If users registered tables from the same schema as Immuta data sources, users could break data sources they didn't own if they deleted or changed the schema project connection.
The Databricks Unity Catalog integration configuration on the App Settings page asked for an "Instance Role ARN" instead of the "Instance Profile ARN."
Users were unable to add data sources from the Hive Metastore in the Databricks Spark integration with Unity Catalog.
Databricks Spark Integration with Unity Catalog Support: Enable Unity Catalog support on Immuta clusters to use the Metastore across your Databricks workspaces and enforce Immuta policies on your data. This integration provides a migration pathway for you to add your tables in Unity Catalog while using Immuta policies. Consequently, when additional Unity Catalog features are available, you will be ready to use them. Databricks SQL policies will continue to be enforced through a view-based method, and interactive cluster policies through the Immuta plugin method.
Databricks Runtime 11.2 support.
Write Fewer, Simpler ABAC Policies. Enhanced Subscription Policy Variables (Public Preview) empower users to write fewer, simpler ABAC (Users with Specific Groups/Attributes) policies. Previously, policy writers had to specify groups in separate policies to grant access. With Enhanced Subscription Policy Variables, Immuta's policy engine compares users' groups with data source or column tags in a single policy to determine if there is a match. Users who have a group that matches a tag on a data source or column will be subscribed to that data source.
Immuta supports registering data sources that exceed 1600 columns. However, sensitive data discovery and health checks will not run on those data sources.
The maximum length for the Snowflake role prefix when using Snowflake Table Grants is 50 characters.
Users cannot enable or disable native impersonation when editing a previously configured integration.
Alternative owners of data sources were not included in the subscription audit records if the data source was created using the Immuta V2 API.
Snowflake Table Grants: If a user who was added to a Snowflake data source through a group Subscription Policy was removed from a data source, that user could see the columns (without any data) of the table when they queried that data in Snowflake.
When users edited a Snowflake integration configuration and changed the authentication type to Snowflake External OAuth, the configuration was still saved as Username and Password for the authentication type.
Vulnerability: CVE-2022-39299
Editing a schema project to a database that already exists fails.
The following UI elements and workflows have been removed. Reach out to your Immuta representative if you need one of these elements re-enabled.
Data source Metrics tab.
Data source Queries tab.
Creating data sources with a SQL statement.
Selecting specific columns to hide when creating a data source in the UI or V2 API.
Tag enhancements (public preview): The tag enhancements feature will improve user experience by updating various components of the UI.
Azure Synapse Analytics: If a user was granted access to about 1300 data sources, access to those tables was delayed.
Deleting an integration on the App Settings page and saving the configuration caused the Immuta UI to crash.
Editing a schema project to a database that already exists fails.
Collibra integration performance improvements.
Immuta's Collibra integration recognizes the implicit relationship between the Database View in Collibra and Immuta data source columns so that tags are properly applied to those columns in Immuta.
The Immuta V1 API /dataSource
endpoint returns the remote table name so that users can get the schema and table name of a data source in one API call.
The data source Relationships tab only displayed up to 10 associated projects.
If creating the Immuta database failed in the Snowflake without Snowflake Governance Controls or Databricks SQL integration, the error returned was incorrect.
Removed historical schema monitoring metrics that contained database connection strings.
Subqueries that referenced a table that didn't exist never resolved.
Policies:
Disabling a Global conditional masking policy on a data source could sometimes disable all policies or none of the policies on the data source.
If users submitted a Global Policy payload to the API that was missing the subscriptionType
from the actions, the Global Policies page broke when trying to display Subscription Policies.
Global Subscription Policies that contained the @hasTagAsAttribute
variable caused errors and degraded performance.
Snowflake with Snowflake Governance Features: Changing a column's masking policy type resulted in errors until users manually synced the policy in Immuta.
Redshift:
Users were unable to query tables that had a policy with a Limit usage to purpose(s) <ANY PURPOSE>
applied to them.
There were error-handling inconsistencies between the Immuta UI and the database logs.
Vulnerabilities:
CVE-2022-3517
CVE-2022-3602
CVE-2022-37616
CVE-2022-39353
Editing a schema project to a database that already exists fails.
