Create dynamic PBAC policies that are enforced based on permitted data use for each user with easy-to-use consent workflows that audit all aspects of usage.
Purpose-Based Access ControlBefore Immuta
- Highly technical skills, including advanced SQL, required to create policies
- Massive policy burden from having to manually maintain roles
- Policy creation and management centralized to data engineering teams
After Immuta
- Simplify policy creation by allowing authoring in plain language
- Reduce policy burden by 75x with Immuta’s ABAC. Learn more
- Distributed creation and management of policies across multiple stakeholders
Purpose-Based Access Control (PBAC)
Attribute-Based Access Control (ABAC)
Author dynamic ABAC policies using attributes such as geography, time and date, clearance level, and purpose. A single Immuta ABAC policy can replace over 100 roles and policy definitions.
Attribute-Based Access ControlPlain Language Data Policies
Author policies in plain language so all security and governance stakeholders can understand how data is protected, without the need for specialized engineering resources.
Policy-as-Code
Create auditable, reproducible governance configurations using code to enable change management, rollbacks, and testing.
Distributed Stewardship
Empower a wide range of policy stakeholders, from business to technical users, to manage data policies without data engineering expertise.





What is a data access policy and how does it work?
A data access policy is a rule that is created in order to determine which users in an organization can see which data under which circumstances. These access policies, created as part of a data access control framework, should apply across data storage and compute platforms in order to ensure total adherence to access requirements. Built using factors like user roles and/or attributes, a comprehensible data access policies are integral to ensuring appropriate data security and use.
Learn MoreWhat is object-based access control?
Object-Based Access Control implements user authorization by using permissions to define what each user can do to the objects the user has access too.
How does policy-based access management differ from role-based?
The primary way policy-based access management differs from role-based is in regard to how access permissions are determined. Role-based access is determined based on static user roles, such as “analyst,” “compliance officer,” etc. Policy-based access is determined not just on roles, but on policies that can be built on more dynamic factors like attributes and contextual purposes. This can increase the specificity and scalability of access determinations without risking security and efficiency.
What is a policy-based access control example?
Policy-based access controls combine user roles and/or attributes with written policies in order to determine individual access permissions. For example, an organization could create the following data access policy: “Allow users to subscribe when user possesses attribute Department with value Finance On data sources with columns tagged Discovered>Entity>Credit Card Number.” This policy would determine whether or not users at this organization could access credit card number data based on whether or not they are part of the finance department.
What is the purpose of policy-as-code tools?
Policy-as-code tools are used to ensure that comprehensive data policies are translated and enforced in the appropriate platform-specific code for each part of your data ecosystem. Each individual data platform can have its own syntax, technology, or platform-specific implementations, so policy-as-code tools work to operationalize policies regardless of these specificities.

Modernizing From an RBAC to ABAC Model: Is It Hard?
The good news is no. The better news is you are already 90% of the...

SQL Is Your Data Mesh API
What Is a Data Mesh? As Zhamak Dehghani describes in her original article, “How to...

What Is a Data Mesh?
A data mesh is a relatively new data platform architecture that moves away from the..

What is Metadata Management?
Metadata management is the collection of policies, processes, and software/hardware platforms used to manage and...

What Is Data Redaction?
There’s an old adage that all press is good press, but one kind of attention...

What is Differential Privacy? The Ultimate Guide for Data Teams
In today’s day and age, we’re accustomed to technological advances and capabilities being uncovered all...
Have 29 minutes?
Let us show you how Immuta can transform the way you govern and share your sensitive data.