Create and Apply a Template to a Data Source
Note
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Create a template
-
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API.
-
Find identifiers to include in your template using one of these methods:
Immuta CLI
immuta api sdd/classifier?sortField=name&sortOrder=asc&limit=25&searchText=IDENTIFIERHTTP API
curl \ --request GET \ --header "Content-Type: application/json" \ --header "Authorization: 12345678900000" \ https://your-immuta-url.immuta.com/sdd/classifier?sortField=name&sortOrder=asc&limit=25&searchText=IDENTIFIER -
If the request was successful, you will receive a list of available identifiers.
{ "count": 3, "hits": [ { "createdBy": { "id": 1, "name": "John", "email": "john@example.com" }, "name": "ACCOUNT_NUMBER_IDENTIFIER", "displayName": "Account Number Identifier", "description": "This identifier recognizes account numbers using a regex", "type": "regex", "config": { "tags": [ "Discovered.account-number" ], "regex": "[0-9]{9}-[0-9]{3}-[0-9]{1}", "minConfidence": 0.5 }, "id": 104, "createdAt": "2021-10-20T19:12:24.889Z", "updatedAt": "2021-10-20T19:12:24.889Z" }, { "createdBy": { "id": 1, "name": "John", "email": "john@example.com" }, "name": "EMPLOYEE_DESK_LOCATION_IDENTIFIER", "displayName": "Employee Desk Location Identifier", "description": "This identifier detects when an employee's desk location appears in a dataset.", "type": "dictionary", "config": { "tags": [ "Discovered.desk-location" ], "values": [ "Research Lab", "Blue Room", "Purple Room" ], "caseSensitive": false, "minConfidence": 0.6 }, "id": 68, "createdAt": "2021-10-20T17:57:51.696Z", "updatedAt": "2021-10-20T17:57:51.696Z" }, { "createdBy": { "id": 1, "name": "John", "email": "john@example.com" }, "name": "SOCIAL_SECURITY_NUMBER_COLUMNS_IDENTIFIER", "displayName": "Social Security Number Columns Identifier", "description": "This identifier recognizes column names that match the defined regex pattern.", "type": "columnNameRegex", "config": { "tags": [ "Discovered.Social Security Numbers" ], "columnNameRegex": "ssn|social ?security" }, "id": 67, "createdAt": "2021-10-20T17:57:17.930Z", "updatedAt": "2021-10-20T17:57:17.930Z" } ] } -
Save the template payload in a .json file. Use the tabs below to see different examples of templates.
{ "name": "ACCOUNT_NUMBERS_TEMPLATE", "displayName": "Account Numbers Template", "description": "This template contains the identifier that recognizes account numbers.", "classifiers": [ { "name": "ACCOUNT_NUMBER_IDENTIFIER" } ], "sampleSize": 100 }{ "name": "EMPLOYEE_DESK_LOCATION_TEMPLATE", "displayName": "Employee Desk Location Template", "description": "This template contains the identifier that detects when the name of the room an employee's desk is in appears in a dataset.", "classifiers": [ { "name": "EMPLOYEE_DESK_LOCATION_IDENTIFIER" } ], "sampleSize": 100 }{ "name": "SOCIAL_SECURITY_NUMBERS_TEMPLATE", "displayName": "Social Security Numbers Template", "description": "This template contains the identifier that matches social security number column names with the defined regex.", "classifiers": [ { "name": "SOCIAL_SECURITY_NUMBER_COLUMNS_IDENTIFIER" } ], "sampleSize": 100 }{ "name": "STUDENT_LOCATION_TEMPLATE", "displayName": "Student Location Template", "description": "This template contains the identifier that detects when a student's residence hall, floor, or room appears in a dataset.", "classifiers": [ { "name": "STUDENT_LOCATION_IDENTIFIER" } ], "sampleSize": 100 } -
Create the template:
Immuta CLI
immuta api sdd/template -X POST --input ./example-payload.jsonHTTP API
curl \ --request POST \ --header "Content-Type: application/json" \ --header "Authorization: 12345678900000" \ --data @example-payload.json \ https://your-immuta-url.immuta.com/sdd/template -
If the request is successful, you will receive a response that contains details about the template. Use the tabs below to see different responses for different templates.