Deleting a tag hierarchy deleted any tags with a like name. For example, deleting the tag department
would also delete the tag department_marketing
.
The Refresh External Tags button appeared on the Tag page even if no external catalogs were configured.
Users couldn't change the schema detection owners for schema projects.
Collibra: If multiple values were assigned to an attribute in Collibra, they were added as a single tag in Immuta. For example, if an attribute list called Color
contained values Blue
, Green
, and Yellow
, and Blue
and Green
were selected in Collibra, Immuta displayed the data tag as Color.Blue,Green
. Instead, Immuta should have created two tags: Color.Blue
and Color.Green
.
Webhooks that were listening to setUserAuthorizations
were not triggered.
Deleting a Data Policy did not enable the Save Policy button.
With Approve to Promote enabled, adding a comment to a policy did not enable the Save Policy button.
Editing a schema project to a database that already exists fails.
Use the latest Databricks Runtime with Immuta. Databricks Runtime 11.0 is now supported in Immuta.
Connect Snowflake data to Immuta without providing your account credentials. Immuta supports Snowflake External OAuth as a non-password authentication mechanism when configuring the Snowflake integration or creating Snowflake data sources.
Let Immuta manage privileges on your Snowflake tables instead of manually granting table access to users. With Snowflake table grants enabled, Snowflake Administrators no longer have to manually grant table access to users; instead, Immuta manages privileges on Snowflake tables and views according to the subscription policies on the corresponding Immuta data sources.
Ensure that policies are adequately reviewed and approved before they are eligible for production environments. Instead of creating policies directly in production, Approve to Promote allows policy authors to create, assess, and revise policies in a policy-authoring environment. Then, the policy must be approved by a configured number of users before it is promoted to the production environment and enforced on data sources.
The undocumented deletedHandlerSubscribers
attribute, which indicates a subscription policy changed, was removed from the data source notifications webhook payload. If you were depending on that attribute in your customized webhooks, that code won't work.
IAMs:
Microsoft Entra ID: When SCIM was enabled for Microsoft Entra ID, sometimes user attributes were removed from users in Immuta when they should not have been.
Policies:
Global Subscription Policies that were applied “When selected by data owners” could not be deleted when using Approve to Promote.
If a Global Subscription Policy was disabled for a data source, staging that Global Policy on the policies page caused the Subscription policy to change on the data source.
Local Policies using @columnTagged()
were not properly applied to data in Databricks when the column was tagged.
Projects:
Project owners could not edit projects with approved purposes and data sources.
The baseline percent null values could not be adjusted for k-anonymized columns on the Expert Determination tab in projects.
Snowflake:
Instances that used the Snowflake integration without Snowflake Governance features were sometimes automatically migrated to using Snowflake Governance features when Immuta upgraded.
Vulnerability:
CVE-2022-25647
Tags sometimes did not update on data sources if those tags were quickly added or removed, which could cause policies to not be updated.
The data source page sometimes took several minutes to load if there were over 100,000 data sources registered in Immuta.
If a user was a member of a large number of groups (about 2,000), the UI search was sometimes slow.
When searching for data sources on an instance with over 30,000 data sources and tables with complex struct columns, the search could take several minutes to return or freeze the Immuta tenant.
An Adobe Font requirement caused timeout issues in the Immuta UI.
Editing a schema project to a database that already exists fails.
Application Admins can enable Policy Adjustments separately from HIPAA Expert Determination on the App Settings page.
Snowflake Integration:
Schema detection caused non-date columns to be incorrectly tagged "New" for data sources that were added in bulk.
Migrating from a Snowflake Using Snowflake Governance Controls integration to a Snowflake Without Using Snowflake Governance Controls integration failed.
Enabling a Snowflake Using Snowflake Governance Controls integration using the automatic setup method failed.
Sensitive Data Discovery did not automatically run when users bulk created data sources.
If Immuta was unable to communicate with an external IAM provider because of a connection failure, groups were removed from Immuta, even if the IAM was still active.
When creating 100,000 tables, the data source creation job sometimes expired.
User Admins could not delete attributes assigned to an Immuta Accounts user.
After configuring SAML and OpenID IAMs, users could not initially log in.
In Databricks runtime 10.4, ShowPartitions
commands on Delta tables failed.
