Skip to content

You are viewing documentation for Immuta version 2023.2.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

Writing Global Policies for Compliance

When used with sensitive data discovery and Discovered tags, global policies are enforced on data sources as they are created.

For example, if an organization's compliance requirements state that access to personal information is restricted to users within the corresponding country or geographic region, they could write a global policy in Immuta that enforces that requirement before users have begun connecting data:

Only show rows where user possesses an attribute in OfficeLocation that matches the value in the column tagged Discovered . Country for everyone.

Best practices for writing global policies

The best practices outlined below will also appear in callouts within relevant tutorials.

  1. Use schema monitoring to assess changes to data sources.
  2. Activate the new column added templated global policy to protect potentially sensitive data before data owners can review new columns that have been added.
  3. Write global policies using Discovered tags and attributes before connecting data.
  4. Use global policies instead of local policies to manage data access.
  5. In most cases, the goal is to share as much data as possible while still being compliant with privacy regulations. Immuta recommends a scale of wide subscription policies and specific data policies to give as much access as possible.
  6. Use the minimum amount of policies possible to achieve the data privacy needed.

Section contents

This section includes conceptual, reference, and how-to guides for creating policies. Some of these guides are provided below. See the left navigation for a complete list of resources.

Concept guides

Reference guides

How-to guides

Advanced how-to guides: