Skip to content

You are viewing documentation for Immuta version 2022.5.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

Chapter 5 - Collaborating, Writing, and Sharing

Audience: Data Owners, Data Governors, and Data Users

Content Summary: This page sets the context for using projects in Immuta. There is an outline of best practices, a use case, and links to tutorials.



Projects combine users and data sources under a common purpose. This purpose can then be used to restrict access to data and streamline team work. Projects also include

  • Project Equalization: When this feature is enabled, users working under the same project see the same data, regardless of their varying levels of access.
  • Project workspaces: This feature allows users to write data back to Immuta and share their analysis with other users.

Best Practices: Using Immuta Projects

  1. Use a naming convention for projects that reflects the naming convention for databases. (e.g., If the project in Dev is called: “my_project” name the project “dev_my_project.") The data will end up in the project database prefix, so you can trace the source and make edits upstream in that project as necessary.
  2. Use Project Equalization so that all project members see the same data, and re-equalize projects if new members or data sources are added to the project.
  3. Use Immuta's recommended Equalized Entitlements to protect your data in projects.
  4. Use project workspaces to allow users to write data back to Immuta.
  5. