Capabilities

Data Access Control

Immuta pioneered the category of automated, fine-grained access control over sensitive analytics data. Now, data engineering teams can ensure analysts have the right level of access to the right data, without making copies, struggling with complex role-based access or adding new tools or data infrastructure.

Request a Demo

Explainable Policy Builder

Immuta’s no-code policy builder lets you author policies in plain English, without code, so all security and governance stakeholders understand how analytics access control is managed and protected. Data engineers can also use Immuta’s rich APIs to make policies extensible to other tools in the data stack.

Column-, Row- and
Cell-level Security

Immuta uniquely provides fine-grained access control at the column-, row- and cell-level, with native support for Databricks, Snowflake and other leading data platforms. Data within protected rows or cells will dynamically appear, change or disappear based on access control policies enforced dynamically at query time.

Watch the Demo

Privacy Enhancing Technologies (PETs)

For organizations subject to one or more privacy regulations, Immuta’s access control policies include advanced Privacy-Enhancing Technologies (PETs) — such as dynamic data masking, differential privacy, k-anonymization, and randomized response — to protect private data and ensure compliance. Immuta’s PETs are enforced dynamically at query time without copying data or requiring any manual data preparation.

Attribute-Based
Access Controls

Many data engineering and administration teams suffer from “role-explosion,” requiring the management of hundreds or thousands of user roles to control access to data in specific tables or databases. Immuta solves this problem with attribute-based access control (ABAC), which uses dynamic attributes to enforce data protection at query time. Because Immuta’s architecture decouples users and authorization, it can enforce dynamic policies based on data and user attributes such as geography, time and date, clearance level and purpose. A single Immuta ABAC policy can replace over 100 roles, saving time and reducing security risks.

Watch the Demo

Purpose-Based
Access Controls

New and expanding government regulations, such as CCPA and the GDPR, prevent analytics teams from legally using sensitive data without clear and intended ‘purposes’. Immuta provides consent workflows for your data platform to audit purpose and create attribute-based controls that enforce who can use what data and why. Now you can limit data use to specific purposes, ensuring that specific datasets are accessed only under legal purposes.

Watch the Demo

Explore More of Immuta's Capabilities

Ready to get started?

Request a Demo Start a Trial

Frequently Asked Questions

  • What is data access control and why is it important?

    Data access control is used to manage access to a company’s data by allowing access to authorized database users and restricting access to unauthorized internal and external individuals. If used correctly, it offers a variety of business benefits, including increased efficiency of data analytics, data governance, data-rich application development, and compliance, and quicker results and value derived from sensitive data.

  • What is fine-grained access control?

    Fine-grained access control is a method of managing data access that uses specific and different policies to restrict access at the row-, column-, and cell-level, ensuring that sensitive information is thoroughly protected when large amounts of data are stored together. With fine-grained access control, each data point has a unique access control policy, making protection measures more precise and allowing data with varying regulatory requirements to be securely stored and used together.

  • What’s the difference between RBAC, ABAC, and PBAC?

    • RBAC permits or restricts data access based on the privileges associated with a user’s role within an organization. Privileges can only be changed or added if a new role is created.
    • ABAC is more dynamic. It permits or restricts data access based on a variety of independently provisioned and environmental characteristics, such as assigned user, action, and environmental attributes.
    • PBAC only looks at contextual and environmental factors. PBACs are complex, dynamic, and easily changeable. This approach is an essential tool for compliance with core data regulations that require sensitive data use to have a clear and intended ‘purpose.’