Users were unable to edit Global policies that were not on the first page of results.
Automatic Subscription policies could cause out of memory issues if they added about 300 users to a data source.
Editing a schema project to a database that already exists fails.
Project owners are unable to edit projects with approved purposes and data sources.
IAM Signing Certificate Required for SAML. You are required to upload your IAM signing certificate to Immuta to add or edit SAML-based IAMs. If you are already using Immuta's SAML integration, provide a signing certificate to existing configured IAMs for them to continue working.
In the Snowflake Governance features integration, unmasked data was sometimes visible for a fraction of a second while data policies were being applied.
Databricks user impersonation did not work if backticks enclosed the username.
Clicking the Sync User Metadata button in the Immuta UI could queue an infinite number of profile refresh background jobs.
The enriched audit logs created an error if data policies did not exist on a data source.
The attributes type for users was inconsistent with policy attributes type in the audit logs.
Advanced Subscription Policies: If an advanced Subscription policy that did not contain special variables was created, customers with over 100,000 users could experience OOM issues.
Okta/SCIM: When adding users to Okta to sync with Immuta, TypeError: attributeValues is not iterable
appeared in the logs.
LDAP users with parentheses in their common name caused authentication to fail when group sync was enabled.
Editing a schema project to a database that already exists fails.
Project owners are unable to edit projects with approved purposes and data sources.
Databricks Runtime 10.4: Show partitions on delta table fails.
Access background jobs with enhanced visibility. This feature allows you to access information to debug issues and identify the cause.
Use the latest Databricks Runtime with Immuta. Databricks Runtime 10.4 LTS is now supported in Immuta.
Prove compliance with Databricks audit trails that include denial events. When Immuta users query Databricks tables that have been registered in Immuta, the query audit logs will include denial events and the policies associated with the decision. Such audit trails are required by some information security teams to prove compliance with secure data access.
Snowflake:
Share policy-protected data in Snowflake with other Snowflake accounts using Snowflake Data Sharing. This integration allows you to author policies in Immuta and protect data shared with other Snowflake accounts in real time. For example, if a pharmaceutical company needed to share trial results outside their Snowflake account and needed to protect PHI, they could share that data outside their account and still have Immuta policies enforced.
Removed features are no longer available in the product.
Advanced rules DSL for data policies
2022.1.0
2022.2
Differential privacy
2022.1.0
2022.2
The custom / external policy handler
2022.1.0
2022.2
Policy export/import
2021.4
2022.2
Alternative solutions
Instead of using differential privacy, combine k-anonymization and randomized response policies on your data. Immuta requires that you opt in to use k-anonymization. To enable k-anonymization for your account, contact your Immuta representative.
As an alternative to the policy export/import feature, use the Immuta CLI to clone your Global policies.
Creating a policy using the Advanced DSL Data policy builder in the view-based Snowflake integration sometimes caused errors.
When a user's entitlements changed, Immuta did not properly send notification to the integration to GRANT or REVOKE access to tables in the remote system.
Entering a single quotation mark in the search bar sometimes caused an error.
After an Alation or Collibra catalog was configured, new data sources were not linked to the catalogs automatically.
Logging in to Immuta after being logged out due to inactivity sometimes displayed a blank page.
Local policies sometimes appeared on the Global policies page.
Activity panel covered the policy builder when long SQL statements were entered for conditional policies.
Clicking the Policies icon in the left sidebar while editing a Subscription policy displayed an empty Data Policy Builder instead of the Policies page.
When configuring an External REST Catalog, users could not click the Test Connection button if the No Authentication option was selected.
The Immuta login page did not display for some older browser versions of Edge.
LDAP users with parentheses in CN cause authentication to fail if group sync is enabled.
Databricks Runtime 10.4: Show partitions on delta table fails.
The visual styles in the application have been updated.
Users can add multiple alternative owners to data sources at once.
Users can now specify column tags instead of just data source tags with the @hasTagAsAttribute
Enhanced Subscription Policy variable.
Policy import/export
When attributes were added to groups that affected an Automatic Subscription policy, users were added or removed from the data source(s) appropriately, but these changes were not audited.
Deleting the last values or all values from user or group attributes caused errors when processing Automatic Subscription policies.
