This page details the immuta policy command, its subcommands and arguments, and the workflow for creating, renaming, cloning, and deleting Global Policies.
immuta policyThis command allows you to list, save, delete, and rename Global Policies in your instance of Immuta. The table below illustrates subcommands and arguments.
Use these options to get more details about the policy command or any of its subcommands:
-h
--help
immuta policy saveAdd your policy information in a valid YAML file for the V2 API. Additional payload examples for creating policies can :
Run immuta policy save <filepath> [--dryRun] [--reCertify], referencing the file you just created. The options you can specify include
-d or --dryRun: No updates will actually be made.
The example below illustrates a user listing all policies and then creating a policy called data conditional masking.
immuta policy renameOpt to list all policy keys to identify which policy you would like to rename by running immuta policy list. Options you can specify include
-h or --help: Get more information about the command.
-v or --verbose
The example below illustrates a user renaming the data conditional masking policy key to Data Masking.
immuta policy cloneClone and save all Global Policies to a file by running immuta policy clone <filepath>. Options you can specify include
--force: Overwrite existing output directory targets. If this flag is omitted, you will receive an error when the output directory exists and is not empty.
-h, --help: Get more information about the command.
-v or --verbose: Print response as JSON.
The example below illustrates cloning and saving all Global Policies to a policy folder. In this example, only one Global Policy existed: Test.
immuta policy deleteOpt to list all policy keys to determine which policy key you would like to delete by running immuta policy list. Options you can specify include
-h or --help: Get more information about the command.
-v or --verbose
The example below illustrates a user deleting the Data Masking policy.
-h or --help: Get more information about the command.
--reCertify: If the certification has changed, someone will need to re-certify this policy on all impacted data sources.
Rename the policy key by running immuta policy rename <old policy key> <new policy key>, enclosing the name of the policy key in quotation marks. Options you can specify to get more information about this command include -h or --help.
Delete a policy key by running immuta policy delete <policy key> [--dryRun]. Options you can specify include
-d or --dryRun: No updates will be made.
-h or --help: Get more information about the command.
clone
Clone and save all Global Policies to files.
filepath
delete
Delete a Global Policy by policy key.
policy key
list
List all Global Policy keys.
n/a
rename
Rename the Global Policy key.
new policy key
save
Create or update a Global Policy in Immuta.
filepath
name: Conditional Masking
policyKey: data conditional masking
type: data
actions:
- rules:
- type: Masking
config:
fields:
- type: columnTags
columnTag: Discovered.Passport
conditionalPredicate: "@columnTagged('Discovered.Country') = 'USA'"
maskingConfig:
type: Hash
circumstanceOperator: all
circumstances:
- type: columnTags
columnTag: Discovered.Passport
- type: columnTags
columnTag: Discovered.Country$ immuta policy list
New Column Added
$ immuta policy save ./test-policy.yml
{"dryRun":false,"creating":true,"updating":false,"policyId":4}
$ immuta policy list
New Column Added
data conditional masking$ immuta policy list
New Column Added
data conditional masking
$ immuta policy rename "data conditional masking" "Data Masking"
{"oldPolicyKey":"data conditional masking","newPolicyKey":"Data Masking"}
$ immuta policy list
Data Masking
New Column Added$ immuta policy clone ./your-file-path/policy-folder
Cloning all global policies...
Cloning: Test to Desktop/clone-policies/policy/Test.yaml$ immuta policy list
Data Masking
New Column Added
$ immuta policy delete "Data Masking" --dryRun
{"dryRun":true,"deleting":"Data Masking"}
$ immuta policy delete "Data Masking"
{"dryRun":false,"deleting":"Data Masking"}
$ immuta policy list
New Column Added