{ "name": "ACCOUNT_NUMBERS_TEMPLATE", "displayName": "Account Numbers Template", "description": "This template contains the identifier that recognizes account numbers.", "sampleSize": 100, "createdBy": { "id": 1, "name": "John", "email": "john@example.com" }, "id": 1, "createdAt": "2021-10-21T19:12:22.092Z", "updatedAt": "2021-10-21T19:12:22.092Z", "classifiers": [ { "name": "ACCOUNT_NUMBER_IDENTIFIER", "overrides": {} } ] }After the template is applied to data sources and sensitive data discovery is run, the
Discovered.account-numbertag will be applied to columns that Immuta identifies with 50% confidence, as configured in the identifier.{ "name": "EMPLOYEE_DESK_LOCATION_TEMPLATE", "displayName": "Employee Desk Location Template", "description": "This template contains the identifier that detects when the name of the room an employee's desk is in appears in a dataset.", "sampleSize": 100, "createdBy": { "id": 1, "name": "John", "email": "john@example.com" }, "id": 1, "createdAt": "2021-10-21T18:03:58.967Z", "updatedAt": "2021-10-21T18:03:58.967Z", "classifiers": [{ "name": "EMPLOYEE_DESK_LOCATION_IDENTIFIER", "overrides": {} }] }After the template is applied to data sources and sensitive data discovery is run, the
Discovered.desk-locationtag will be applied to columns when Immuta detects the valuesResearch Lab,Blue RoomorPurple Roomwith 60% confidence, as configured in the identifier.{ "name": "SOCIAL_SECURITY_NUMBERS_TEMPLATE", "displayName": "Social Security Numbers Template", "description": "This template contains the identifier that matches social security number column names with the defined regex.", "sampleSize": 100, "createdBy": { "id": 1, "name": "John", "email": "john@example.com" }, "id": 2, "createdAt": "2021-10-21T19:12:22.092Z", "updatedAt": "2021-10-21T19:12:22.092Z", "classifiers": [ { "name": "SOCIAL_SECURITY_NUMBER_COLUMNS_IDENTIFIER", "overrides": {} } ] }After the template is applied to data sources and sensitive data discovery is run, the
Discovered.social-security-numbertag will be applied to columns that have a name that match thessn|social ?securityregex, such asssn,socialsecurity, orsocial security.{ "name": "STUDENT_LOCATION_TEMPLATE", "displayName": "Student Location Template", "description": "This template contains the identifier that detects when a student's residence hall, floor, or room appears in a dataset.", "sampleSize": 100, "createdBy": { "id": 1, "name": "John", "email": "john@example.com" }, "id": 1, "createdAt": "2021-10-21T18:03:58.967Z", "updatedAt": "2021-10-21T18:03:58.967Z", "classifiers": [{ "name": "STUDENT_LOCATION_IDENTIFIER", "overrides": {} }] }After the template is applied to data sources and sensitive data discovery is run, the
Discovered.residence-halltag will be applied to columns when Immuta detects values that match those listed in theResidence Hallsdata source with 70% confidence, as configured in the identifier.
Apply a template to data sources
Attributes of all custom identifiers and templates are provided on the Sensitive data discovery API page. However, attributes specific to this section are outlined in the table below.
| Attribute | Description |
|---|---|
| template | string The name of the template to apply to the data sources; null clears the current template. |
| sources | string The name of the data sources to apply the template to. |
-
Find templates to apply to your data sources:
Immuta CLI
immuta api sdd/templateHTTP API
curl \ --request GET \ --header "Content-Type: application/json" \ --header "Authorization: 12345678900000" \ https://your-immuta-url.immuta.com/sdd/template -
If the request was successful, you will receive a list of available templates.
