Scalable, Attribute-Based Access Control

Immuta’s flexible Policy Builder, available as code yet readable in plain text by compliance teams, empowers data teams to create automated policies to govern cloud data use – scaling user adoption, eliminating approval bottlenecks, and providing trust with compliance and governance teams.

Request a Demo

Build Policies in Plain English

Immuta’s explainable policy builder lets users author policies in plain English, so all security and governance stakeholders can understand how analytics access control is managed and protected. Data engineers can also use Immuta’s Policy as Code capabilities to make policies extensible to other tools in the data stack. This approach improves collaboration and fits seamlessly into modern DataOps workflows.

100X More Scalable Than Any Alternative

Many data engineering and administration teams suffer from “role explosion,” requiring them to manage hundreds or thousands of user roles to control access to data in specific tables or databases due to static or role-based policies. Immuta solves this problem with attribute-based access control. Unlike open source solutions such as Apache Ranger, this approach uses dynamic user subject attributes, such as geography, time and date, clearance level, and purpose, represented as policy variables, to make context-aware decisions at query time. This means that a single Immuta ABAC policy can replace over a hundred roles, saving time and reducing security risks.

Easily Limit Data Use to Specific Purposes

New and expanding government regulations such as CCPA and the GDPR prevent analytics teams from legally using sensitive data without clear and intended purposes. Immuta provides easy-to-use consent workflows for data teams to audit usage purposes and create attribute-based controls that enforce who can use what data and why. With streamlined workflows for consent, it’s easier to comply with legal guidelines and prove that compliance when necessary.

Secure Data Collaboration

Immuta features a patented, policy-based approach using data-level zones that manage read/write access across users with different permissions. By using data-level zones, Immuta automatically equalizes access rights for all users, making it easy and safe to publish derived data sets without leaking data to users with different permissions.

Attribute-Based Access Control

Frequently Asked Questions

  • What is attribute-based access control and why is it important?

    Data access control is used to manage access to a company’s data by allowing access to authorized database users and restricting access to unauthorized internal and external individuals. If used correctly, it offers a variety of business benefits, including increased efficiency of data analytics, data governance, data-rich application development, and compliance, and quicker results and value derived from sensitive data.

  • What is fine-grained access control?

    Fine-grained access control is a method of managing data access that uses specific and different policies to restrict access at the row-, column-, and cell-level, ensuring that sensitive information is thoroughly protected when large amounts of data are stored together. With fine-grained access control, each data point has a unique access control policy, making protection measures more precise and allowing data with varying regulatory requirements to be securely stored and used together.

  • What’s the difference between RBAC and ABAC?

    • RBAC permits or restricts data access based on the privileges associated with a user’s role within an organization. Privileges can only be changed or added if a new role is created.
    • ABAC is more dynamic. It permits or restricts data access based on a variety of independently provisioned and environmental characteristics, such as assigned user, action, and environmental attributes.
  • What are attribute-based access control implementation best practices?

    Attribute-based access control (ABAC) is a dynamic and multidimensional approach to data security. When implementing ABAC, it is best to ensure you have a tool that enables simple, scalable policy creation in order to avoid unnecessary manual work or role-explosion. The ABAC model should also be flexible, with the ability to adapt to the ever-changing world of compliance and governance. Automation, universal cloud compatibility, and customized permissions can work in tandem to provide users with safe and effective access to their data. Immuta’s attribute-based access control model provides these features and more.

Ready to get started?

Request a Demo Build a Policy Now