Data provisioning requires not just access and policy automation, but proof of compliance.
When we talk about Immuta and data provisioning, we usually describe three core pillars of what we do: govern, access, and comply.
With comply, Immuta unifies audit logs from across your data ecosystem into a single view — giving governance and security teams the power to answer the simplest but most important compliance questions from one single place: Who accessed what data? When, where, why, and how?
But beyond the “who” and “what,” Immuta adds the why it matters. It layers in data sensitivity, policy context, and access patterns to help teams determine whether that activity was expected or anomalous. That’s the difference between a traditional SIEM view and Immuta’s data-centric compliance lens.
This is the compliance layer of the data provisioning workflow, the connective tissue between policy, access, and proof.
By bringing these pieces together, Immuta closes the loop on data provisioning, ensuring that every request and approval is backed by continuous, contextual evidence of compliance.
For compliance and governance teams, understanding how data is actually used is critical, not just from a security perspective, but for recertifications, risk assessments, and regulatory reporting. Historically, that visibility has been fragmented. Each compute (e.g. Databricks, Snowflake, etc) environment has its own audit logs and query histories.
That meant teams had to manually piece together what was happening across systems, making it difficult for non-technical users to answer questions like:
By combining query audit logs from Databricks, Snowflake, Trino and others into a universal audit log format, Immuta’s unified audit model eliminates that friction by centralizing all of this into one compliance-ready view. Additionally, this provides significant benefits for user agents (which can be tools, applications, or security/compliance systems) looking to consume this information as it eliminates the need for user agents to write separate, complex parsers and logic for each platform’s unique log format.
Until now, Databricks Unity Catalog audits were not as comprehensive as those from other compute platforms. Visibility into query-level details and linkage between user activity and Immuta-managed data sources was limited.
Governance and compliance teams often had to go directly into Databricks system tables, sift through logs, and correlate users, queries, and data assets manually — a time-consuming and highly technical process.
With this month’s update, Immuta’s Databricks Unity Catalog Query Audit has been completely overhauled.
This enhancement introduces a new audit ingestion query powered by Databricks’ system.query.history and system.access.column_lineage tables. Immuta now joins these system tables to produce a unified, enriched view of query activity — directly in the Immuta UI or via exportable audit logs.
userAgent, requestId, and clientIp are deprecated — replaced with richer, system-derived metadata.This update isn’t just technical, it’s strategic.
By improving how Immuta collects and reconciles Databricks Unity Catalog query data, we now have accurate, trustworthy insights. That means we can precisely measure how many users are running queries against Immuta-protected data sources in Unity Catalog.
This accuracy is a critical prerequisite for what comes next: the AI-powered recertification flow. In the near future, Immuta will automatically surface recommendations based on actual usage — showing whether a user has made use of their data access. That workflow depends on precise, comprehensive audit data. This update makes that possible.
So beyond compliance reporting, this change sets the stage for data-driven governance automation, reducing manual oversight while improving accountability and trust.
The need for precise audit and compliance context is growing exponentially.
Generative AI has changed who the “data consumer” is. You no longer have to be technical to query data — meaning the number of users, use cases, and potential misuse scenarios has exploded.
At the same time, non-human identities are now entering the system. AI agents and automated workflows are consuming data alongside people. That creates a new challenge: it’s not just a scale problem, it’s a classification and behavior problem.
Organizations must now distinguish between human and non-human activity, identify patterns, and triage anomalies in near real-time. Accurate, unified audit data is what makes that possible. Without it, governance teams are blind to how AI agents are using — or potentially misusing — data at scale.
This Databricks Unity Catalog audit update is an early but essential step toward that future: giving organizations the visibility they need to govern both human and machine-driven access safely.
This update isn’t just about Databricks — it’s about building the intelligence layer for modern data compliance.
With accurate, unified audit data, Immuta empowers teams to:
It’s compliance without complexity, and another step toward Immuta’s mission of being The Data Provisioning Company: making governed, auditable data access seamless from policy to proof.
Learn more:
Explore how Databricks Unity Catalog Query Audit Logs work in Immuta’s documentation.
Take a closer look at all of our data provisioning updates.
