Policy Authoring

Immuta allows cross-functional teams involved with data security to work together to write, apply, and maintain data policies in plain language or as code.

Request A Demo
Accelerate secure data access
Before Immuta
  • Highly technical skills, including advanced SQL, required to create policies
  • Massive policy burden from having to manually maintain roles
  • Policy creation and management centralized to data engineering teams
After Immuta
  • Simplify policy creation by allowing authoring in plain language
  • Reduce policy burden by 75x with Immuta’s ABAC. Learn more
  • Distributed creation and management of policies across multiple stakeholders
Purpose-Based Access Control (PBAC)

Create dynamic PBAC policies that are enforced based on permitted data use for each user with easy-to-use consent workflows that audit all aspects of usage.

Purpose-Based Access Control
Attribute-Based Access Control (ABAC)

Author dynamic ABAC policies using attributes such as geography, time and date, clearance level, and purpose. A single Immuta ABAC policy can replace over 100 roles and policy definitions.

Attribute-Based Access Control
Plain Language Data Policies

Author policies in plain language so all security and governance stakeholders can understand how data is protected, without the need for specialized engineering resources.


Create auditable, reproducible governance configurations using code to enable change management, rollbacks, and testing.

Distributed Stewardship

Empower a wide range of policy stakeholders, from business to technical users, to manage data policies without data engineering expertise.

Explore more of Immuta’s Capabilities


Identify your sensitive data by scanning, tagging, and classifying.

Learn More

Write data policies in plain language, enabling data policy democratization.

Learn More

Fine-grained data security with ABAC, enforced at scale.

Learn More

Advanced Privacy Enhancing Techniques (PETs) for data masking and obfuscation.

Learn More

Prove compliance with tracking, auditing, and reporting.

Learn More

Frequently Asked Questions

What is a data access policy and how does it work?

A data access policy is a rule that is created in order to determine which users in an organization can see which data under which circumstances. These access policies, created as part of a data access control framework, should apply across data storage and compute platforms in order to ensure total adherence to access requirements. Built using factors like user roles and/or attributes, a comprehensible data access policies are integral to ensuring appropriate data security and use.

Learn More
What is object-based access control?

Object-Based Access Control implements user authorization by using permissions to define what each user can do to the objects the user has access too.

How does policy-based access management differ from role-based?

The primary way policy-based access management differs from role-based is in regard to how access permissions are determined. Role-based access is determined based on static user roles, such as “analyst,” “compliance officer,” etc. Policy-based access is determined not just on roles, but on policies that can be built on more dynamic factors like attributes and contextual purposes. This can increase the specificity and scalability of access determinations without risking security and efficiency.

What is a policy-based access control example?

Policy-based access controls combine user roles and/or attributes with written policies in order to determine individual access permissions. For example, an organization could create the following data access policy: “Allow users to subscribe when user possesses attribute Department with value Finance On data sources with columns tagged Discovered>Entity>Credit Card Number.” This policy would determine whether or not users at this organization could access credit card number data based on whether or not they are part of the finance department.

What is the purpose of policy-as-code tools?

Policy-as-code tools are used to ensure that comprehensive data policies are translated and enforced in the appropriate platform-specific code for each part of your data ecosystem. Each individual data platform can have its own syntax, technology, or platform-specific implementations, so policy-as-code tools work to operationalize policies regardless of these specificities.

Have 29 minutes?

Let us show you how Immuta can transform the way you govern and share your sensitive data.