Manage Policies
Audience: Data Owners and Governors
Content Summary: This page details the
immuta policy
command, its subcommands and arguments, and the workflow for creating, renaming, cloning, and deleting Global Policies.
Command Overview: immuta policy
This command allows you to list, save, delete, and rename Global Policies in your instance of Immuta. The table below illustrates subcommands and arguments.
Subcommands | Description | Argument(s) |
---|---|---|
clone |
Clone and save all Global Policies to files. | filepath |
delete |
Delete a Global Policy by policy key. | policy key |
list |
List all Global Policy keys. | n/a |
rename |
Rename the Global Policy key. | new policy key |
save |
Create or update a Global Policy in Immuta. | filepath |
Options
Use these options to get more details about the policy
command or any of its subcommands:
-h
--help
Create a Policy: immuta policy save
-
Add your policy information in a valid YAML file for the V2 API. Additional payload examples for creating policies can be found here:
name: Conditional Masking policyKey: data conditional masking type: data actions: - rules: - type: Masking config: fields: - type: columnTags columnTag: Discovered.PII conditionalPredicate: "@columnTagged('Discovered.Country') = 'USA'" maskingConfig: type: Hash circumstanceOperator: all circumstances: - type: columnTags columnTag: Discovered.PII - type: columnTags columnTag: Discovered.Country
-
Run
immuta policy save <filepath> [--dryRun] [--reCertify]
, referencing the file you just created. The options you can specify include-d
or--dryRun
: No updates will actually be made.-h
or--help
: Get more information about the command.--reCertify
: If the certification has changed, someone will need to re-certify this policy on all impacted data sources.
Examples
The example below illustrates a user listing all policies and then creating a policy called data conditional masking
.
$ immuta policy list
New Column Added
$ immuta policy save ./test-policy.yml
{"dryRun":false,"creating":true,"updating":false,"policyId":4}
$ immuta policy list
New Column Added
data conditional masking
Rename a Policy Key: immuta policy rename
-
Opt to list all policy keys to identify which policy you would like to rename by running
immuta policy list
. Options you can specify include-h
or--help
: Get more information about the command.-v
or--verbose
: Print response as JSON.
-
Rename the policy key by running
immuta policy rename <old policy key> <new policy key>
, enclosing the name of the policy key in quotation marks. Options you can specify to get more information about this command include-h
or--help
.
Example
The example below illustrates a user renaming the data conditional masking
policy key to Data Masking
.
$ immuta policy list
New Column Added
data conditional masking
$ immuta policy rename "data conditional masking" "Data Masking"
{"oldPolicyKey":"data conditional masking","newPolicyKey":"Data Masking"}
$ immuta policy list
Data Masking
New Column Added
Clone Global Policies: immuta policy clone
Clone and save all Global Policies to a file by running immuta policy clone <filepath>
. Options you can specify
include
--force
: Overwrite existing output directory targets. If this flag is omitted, you will receive an error when the output directory exists and is not empty.-h
,--help
: Get more information about the command.-v
or--verbose
: Print response as JSON.
Example
The example below illustrates cloning and saving all Global Policies to a policy
folder. In this example,
only one Global Policy existed: Test
.
$ immuta policy clone ./your-file-path/policy-folder
Cloning all global policies...
Cloning: Test to Desktop/clone-policies/policy/Test.yaml
Delete a Policy: immuta policy delete
-
Opt to list all policy keys to determine which policy key you would like to delete by running
immuta policy list
. Options you can specify include-h
or--help
: Get more information about the command.-v
or--verbose
: Print response as JSON.
-
Delete a policy key by running
immuta policy delete <policy key> [--dryRun]
. Options you can specify include-d
or--dryRun
: No updates will be made.-h
or--help
: Get more information about the command.
Example
The example below illustrates a user deleting the Data Masking
policy.
$ immuta policy list
Data Masking
New Column Added
$ immuta policy delete "Data Masking" --dryRun
{"dryRun":true,"deleting":"Data Masking"}
$ immuta policy delete "Data Masking"
{"dryRun":false,"deleting":"Data Masking"}
$ immuta policy list
New Column Added