified data source.
This example request applies the policy specified in the payload to the data source with the ID 2
.
Request payload example
Note: Global policies that contain the condition "with columns tagged" or "on all data sources" will automatically apply to relevant data sources when the policy is created. The endpoint detailed below can be used to apply Global Policies that contain the condition "when selected by data owners," as these policies are not automatically applied to data sources.
POST
/policy/global/applyPolicy
Apply the Global Policy to the specified data source.
None. When successful, no message will display.
This example request applies the specified Global Policy to the specified data source (saved in the example-payload.json
file) in the Immuta tenant.
Request payload example
The following payload will apply the Global Policy with the ID 1
to the data source with ID 1
.
PUT
/policy/global/{policyId}
Update the specified policy.
When successful, the response returns the body of the request payload.
This example request updates the specified Global Policy (8
) with changes to the metadata saved in the example-payload.json
file.
Request payload example
In this payload, the user updated the description
attribute to update the policy.
POST
/policy/search
Searches for specified policies.
This example request searches for a Global Policy that contains the text mask
in Immuta.
GET
/policy/global/{policyId}
Find the policy with the specified ID.
This example request returns the Global Policy with the ID 1
.
GET
/policy/global
Find the policy with the specified entity type.
This example request returns the name, type, and ID of all policies.
GET
/policy/global/appliedTo/{policyId}
Find the number of data sources the specified policy applies to.
This example request returns the number of data sources the Global Policy with the ID 6
applies to.
GET
/policy/dataSourcePolicies/{dataSourceId}
Get the policy information for the specified data source.
This example request returns the information of policies applied to the data source with the ID 2
.
GET
/policy/diff/{dataSourceId}
Get the differences between two policy handler versions.
This example request returns the information of policies applied to the data source with the ID 3
.
GET
/policy/handler/{dataSourceId}
Get the policy handler metadata for a specific data source.
This example request returns the policy handler metadata for policies applied to the data source with the ID 1
.
DELETE
/policy/global/{policyId}
Delete the specified Global Policy.
The following request deletes the Global Policy with ID 6
.
Organizations API reference guide
This page describes the organizations
endpoint.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
GET
/organizations
Search for organizations.
The following request searches for organizations that contain Immuta
in their name.
Connection strings API reference guide
This page describes the connectionStrings
endpoint.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
GET
/connectionStrings
Search across all connection strings in the handler table.
The following request searches across all connection strings in the handler table.
Method | Endpoint | Description |
---|---|---|
Parameter | Description |
---|---|
Parameter | Description |
---|---|
Parameter | Description |
---|---|
Attribute | Description |
---|
Method | Endpoint | Description |
---|
Create a new domain. You must have the global GOVERNANCE
permission to create a domain. You can after creating the domain.
Parameter | Description | Required or Optional | Default values | Accepted values |
---|
Returns a .
Parameter | Description | Accepted values |
---|
Returns a data property that contains an array of up to size
. If no domains exist, the array will be empty.
Parameter | Description |
---|
Returns a .
Parameter | Description |
---|
Returns a .
Parameter | Description |
---|
Parameter | Description | Required or Optional | Default values | Accepted values |
---|
Returns a with the new name or description.
Parameter | Description |
---|
Parameter | Description |
---|
Parameter | Description |
---|
Parameter | Description | Required or Optional | Default values | Accepted values |
---|
Parameter | Description |
---|
Parameter | Description | Accepted values |
---|
Parameter | Description |
---|
Attribute | Description |
---|
Parameter | Description |
---|
Parameter | Description | Required or Optional | Default values | Accepted values |
---|
Returns an array of that represent a permission in a domain assigned to a specific user. If the permission had already been assigned to the user for that domain, the response will include an error for the permissions that were not assigned to that user because the permission already existed.
Parameter | Description |
---|
Parameter | Description | Accepted values |
---|
Parameter | Description |
---|
Parameter | Description | Accepted values |
---|
Parameter | Description |
---|
Parameter | Description |
---|
.
.
.
Method | Path | Purpose |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Method | Path | Purpose |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Method | Path | Purpose |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Parameter | Description | Required or optional | Default values | Accepted values |
---|
Parameter | Description | Required or optional | Default values | Accepted values |
---|
Parameter | Description | Required or optional | Default values | Accepted values |
---|
Parameter | Description | Required or optional | Default values | Accepted values |
---|
Parameter | Description |
---|
Parameter | Description |
---|
Method | Path | Successful Status Code |
---|
The create policy handler endpoint must be a .
