Create a Project
Requirement:
Immuta permission CREATE_PROJECT
Create a new project
Best practice: project naming convention
Use a naming convention for projects that reflects the naming convention for databases. (e.g., If the project in Dev is called: “my_project” name the project “dev_my_project.") The data will end up in the project database prefix, so you can trace the source and make edits upstream in that project as necessary.
- Navigate to the Projects tab under Data in the sidebar, and click the New Projects button.
-
Fill out the Basic Information:
- Enter a name for your project in the Project Name field.
- Opt to complete the Project Description field to help identify your project.
- Opt to enter project Documentation to provide context for members.
-
Select the purposes and any policy adjustments:
- Choose to select a purpose from the list of purposes or create a new purpose for the project.
- To create a new purpose, click Create Purpose and fill out the modal.
Note that all purposes added to a project will need to be created by a data governor or a user with the PROJECT_MANAGEMENT permission, and once purposes have been applied to a project, only these users can add data sources to the project.
-
Add a native workspace configuration: Select your workspace configuration from the Workspace Configuration dropdown menu: Databricks or Snowflake.
-
Databricks: Opt to edit the sub-directory in the Workspace Directory field (this sub-directory auto-populates as the project name) and enter the Workspace Database Name.
-
Snowflake: Name the Workspace Schema. By default, the schema name is based off of the project name, but you can change it here. Your project workspace will exist within this schema under Snowflake under the database configured by the application admin.
-
Use the dropdown menu to select the Hostname. Projects can only be configured to use one Snowflake host.
-
Select one or more Warehouses to be available to project members when they are working in the native workspace.
-
-
-
Add data sources to the project using the dropdown menu. Data sources can also be added after the project is created.
-
Click Affirm and Create.
Set the project subscription policy
Projects are private by default but can be made public and shared with other users by changing the subscription policies setting. Governors are the only users who can manage subscription policies for projects with purposes.
-
In the project, click the Policies tab.
-
Click Edit Subscription Policy.
-
Select the group of users who will have access. Click the tabs below for a definition of and specific instructions for each:
Selecting this option makes the project visible to everyone. Opt to require manual subscription by selecting the checkbox. This will require the users to manually subscribe to the project to gain access.
Selecting this option makes the project visible in search results, but users must request access and be granted permission. This restriction supports multiple approving parties, so project owners can allow more than one approver or users with specified permission types to approve other users who request access to the project.
-
Click anyone or an individual selected by user from the first dropdown menu.
Note: If you choose an individual selected by user, when users request access to a project they will be prompted to identify an approver with the permission specified in the policy.
-
Select the USER_ADMIN, GOVERNANCE, or AUDIT permission from the subsequent dropdown menu. You can add more than one approving party by selecting + Add Another Approver.
- Choose whether to build the policy off user groups or user attributes:
- is a member of group: Type the group name and select the group.
- possesses attribute: Type the attribute and select it. Then select the value from the dropdown menu.
- Opt to + Add Another Condition. When adding another condition, choose how the conditions will be required. If you select or, only one of the conditions must apply to a user for them to subscribe to the project. If you select and, all of the conditions must apply.
- Opt to allow users who do not meet the restrictions defined in the policy to still be able to discover the project by selecting the Allow Project Discovery checkbox.
- Once saved, users with the proper authorizations will be automatically subscribed. Opt to require users to manually subscribe to the project by selecting the Require Manual Subscription checkbox.
Selecting this option hides the project from the search results. Project owners must manually add and remove users, and the Private label will appear next to the project name.
-
-
Click Save to finish your policy.
Add users or groups to the project
- In the project, click the Members tab.
- Click the Add Members button.
- Start typing a user's or group's name in the Add Members modal and select it from the dropdown that appears.
- Opt to add an expiration to the subscription by entering the number of days until the access will expire.
- Select the role.
- Click Add.
Current project members will receive notifications that new users have been added to the project. A similar entry will be posted to the project's activity pane.
Manage project equalization
Use project equalization so that all project members see the same data, and re-equalize projects if new members or data sources are added to the project.
Enable project equalization
- In the project, click the Policies tab.
-
In the Project Equalization section, click the toggle button to On.
Note: Only project owners can add data sources to the project if this feature is enabled.
Manage equalized entitlements
Best practice: use the recommended equalized entitlements
Use Immuta's recommended equalized entitlements to protect your data in projects. Changing these entitlements creates two potential disadvantages:
-
If you add entitlements, members might see more data as a whole, but at least some members of the project will be out of compliance.
-
If you remove entitlements, the project will be open to users with fewer privileges, but this change might make less data visible to all project members. Removing entitlements is only recommended if you foresee new users joining with less access to data than the current members.
- Click Edit next to Equalized Entitlements.
-
In the Equalized Entitlements Builder, select either is a member of a group or possesses attribute from the user condition dropdown menu.
- If you selected is a member of a group, select the appropriate group from the resulting dropdown.
- If you selected possesses attribute, select the appropriate key and value from the subsequent dropdown menus.
-
Click Save.
To view members' compliance status after changing the equalized entitlements,
-
Navigate to the Members tab from the Project Overview page.
-
Click the Not In Compliance text to view the details about the user's status.
Users who are not in compliance will be unable to view data sources within the project until the compliance issues are resolved.
To revert entitlements to those recommended by Immuta,
- Click Edit next to Equalized Entitlements.
- Click Use Recommended.
- Click Confirm.
Manage validation frequency
Update the validation frequency to specify how often users must log into Immuta to retain access to the project.