{ "count": 3, "hits": [ { "name": "ACCOUNT_NUMBERS_TEMPLATE", "displayName": "Account Numbers Template", "description": "This template contains the identifier that recognizes account numbers.", "sampleSize": 100, "createdBy": { "id": 1, "name": "John", "email": "john@example.com" }, "id": 2, "createdAt": "2021-10-20T19:13:35.319Z", "updatedAt": "2021-10-20T19:13:35.319Z", "classifiers": [ { "name": "ACCOUNT_NUMBER_IDENTIFIER", "overrides": {} } ] }, { "name": "EMPLOYEE_DESK_LOCATION_TEMPLATE", "displayName": "Employee Desk Location Template", "description": "Contains identifier that detects when the name of a room a desk is in appears in a dataset.", "sampleSize": 100, "createdBy": { "id": 1, "name": "John", "email": "john@example.com" }, "id": 1, "createdAt": "2021-10-20T18:03:58.967Z", "updatedAt": "2021-10-20T18:03:58.967Z", "classifiers": [ { "name": "EMPLOYEE_DESK_LOCATION_IDENTIFIER", "overrides": {} } ] }, { "name": "SOCIAL_SECURITY_NUMBERS_TEMPLATE", "displayName": "Social Security Numbers Template", "description": "Contains identifier that matches ssn column names with the defined regex.", "sampleSize": 100, "createdBy": { "id": 1, "name": "John", "email": "john@example.com" }, "id": 3, "createdAt": "2021-10-20T19:13:58.359Z", "updatedAt": "2021-10-20T19:13:58.359Z", "classifiers": [ { "name": "SOCIAL_SECURITY_NUMBER_COLUMNS_IDENTIFIER", "overrides": {} } ] } ] } -
Select an appropriate template to apply to your data sources, and save the payload in a .json file:
{ "template": "ACCOUNT_NUMBERS_TEMPLATE", "sources": [ "Insurance Data" ] } -
Apply the template to your data source(s):
Immuta CLI
immuta api sdd/template/apply -X PUT --input ./example-payload.jsonHTTP API
curl \ --request PUT \ --header "Content-Type: application/json" \ --header "Authorization: Bearer dea464c07bd07300095caa8" \ --data @example-payload.json \ https://your-immuta-url.immuta.com/sdd/template/apply -
You will receive a response that indicates whether or not the template was successfully applied to your data sources.
{ "success": true }
Additional tutorials
Clone a template
Users cannot modify templates created by other data owners, but they can clone templates and make changes to the clone.
-
Get a list of templates to determine the template you want to clone using one of these methods:
Immuta CLI
immuta api sdd/sdd/template?sortField=name&sortOrder=asc&offset=5&limit=5HTTP API
curl \ --request GET \ --header "Content-Type: application/json" \ --header "Authorization: 12345678900000" \ https://your-immuta-url.immuta.com/sdd/template?sortField=name&sortOrder=asc&offset=5&limit=5 -
Save the template clone name and details in a .json file.
{ "name": "INSURANCE_ACCOUNT_NUMBERS", "displayName": "Insurance Account Numbers", "description": "This template is specific to insurance accounts." } -
Clone the template:
Immuta CLI
immuta api sdd/template/ACCOUNT_NUMBERS_TEMPLATE/clone -X POST --input ./example-payload.jsonHTTP API
curl \ --request POST \ --header "Content-Type: application/json" \ --header "Authorization: 12345678900000" \ --data @example-payload.json \ https://your-immuta-url.immuta.com/sdd/template/ACCOUNT_NUMBERS_TEMPLATE/clone -
If the request was successful, you will receive a response that provides details about the template clone.