Method | Path | Successful Status Code |
---|
The update policy handler endpoint must be a .
Example: See
Example: See
Example: See
Example: See
When using a masking rule, there is an additional field that needs to be sent in the in the policyHandler.maskingConfiguration
array field.
Example: See
Example: See
When using a minimization rule, there is an additional field that needs to be sent in the in the policyHandler.additionalFilters.minimization
field.
Example: See
When using a time based rule, there is an additional field that needs to be sent in the in the policyHandler.additionalFilters
field.
Example: See
Example: See
This endpoint has been deprecated and replaced by .
.
.
.
.
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
.
.
.
Method | Path | Purpose |
---|
Attribute | Description | Required |
---|
See the for payload examples and details.
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
Attribute | Description | Required |
---|
See the for payload examples and details.
Method | Path | Purpose |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
The response returns a .
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
The response returns a of the policy that was deleted.
Attribute | Description | Required |
---|
Attribute | Description |
---|
Attribute | Description | Required |
---|
Attribute | Description |
---|
POST
Manually grants write access to a user
POST
Creates a global write access policy
DELETE
Deletes the specified global write access policy
GET
Gets the global policy with the given policy ID
PUT
Updates the specified global policy
dataSourceId integer
The unique identifier of the data source.
policyId integer
The unique identifier of the policy.
policyId integer
The unique identifier of the policy.
id | The unique identifier of the domain. |
name | The name of the domain. |
description | The description of the domain that will be displayed for users. |
createdBy | The unique identifier of the user who created the domain. |
profile.name | The name of the user who created the domain. |
createdAt | The date and time the domain was created. |
updatedAt | The date and time the domain was updated. |
type | The type of collection. Value is |
id | The unique identifier of the domain. | Required | - | - |
name | The name of the domain. | Required | - | - |
description | The description of the domain that will be displayed for users. | Optional | - | - |
type | The type of collection. | Required |
|
|
type | The type of collection. |
|
offset | The number of items from the beginning of the response to exclude. You can combine the | Minimum value is |
size | The number of domains to return. | Minimum value is |
searchText | The text to search for in domain names. This will return domains with a name that contains this search text. | - |
withPermissions | Only returns domains that the querying user has been granted the permission in. |
|
collectionId | The unique identifier of the domain. |
collectionType | The type of collection. The accepted value is |
collectionName | The name of the domain. |
collectionId | The unique identifier of the domain. |
name | The name of the domain. | Optional | - | - |
description | The description of the domain that will be displayed for users. | Optional | - | - |
collectionId | The unique identifier of the domain. |
dryRun | If |
collectionId | The unique identifier of the domain. |
dataSourceId | The unique identifier of the data source in Immuta. | Required | - | - |
collectionId | The unique identifier of the domain. |
offset | The number of items from the beginning of the response to exclude. You can combine the | Minimum value is |
size | The number of data sources to return. | Minimum value is |
collectionId | The unique identifier of the domain from which to remove the data source. |
dataSourceId | The unique identifier of the data source to remove. |
id | The unique identifier of the permissions object. |
profileId | The unique identifier of the user the permission is assigned to. |
groupId | The unique identifier of the group the permission is assigned to. |
collectionId | The unique identifier of the domain. |
permission | The permission assigned to the user. Accepted values are |
createdAt | The date and time the permission object was created. |
source | Indicates whether the permission was assigned as a user permission or a group permission. |
collectionId | The unique identifier of the domain. |
groupId | The unique identifier of the group the permission is assigned to. | Optional |
| - |
profileId | The unique identifier of the user in the identity manager. | Optional |
| - |
permission | The domain permission assigned to the user. | Required | - |
|
collectionId | The unique identifier of the domain. |
memberType | The type of member to get a list of permissions for. Possible values include |
type | The permission to return. |
|
offset | The number of items from the beginning of the response to exclude. You can combine the | Minimum value is |
