If the data consumer is interested in using the data product, from the listing or the detailed view, they are able to request access (READ only):

• If there is no approval necessary, they will be automatically granted access after acknowledging the data use agreement and answering the required question(s).

• If there is approval necessary, it will kick off the approval flow. While in the approval flow, the Marketplace will display that data product listing as Pending.

Once the user has been approved access to the data product, the data product listing will show Approved. Data consumers are able to filter the data product list page by states to see what data products they already have access to.

Requesting access to a data product

The user can request access from the Marketplace app or through a deep link URL to the request access screen which is provided in the data product or constructed from scratch.

With the UI

1. From the Marketplace app click into the Data Product you want access to, or click the request access URL for an external catalog.

2. Click the Request access button.

3. Review the information about existing policies on the Request Access page

4. Fill out your answer to the access question, if there is one (this is required even if there is no manually approval required).

5. Review and agree to the Data Use Agreement, if there is one.

6. Click Submit Request.

With the API

Ensure you set the correct global segment and use a Marketplace-specific personal access token (PAT) when using the Marketplace API. See the Marketplace API docs for additional guidance or to download the OpenAPI YAML for your own client generation.

The Marketplace app is a multi-tenant service that can talk to multiple Governance apps (labeled DAG in Figure 1), but you can only login to one at a time.

Visit the Marketplace by going to this URL: http://app.immutacloud.com/

The login screen will ask you which Governance app account identifier to point Marketplace to when you login. This can be found in the your governance app URL: https://[account identifier].hosted.immutacloud.com/

Ensure you select the Governance app account identifier that has the Marketplace feature enabled.

Once logged in, it is possible to switch which Governance app (labeled DAG in Figure 1) you are pointing to using the "Sign into another account" option under your profile menu.

When viewing a data product, among other metadata, you are presented details about the data objects you will be able to query if approved:

• The data product's data sources (tables, views, files)

• Your Access Status to each of those data sources

Understanding data source access status

There are three possible access statuses for the data sources in a data product:

1. Current access: You already have access to this data source through existing policies or a data product approval.

2. Access if approved: You will gain access to this data source should you request access and it is approved.

3. Access prevented: There are existing required policies on this data source which you do not meet.

Access prevented status

Just because a data consumer is approved to a data product does not necessarily mean they will gain access to every data source in that data product. If there are existing birthright policies created through the Governance app on those data sources that the requesting user does not meet, and if those policies are always required, the user cannot gain access to those policy-protected data sources in the data product, even if approved.

For example, there may be sensitive employee salary data in a data source. Because of that, there is a birthright subscription policy created through the Governance app on that data source that states:

Only members of group HR can access this data source. Always required.

This is effective; it provides global governance a guarantee that nobody can bypass policies on extremely sensitive data sources.

If that data source is now made part of a data product, the requesting user must be a member of group HR to gain access to that particular data source in the data product, even if approved to the data product. Should that policy change in a way that the user now meets the requirements or the user is added to group HR, Immuta will react by updating the access, giving the user access to that particular data source.

What happens once approved?

If approved, Immuta will auto-provision access in the data platforms to the data sources in the data product. This provisioning is represented as an understandable and scalable Immuta policy which will be combined with existing birthright policies, if any.

If approved, the user's Access Status will be updated:

• Current access —> Current access

• Access if approved —> Current access

• Access prevented —> Access prevented

This section is for the data consumers that want to access data products in Marketplace. These data consumers are the users that search for, discover, and to published data products. Once approved, the data consumer can query the data product where the access is provisioned automatically.

How-to guides

• : Sign into Marketplace for the first time.

• : Request access to a new data product in Marketplace.

Reference guide

: This reference guide describes the way that Marketplace grants access to data sources through data products and how that combines with current policies in the Governance app.