{ "name": "INSURANCE_ACCOUNT_NUMBERS", "displayName": "Insurance Account Numbers", "description": "This template is specific to insurance accounts.", "sampleSize": 100, "createdBy": { "id": 1, "name": "John", "email": "john@example.com" }, "id": 4, "createdAt": "2021-10-20T20:48:37.805Z", "updatedAt": "2021-10-20T20:48:37.805Z", "classifiers": [ { "name": "ACCOUNT_NUMBER_IDENTIFIER", "overrides": {} } ] }
You can now modify the template, such as changing the identifiers (classifiers) included and the sampleSize.
Configure entity tags and confidence
To disable entity tags from being set, you can create a template to that configures the identifier that contains that tag.
For example, the built-in PERSON_NAME identifier contains the following tags: Discovered.PHI, Discovered.PII,
Discovered.Entity.Person Name, and Discovered.Identifier Indirect. However, your organization doesn't have any
health data, so you don't want the PHI tag to be applied to your data sources but you do want all the other tags
within that identifier.
To override the Discovered.PHI tag, you would create a template that includes the PERSON_NAME identifier and
removes the Discovered.PHI from the list of tags in the template payload.
-
View the details about the
PERSON_NAMEidentifier so you know what to include in your template using one of these methods:Immuta CLI
immuta api sdd/classifier?sortField=name&sortOrder=asc&limit=25&searchText=PERSON_NAMEHTTP API
curl \ --request GET \ --header "Content-Type: application/json" \ --header "Authorization: 12345678900000" \ https://your-immuta-url.immuta.com/sdd/classifier?sortField=name&sortOrder=asc&limit=25&searchText=PERSON_NAME -
If the request was successful, the response will include details about the
PERSON_NAMEidentifier.{ "createdBy": { "id": 21, "name": "Immuta System Account", "email": "immuta_system@immuta.com" }, "name": "PERSON_NAME", "displayName": "Person Name", "description": "Detects strings consistent with a dictionary of people's names.", "type": "builtIn", "config": { "tags": [ "Discovered.PHI", "Discovered.PII", "Discovered.Entity.Person Name", "Discovered.Identifier Indirect" ], "minConfidence": 0.3 }, "id": 54, "createdAt": "2021-10-21T07:35:14.416Z", "updatedAt": "2021-10-21T12:57:43.919Z" } -
Remove the
Discovered.PHItag from the list of tags in the identifierconfig, and save the template payload in a .json file.{ "name": "PERSON_NAME_OVERRIDE", "displayName": "Person Name Override", "description": "This template removes the PHI tag from the PERSON_NAME identifier.", "classifiers": [ { "name": "PERSON_NAME", "overrides": { "tags": [ "Discovered.PII", "Discovered.Entity.Person Name", "Discovered.Identifier Indirect" ] } } ], "sampleSize": 100 } -
Create the template:
Immuta CLI
immuta api sdd/template -X POST --input ./example-payload.jsonHTTP API
curl \ --request POST \ --header "Content-Type: application/json" \ --header "Authorization: 12345678900000" \ --data @example-payload.json \ https://your-immuta-url.immuta.com/sdd/template
If the request is successful, you will receive a response that details the new template:
{
"name": "PERSON_NAME_OVERRIDE",
"displayName": "Person Name Override",
"description": "This template removes the PHI tag from the PERSON_NAME identifier.",
"sampleSize": 100,
"createdBy": {
"id": 1,
"name": "John",
"email": "john@example.com"
},
"id": 1,
"createdAt": "2021-10-21T17:11:18.057Z",
"updatedAt": "2021-10-21T17:11:18.057Z",
"classifiers": [
{
"name": "PERSON_NAME",
"overrides": {
"tags": [
"Discovered.PII",
"Discovered.Entity.Person Name",
"Discovered.Identifier Indirect"
]
}
}
]
}
What's next
Now that you've created a template, continue to one of the following tutorials:
- SDD global settings: Opt to add your template to the SDD global settings so that Immuta will use this template to run SDD for all data sources.
- Run sensitive data discovery on a data source