size | The number of users to return. | Minimum value is |
searchText | A string used to filter the results returned by the | - |
sortField | Specifies the field to sort the results by. |
|
sortOrder | Specifies how to sort the results of the request. |
|
memberType | The type of member to get a list of permissions for. Possible values include |
memberId | The unique identifier of the user or group. |
type | The permission to return. |
|
offset | The number of items from the beginning of the response to exclude. You can combine the | Minimum value is |
size | The number of permissions to return. | Minimum value is |
searchText | A string used to filter the results returned by the | - |
sortField | Specifies the field to sort the results by. |
|
sortOrder | Specifies how to sort the results of the request. |
|
collectionId | The unique identifier of the domain. |
permissionId | The unique identifier of the assigned permission. |
collectionId | The unique identifier of the domain. |
memberType | The type of member to remove the permission from. Possible values include |
memberId | The unique identifier of the user or group. |
permissionType | The type of permission to delete. Accepted values are |
groupByEntity |
| No |
profileId |
| No |
groupId |
| No |
name |
| No |
| No |
modelName |
| No |
modelTypes |
| No |
size |
| No |
sortField |
| No |
sortOrder |
| No |
offset |
| No |
hits |
|
count |
|
modelType |
| Yes |
modelId |
| Yes |
profileId |
| No |
groupId |
| No |
records |
|
id |
| Yes |
expiration |
| No |
id |
|
model |
|
entity |
|
requestIds |
| Yes |
id |
| Yes |
type |
| Yes |
success |
|
id |
| Yes |
denialReasoning |
| Yes |
id |
|
model |
|
entity |
|
requestIds |
| Yes |
id |
| Yes |
type |
| Yes |
denialReasoning |
| Yes |
success |
|
profileId | The unique identifier of the user to whom you are granting write access. | Required | - | - |
state | The user's role on the data source. | Required | - |
|
accessGrant | The type of access to grant the user. | Required | - |
|
type | The type of policy. For write access policies, the type is | Required | - |
|
accessGrant | The type of access the user is granted. | Required | - |
|
description | The description of the policy. | Optional |
| - |
subscriptionType | The restriction level of the subscription policy. | Required | - |
|
operator | Specifies how to combine the conditions of the policy. | Required | - |
|
type | The type of condition under which to apply the policy. | Required | - |
|
columnRegex | This object indicates that the policy should apply to data sources with column names that match the regular expression. Its child parameters are outlined below. | Required when type is | - | - |
columnRegex.regex | A regular expression that matches names of columns. | Required when type is | - | - |
columnRegex.caseInsensitive | When | Optional |
|
|
columnTag | This object specifies the column tags required for the policy to apply to the data source. Child parameters are outlined below. | Required if type is | - | - |
columnTag.name | The name of the tag. | Required if type is | - | - |
columnTag.displayName | The display name of the tag. | Optional | - | - |
columnTag.hasLeafNodes | When | Optional | - | - |
server | The server that contains the data sources the policy should be applied to. | Required when type is | - | - |
startDate | Applies the policy to data sources created on or after this startDate and before the endDate (if the endDate is specified). | Required when type is | - | - |
endDate | Applies the policy to data sources created on or before this endDate and after the startDate. | Optional |
| - |
isSubscriptionOverride | When |
id | The unique identifier of the user's subscription to the data source. |
modelId | The unique identifier of the data source. |
modelType | The type of model the subscription policy applies to. For write policies, modelType is |
state | The type of role the user has, such as |
admin | The unique identifier of the user who granted write access to the data source subscriber. |
denialReasoning | If the user was denied access to the data source, this field contains the reason entered by the owner who denied access. |
profile | The unique identifier of the user who has been granted write access. |
group | The name of the group that has been granted write access, when applicable. |
policy | When |
expiration | The date the user's access expires. |
acknowledgeRequired | When |
createdAt | The date and time the user's access to the data source was granted. |
updatedAt | The date and time the user's access to the data source was updated. |
accessGrant | The type of access the user has to the data source: |
approved | When |
POST |
| 200 |
PUT |
| 200 |
dataSourceId |
| No |
projectId |
| No |
profileId |
| No |
recordType |
| No |
outcome |
| No |
minDate |
| No |
maxDate |
| No |
blobId |
| No |
offset |
| No |
size |
| No |
sortField |
| No |
sortOrder |
| No |
hits |
|
recordId |
| Yes |
hits |
|
recordId |