Local policies that were created or updated sometimes displayed on the Global Policy page.
Writing a Global ABAC Subscription policy using @username
in the Advanced DSL builder did not subscribe the user to the data source.
Changing a Global Allow Individually Selected Users Subscription policy back to a Global ABAC policy that used special functions caused an error: Error: "actions[0].exceptions.conditions[0]" does not match any of the allowed types.
If a policy was added through the Immuta CLI, editing that policy in the Immuta UI sometimes caused an error.
After being added to a data source through an Automatic Subscription policy, users sometimes encountered an error when making unmasking requests.
Creating a Global conditional masking policy in the Advanced DSL builder that used @iam
or @username
caused an error when the policy was applied to a data source.
Redshift:
Regex masking policies that used metacharacters with backslashes (\d
, \s
, etc.) did not mask columns.
Users' metadata was not updated in the integration if their usernames contained apostrophes.
Enhanced Subscription Policy Variables (Public Preview): This feature empowers users to write fewer, simpler ABAC (Users with Specific Groups/Attributes) policies. Previously, policy writers had to specify user attribute keys in separate policies to grant access. With Enhanced Subscription Policy Variables, Immuta's policy engine compares user attributes with data source properties (database, host, schema, table, or tag) in a single policy to determine if there is a match. When attribute keys match the property specified, users will be able to subscribe to the data source(s).
Snowflake Table Grants: With this feature enabled with the Snowflake with Governance Controls integration, Snowflake Administrators no longer have to manually grant table access to users; instead, Immuta manages privileges on Snowflake tables and views according to the subscription policies on the corresponding Immuta data sources.
Improved performance of auto-subscription policies.
If an SSL CA cert was used when setting up an LDAP IAM, clicking the Test LDAP Sync button resulted in an error.
Tags were removed from data sources if they were applied after data source creation and before the external catalog health check (which is triggered by navigating to the data source). However, tags applied to a data source during creation remained on the data source.
Group permissions were not considered when users attempted to create data sources or Global Policies. For example, if a user was a member of a group that had the GOVERNANCE permission assigned to it, that user was not inheriting the GOVERNANCE permission. Consequently, when that user tried to apply a Global Policy to a data source, they received an error. However, if a user had the GOVERNANCE permissions applied to their account directly, they were able to create a Global Policy. This same behavior occurred with the CREATE_DATA_SOURCE permission.
Creating an Immuta data source from a Databricks view that contained an implicit column alias failed.
Editing a schema project to a database that already exists fails.
The App Settings page freezes when a user selects Migrate Users from BIM when configuring an external IAM.
An auto-subscription policy that adds more than 64,000 users to a data source can cause errors in the logs and impact subscription reports.
Integration jobs can end up in an expired state, even if they successfully are processed, under certain load conditions.
Edit configuration for integrations: Users can edit the configuration for Azure Synapse, Databricks SQL, Redshift, and Snowflake without disabling the integration.
Manual approvals in ABAC global subscription policies: Governors can now add an approval workflow as an alternative method of access to data sources if a user does not meet the conditions of the Users with Specific Groups/Attributes (ABAC) Global Subscription Policy.
Before this release, if someone was manually added by an owner or Governor and didn’t meet the ABAC policy requirements, they could query the table, but no rows would come back because they didn’t have the groups or attributes specified in the policy. Now, manually adding users overrides the ABAC policy. Therefore, any users who had been manually subscribed to a data source but could not see any data will see data after this upgrade. You can prevent this behavior by either switching the Subscription policy to auto-subscribe (which removes users who don't meet the Subscription policy) or adding a Data Policy that redacts rows for users who do not have the groups or attributes specified in the Subscription policy.
If users have existing Global Subscription policies that were combined, those will not change on the data source after the upgrade. However, the **Require Manual Subscription** option will automatically be enabled on those existing policies, so users who meet the conditions of the policy will not be automatically subscribed.
Sensitive data discovery global template and default sample size UI (public preview): Users can adjust these configurations on the App Settings page. If users already had a Global Template or default sample size configured in the Advanced Configuration section, these configurations will migrate to the new Sensitive Data Discovery section on the App Settings page when they upgrade their Immuta tenant.
