Immuta v2023.3 Release Notes
Immuta v2023.3.1 was released October 26, 2023.
- Creating a governance report on all data sources failed for instances with more than 10,000 data sources.
- Fixes to address a Snowflake table grants issue that caused data source background jobs to fail.
- Users encountered this error when disabling Snowflake table grants:
Error: Query timed out. The connection information may be incorrect. Please double check and try again.
- If a user created a Redshift impersonation group with uppercase letters in a manual Redshift setup, Redshift created that group with lowercase letters and the impersonation role failed the validation check.
- Attempting to
GRANT SELECTon a shared view in Snowflake failed with the following error:
UDF IMMUTA_PROD.IMMUTA_SYSTEM.GET_ALLOW_LIST is not secure.
Immuta v2023.3.0 was released September 28, 2023.
- Databricks Unity Catalog integration: Write your policies in Immuta and have them enforced automatically by Databricks across data in your Unity Catalog metastore.
- Users can view license usage via the Immuta API to track the number of licensed users.
Enhancements and UI changes
- Immuta allows masked columns to be used in row-level policies in the Snowflake and Databricks Unity Catalog integrations. This feature is currently in public preview and available to all accounts.
- Immuta can pass a client secret to obtain token credentials in the Snowflake External OAuth authentication method.
- The data source details tab UI has been redesigned to consolidate data source connection information and remove the query editor button, the SQL connection snippets, and the copy schema button.
- The local subscription policy builder and project subscription policy builder now align with the format of the global subscription policy builder.
Deprecated items remain in the product with minimal support until their end of life date.
|End of life (EOL)
|Azure Data Lake Storage
|Legacy Amazon S3 proxy
|Legacy audit UI and
/audit API (Pull audit logs from Kubernetes and push them to your SIEM instead.)
|Legacy Databricks SQL integration (Use the Unity Catalog integration instead.)
|Discussions tab on projects and data sources
|HIPAA Expert Determination
|Legacy sensitive data discovery
|Snowflake integration with low row access policy mode disabled (Follow this Snowflake guide to enable low row access policy mode. You must also enable table grants.)
- The data source members tab did not display all subscribed users when a subscription policy that used advanced DSL rules with special subscription variables was enforced on the data source.
- Global subscription policies that used the
@hasTagAsAttributevariable were not granting and revoking users' access to tables properly.
- The schema evolution owner was unset when data sources were removed from a schema project.
- Fixes to address Immuta UI performance issues.
- Fix to prevent enabling column detection on derived data sources, as column detection is unsupported for derived data sources.
- Users were able to change a schema project owner's role, which could leave Immuta in a state where the schema project could not be deleted.
- If OAuth was used as the authentication method, users encountered an error when creating a data source with schema monitoring enabled or enabling schema monitoring for an existing data source.
- If a user other than the data owner navigated to the policies page of a Snowflake or Redshift data source, the activity panel displayed that "undefined" created the data source.
- Redshift integration fixes:
- Fixes to the Redshift integration configuration to address the impact of a change in the Okta Redshift
application, which now requires usernames to have the prefix
- Redshift validation tests required
CREATE ON PUBLICfor the Immuta system account, and it should not have been a requirement.
- Fixes to the Redshift integration configuration to address the impact of a change in the Okta Redshift application, which now requires usernames to have the prefix
- Snowflake integration fixes:
- Immuta data sources were inconsistently linked to the Snowflake external catalog when automatically ingesting Snowflake object tags.
- Fix to address column detection error on Snowflake data sources:
TypeError: Cannot read properties of null.
- Fix to re-sync automatic subscription policies after schema detection runs on Snowflake tables that use
CREATE OR REPLACE.
- Sensitive data discovery failed to run on data sources that were registered using Snowflake External Oauth.
- Fix to address a validate connection error with Snowflake External OAuth.
- Syncing a Snowflake external catalog failed on data sources with more than 300 tagged columns.
- Vulnerabilities addressed:
CVE-2021-46708: Immuta no longer publishes the Swagger API, which removes the ability to exploit this vulnerability. Although the affected library is a downstream dependency of a package Immuta uses, the library that contains the vulnerability is not used by Immuta.
v2023.3 migration note
All users must be on Immuta version 2022.5 or newer to migrate directly to 2023.3.