Clone, Activate, or Stage a Global Policy
Use Case
Compliance Requirement: CCPA, with additional provisions: mask all direct identifiers unless users are acting under a specified purpose and are a CCPA Admin.
To create this additional restriction and remain CCPA compliant, the compliance team could clone the templated CCPA policy in Immuta, edit and activate this more restrictive policy, and then stage the original templated policy.
1 - Clone the CCPA Policy
- Click the Policies icon in the left sidebar and navigate to the Data Policies or Subscription Policies tab.
-
Click the dropdown menu in the Actions column of the CCPA policy and select Clone.
-
Open the dropdown menu and click Edit in the Global Policy Builder. Then make your changes using the dropdown menus. In this illustration, the Data Governor added the condition that users must be a member of group
Admins
to see unmasked data. -
Click Create Policy, select Activate Policy, and then click Confirm.
Note: If a cloned policy contains custom certifications, the certifications will also be cloned.
2 - Stage the Original CCPA Policy
-
Click the dropdown menu in the Actions column of the original templated CCPA policy and select Stage. Note: If Data Governors decide to make a staged policy active, they select Activate from this dropdown menu.
-
Click Confirm in the dialog that appears.
The policy is now removed from data sources.
Results
Now that this new CCPA Global Policy is active, users who are acting under the specified purpose and have the
attribute Title.CCPA-Admin
will see unmasked direct identifiers when accessing data:
No Purpose or Title.CCPA-Admin
Purpose but no Title.CCPA-Admin
Purpose and Title.CCPA-Admin