Skip to content

You are viewing documentation for Immuta version 2023.2.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

Clone, Activate, or Stage a Global Policy

Use Case

Compliance Requirement: CCPA, with additional provisions: mask all direct identifiers unless users are acting under a specified purpose and are a CCPA Admin.

To create this additional restriction and remain CCPA compliant, the compliance team could clone the templated CCPA policy in Immuta, edit and activate this more restrictive policy, and then stage the original templated policy.

1 - Clone the CCPA Policy

  1. Click the Policies icon in the left sidebar and navigate to the Data Policies or Subscription Policies tab.
  2. Click the dropdown menu in the Actions column of the CCPA policy and select Clone.

  3. Open the dropdown menu and click Edit in the Global Policy Builder. Then make your changes using the dropdown menus. In our example, the Data Governor adds the condition that users must be a member of group Admins to see unmasked data.

  4. Click Create Policy, select Activate Policy, and then click Confirm.

Note: If a cloned policy contains custom certifications, the certifications will also be cloned.

2 - Stage the Original CCPA Policy

  1. Click the dropdown menu in the Actions column of the original templated CCPA policy and select Stage. Note: If Data Governors decide to make a staged policy active, they select Activate from this dropdown menu.

  2. Click Confirm in the dialog that appears.

The policy is now removed from data sources.


Now that this new CCPA Global Policy is active, users who are acting under the specified purpose and have the attribute Title.CCPA-Admin will see unmasked direct identifiers when accessing data:

No Purpose or Title.CCPA-Admin


Purpose but no Title.CCPA-Admin


Purpose and Title.CCPA-Admin