Loading...
Loading...
Loading...
Loading...
Private preview: The Marketplace app is available to select accounts. Reach out to your Immuta representative for details.
If the data consumer is interested in using the data product, from the listing or the detailed view, they are able to request access (READ only):
If there is no approval necessary, they will be automatically granted access after acknowledging the data use agreement and answering the required question(s).
If there is approval necessary, it will kick off the approval flow. While in the approval flow, the Marketplace will display that data product listing as Pending.
Once the user has been approved access to the data product, the data product listing will show Member. Data consumers are able to filter the data product list page by states to see what data products they already have access to.
From the Marketplace app,
Click into the Data Product you want access to.
Click the Request access button.
Review the information about existing policies on the Request Access page
Fill out your answer to the access question, if there is one (this is required even if there is no manually approval required).
Review and agree to the Data Use Agreement, if there is one.
Click Submit Request.
This section is for the data consumers that want to access data products in Marketplace. These data consumers are the users that search for, discover, and request access to published data products. Once approved, the data consumer can query the data product natively in the data platform where the access is provisioned automatically.
Logging into Marketplace: Sign into Marketplace for the first time.
Requesting access to a data product: Request access to a new data product in Marketplace.
Data product access: This reference guide describes the way that Marketplace grants access to data sources through data products and how that combines with current policies in the Governace app.
Private preview: The Marketplace app is available to select accounts. Reach out to your Immuta representative for details.
All pending requests by the data consumers are listed and contain:
What data product was requested
When the request was made
What set of users can approve
Its current state:
Pending (These can be canceled by the requestor.)
Processing
Just because a data consumer is approved to a data product does not necessarily mean they will gain access to every data source in that data product. It is possible there are existing birthright policies on those data sources that the requesting user does not meet, and if those policies are always required, the user cannot gain access to the data product, even if approved.
For example, there may be sensitive employee salary data in a data source. Because of that, there is a birthright subscription policy on that data source that is always required which states, only members of group HR can access this data source. This is effective; it provides global governance a guarantee that nobody can bypass policies on extremely sensitive data sources.
If that data source is now made part of a data product, the requesting user must be a member of group HR to gain access to that particular data source in the data product, even if approved to the data product. Should that policy change in a way that the user now meets the requirements or the user is added to group HR, Immuta will react by updating the policy. The user would then have access to that particular data source.
To provide transparency, the request access page will display the following information about each data source in the data product so the requestor is clear what they will, won't, and already have access to:
If the user already has access via a birthright subscription policy
If the user cannot gain access due to an existing birthright subscription policy
Note: it is still worth requesting access to a data product even if the user has access to all the data sources it contains because new data sources may be added later which they do not have birthright access to. In this case, if approved to the data product, they will gain access to the new data sources as soon as they are added to the data product.
If approved, Immuta will auto-provision access in the data platform(s) to the data sources in the data product. This is done natively in the data platform so that the user can query those tables/views/S3 objects directly from the data platform. This provisioning is represented as an understandable and scalable Immuta policy which will be combined with existing birthright policies, if any.
Private preview: The Marketplace app is available to select accounts. Reach out to your Immuta representative for details.
The Marketplace app is a multi-tenant service that can talk to multiple Governance apps, but you can only login to one at a time.
Visit the Marketplace by going to this URL: http://app.immutacloud.com/
The login screen will ask you which Governance app account identifier to point Marketplace to when you login. This can be found in the your governance app URL: https://[account identifier].hosted.immutacloud.com/
Ensure you select the Governance app account identifier that has the Marketplace feature enabled.
Once logged in, it is possible to switch which Governance app you are pointing to using the "Sign into another account" option under your profile menu.
Marketplace users
When you share access to the Marketplace with data consumers, it's important you provide them with not only the Marketplace URL, but also the Governance app account identifier to point to at login because they may not be aware of the Governance app.