Starburst integration: Through this integration, Immuta applies policies directly in Starburst so that users can keep their existing tools and workflows (querying, reporting, etc.) and have per-user policies dynamically applied at query time.
Support for PrivateLink with Snowflake on AWS: Contact Immuta to enable this feature.
"Active" tags on merged Share Responsibility Global policies did not show the active number of data sources they were enforced on.
The configuration section for Native Workspaces could break if a native handler was not enabled.
Databricks:
If a table in Databricks had been created from an AVRO schema file, queries against the table on Immuta-enabled clusters only returned results for partition columns. Additionally, trying to create tables from an AVRO schema file on Immuta-enabled clusters returned an error: "Unable to infer the schema."
Fixed Databricks init script error handling when artifacts weren't downloading correctly.
Errors occurred when using mlflow.spark.log_model
on non-Machine Learning clusters.
Because Immuta's built-in identity manager (BIM) is not enabled in SaaS, the App Settings page froze when a user selected Migrate Users when configuring an external IAM.
Redshift integration performance issues related to Python UDF concurrency capabilities.
Snowflake:
When enabling a native Snowflake integration with an external catalog, if the host had multiple periods in the account the Snowflake plugin was invalid.
When users tried to edit the Excepted Roles/Users List for the integration, the configuration saved correctly. However, when the App Settings page refreshed, the Excepted Roles/Users List was empty and the allow list in Snowflake was not updated.
When a user's group was deleted in an external IAM, that update appeared in Immuta but was not syncing properly in Snowflake.
When using Snowflake native controls with Excepted Roles specified, if users tried to do an outer join using a column that had a masking policy applied, it resulted in an error: SQL compilation error: Invalid expression [] in VALUES clause
.
Editing a schema project to a database that already exists fails.
Project owners are unable to edit projects with approved purposes and data sources.
Disable query engine: Application Admins can disable the Query Engine on the App Settings page.
New Immuta UI: Although the most significant change is the adjustment to the visual styles in the application, other UI changes include an expandable left navigation and dark mode support.
Support for AWS-Sydney.
Databricks init script: To use the updated Immuta init script and cluster policies, existing SaaS users must update their Databricks cluster configuration following this Manually Update Your Databricks Cluster guide.
Databricks:
Views: Although users could create views in Databricks from Immuta data sources they were subscribed to, when users tried to select from those views, they received an error saying that the Immuta data source the view was created against did not exist or that they did not have access to it.
External Delta Tables: Querying an external Delta table that had been added as an Immuta data source as a non-admin resulted in a NoSuchDataSourceException
error if the table path had a space in it.
Sensitive Data Discovery failed for Databricks data sources when initiated in the UI if the cluster was configured to use ephemeral overrides.
The integration did not work with the Databricks Runtime 9.1 maintenance update.
Ephemeral Overrides:
The UI was not displaying the checkbox to apply the ephemeral override to multiple data sources.
Ephemeral overrides were not being used when calculating column detection.
Out of memory errors occurred when several actions or jobs ran simultaneously, such as
Bulk disabling data sources
Bulk creating data sources
Column detection
Schema detection
Sensitive Data Discovery: Users could not configure sampleSize
to override the default number of records sampled from a data source.
Snowflake Governance Features Integration: When a data source existed in Immuta but not in Snowflake and a user tried to refresh the native policies, Immuta continuously retried to update the policies and then failed with the following error: Execution error in store procedure UPSERT_POLICIES: SQL compilation error: Table does not exist or not authorized.
Vulnerabilities
CVE-2022-0355
: Information Exposure in simple-get
CVE-2022-0235
: Information Exposure in node-fetch
CVE-2022-0155
: Information Exposure in follow-redirects
CVE-2021-3807
: Regular Expression Denial of Service (ReDoS) in ansi-regex
CWE-451
: User Interface (UI) Misrepresentation of Critical Information in swagger-ui-dist
Databricks: Errors occur when using mlflow.spark.log_model
on non-Machine Learning clusters.
Editing a schema project to a database that already exists fails.
Because Immuta's built-in identity manager (BIM) is not enabled in SaaS, the App Settings page freezes when a user selects Migrate Users when configuring an external IAM.