- Click Edit in the Validation Frequency section.
- Enter an integer in the first field of the Validation Frequency modal that appears.
- Select Days or Hours in the next dropdown.
- Click Save.
Disable project equalization
- Navigate to the Policies tab.
- In the Project Equalization section, click the toggle button to Off.
- Click Yes, Turn Off in the confirmation window.
Additional Project Tutorials
Disable, enable, or delete a project
Project owners or governors can disable projects, which hides the project from everyone but the project owner, or enable projects. However, only the project owner can delete a project. After a project is deleted, it cannot be enabled.
- Click the Data icon and select Projects in the sidebar.
- Select the My Projects tab.
- Click the three-dot menu icon next to the project and select Disable.
A label will appear next to the project indicating it has been disabled, and a notification will be sent out to all subscribers.
Restore a project
- Click the Data icon and select Projects in the sidebar.
- Select the My Projects tab.
- Click the three-dot menu icon next to the project and select Enable.
The label indicating the project was disabled will disappear, and a notification will be sent out to all subscribers.
Delete a project
Deleting a project permanently removes it from Immuta. Projects must first be disabled before they can be deleted.
- Click the Data icon and select Projects in the sidebar.
- Select the My Projects tab.
-
Click the three-dot menu icon next to the disabled project and select Delete.
-
Click Confirm.
The project is now removed from Immuta, and a notification will be sent out to all subscribers.
Enable masked joins
Enabling, this feature allows masked columns to be joined within a project.
- Navigate to the Project Overview tab.
- Click the Allow Masked Joins toggle on.
- Click Confirm.
Note: While masked joins are allowed, only project owners can add data sources to the project. Additionally, Immuta does not allow joining on columns masked by rounding, by making null, with a constant, or with a regex or on columns that have conditional masking policies applied to them.
Manage data sources
Any project member can add data sources to a project, unless project equalization or masked joins is enabled; in those cases, only project owners can add data sources.
Bulk add data sources to a project
- Set your current project to be the one you want new data sources in.
- Navigate to the Data Sources page.
- Select the checkboxes for the data sources you want in a project.
- Select the bulk actions three-dot menu icon in the top right corner.
- Click Add To Current Project.
Add data sources to a project
- Navigate to the Project Overview tab.
- Click the Add Data Sources button.
- Start typing the name of a data source you'd like to include in the project.
- Select the data source from the list of auto-completed options in the dropdown menu.
- Repeat this process to add additional data sources to the list. You can remove them using the three-dot menu icon.
- Opt to re-equalize the project by clicking the toggle on.
- When complete, click the Save button at the bottom of the list.
Add data sources by purpose
You can automatically add all data sources to a project that contain a Limit usage to purpose policy that matches the purpose of that project.
-
Select a Project, and click the Add Data Sources button.
-
Click Add By Purpose.
-
All data sources matching the project's purpose(s) will populate at the bottom of the dialog. Review this list, and then click Save.
Manage project discussions
Deprecation notice
Support for this feature has been deprecated.
Project owners can create, reply to, and delete project discussions.
Create a new discussion thread
- Navigate to the Discussions tab and click New Discussion.
- Enter your text in the Start Discussion box, and then click Save.
Reply to a discussion thread
- Navigate to the Discussions tab and view open and resolved discussions by clicking the Open or Resolved button, respectively.
- Click a discussion thread and enter your response in the Enter Reply field.
- Click Reply to post your response.
Resolve a discussion thread
- Navigate to the Discussions tab and click the Open button to view all open discussions.
- Click a discussion thread.
- Click the Mark Resolved button.
This discussion thread will now be saved with other resolved threads, and users will still be able to reply to it by clicking the Resolved button on the Discussions tab.
Delete a discussion thread or reply
To permanently delete a discussion thread,
- Navigate to the Discussions tab and view open and resolved discussions by clicking the Open or Resolved button, respectively.
- Click the Delete button for the discussion you want to delete.
- Click Delete in the confirmation window that appears.
The discussion thread and all of its comments are now deleted.
To delete a single reply,
- Select a discussion thread.
- Click the Delete button of the reply or comment you want to delete.
- Click Delete to permanently delete the comment.
Manage project documentation
Project owners can update the documentation for a project at any time. If no documentation is entered, the project name displays in this section of the project overview tab by default.
- Click the Project Overview tab.
- Click the Edit button in the Documentation section.
-
Document the details of your project in the text box that appears, and then click Save.
Note: Styling with Markdown is supported.
Manage project members
Project owners can update user roles and remove users from a project.
Edit a member role
- On the Members tab, click the Role of the member whose role you want to change.
- Select a different role: subscribed or owner.
Notifications will be sent to the affected members and project owners, and a similar entry will be posted in the project's activity pane.
Remove members from a project
- On the Members tab, click the Deny button next to the user or group you want to remove.
- Complete the Reasoning field in the window that appears, and then click Submit.
Notifications will be sent to the affected users and other project members, and a similar entry will be added to the project's activity pane.
Manage project tags
Tags can be added to projects to drive search results and governor reports.
- Select a project and navigate to the Project Overview tab.
- Scroll to the Tags section and click the Add Tags button.
- Begin typing the tag name in the window that appears, and then select the tag from the dropdown menu. A list of chosen tags will populate at the bottom of this window.
- After selecting all relevant tags, click the Add button.
Remove tags from a project
- Navigate to the Project Overview tab.
- Scroll to the Tags section and click on the tag that you want to remove to open its side sheet.
- Click Remove.
- Click Confirm to delete the tag.