| Yes |
value |
|
dataSourceId |
| Yes |
offset |
| No |
size |
| No |
sortField |
| No |
sortOrder |
| No |
auditId |
|
lastRun |
|
timesRun |
|
name |
|
body |
| Yes |
dataSourceId |
| Yes |
jsonPolicies |
| Yes |
id |
|
url |
|
dataSourceId |
|
createdBy |
|
ca |
|
jsonPolicies |
|
rules |
|
createdAt |
|
updatedAt |
|
payload |
| Yes |
policyID |
| Yes |
dataSourceID |
| Yes |
merged |
| Yes |
policyID |
| Yes |
payload |
| Yes |
body |
| No |
type |
| No |
scope |
| No |
size |
| No |
offset |
| No |
sortField |
| No |
sortOrder |
| No |
searchText |
| No |
countOnly |
| No |
mode |
| No |
excludedPolicies |
| No |
Count |
|
Hits |
|
policyId |
| Yes |
offset |
| No |
size |
| No |
sortField |
| No |
sortOrder |
| No |
searchText |
| No |
type |
| No |
scope |
| No |
nameOnly |
| No |
templates |
| No |
name |
|
id |
|
type |
|
hits |
|
policyId |
| Yes |
count |
|
dataSourceId |
| Yes |
retrieveAll |
| No |
excludeGlobal |
| No |
body |
|
dataSourceId |
| Yes |
previousHandlerId |
| No |
currentHandlerId |
| No |
current |
|
previous |
|
hasChanges |
|
dataSourceId |
| Yes |
hits |
|
policyId |
| Yes |
searchText |
| No |
name |
|
searchText |
| No |
values |
|
POST | Creates a new domain |
GET | Retrieves all domains |
GET | Retrieves a specific domain |
GET | Retrieves a specific domain by name |
PUT | Updates a domain name or description |
DELETE | Deletes a domain |
POST | Adds data sources to a domain |
GET | Retrieves the data sources in the domain |
DELETE | Deletes a data source from a domain |
POST | Assigns a domain permission to a user |
GET | Retrieves user permissions assigned in the domain |
DELETE | Removes a domain permission from a user by the permission ID |
DELETE | Removes a domain permission from a user by the user ID and permission type. |
GET | Get pending access requests the calling user can approve. |
GET | Get pending request information for specified model and requesting user (or specified entity). |
POST | Approve specified access requests. |
POST | Bulk approve access requests. |
POST | Deny specified access requests. |
POST | Bulk deny access requests. |
type | The type of policy to create. | Required | - |
|
name | The name of the policy. | Required | - | - |
template | Specifies whether or not the policy should be available as a template. | Optional |
|
|
Required | - |
staged | When | Required | - |
|
Optional | By default, the policy applies to all data sources. | - |
policyKey | The unique name of the policy. |
createdBy | The unique identifier of the user who created the policy. |
createdByName | The username of the user who created the policy. |
createdAt | The date the policy was created. |
clonedFrom | The unique identifier of the policy that the new policy was cloned from. |
systemGenerated | Indicates whether or not the policy is system-generated. |
deleted | When |
id | The unique identifier of the policy. |
type | The type of policy. For write access policies, the type is |
name | The name of the policy. |
template | Specifies whether or not the policy is available as a template. |
certification | The certification object only applies to data policies, not write access policies. |
actions | Specifies the policy access type and restriction level. |
actions.type | The type of policy. For write access policies, the type is |
actions.accessGrant | The type of access the user is granted. For write access policies, actions.accessGrant is |
actions.description | The description of the policy. |
actions.allowDiscovery | When |
actions.subscriptionType | The restriction level of the subscription policy. |
actions.shareResponsibility | When |
actions.automaticSubscription | When |
staged | When |
circumstances |
POST |
|
POST or PUT |
|
POST |
|
PUT |
|
POST |
|
GET |
|
GET |
|
GET |
|
GET |
|
GET |
|
GET |
|
Schemas API reference guide
This page describes the schemas
endpoint of the Immuta API and its request and response parameters.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
GET
/schemas
Search across all schemas in the handler table.
This example request gets all of the schemas with the string "medical" in their name.
Specifies the policy access type and restriction level. See the for details.
This object specifies the conditions under which the policy applies to a data source. Set the value to null
to enforce the policy only when it is applied by data owners. Do not include this object in your payload to apply the policy to all data sources. See the for additional parameters and details.
Specifies the conditions under which the policy applies to a data source. See the for child parameters.
.
.
.
.
.
.
.
.
.
.
.
Attribute | Description | Required |
---|---|---|
Attribute | Description |
---|---|
searchText
string
Used to filter returned schemas. The query is executed with a wildcard prefix and suffix.
No
values
metadata
The name
and count
for each result.
name
string
The name of the schema.
count
integer
The total number of data sources attached to that schema.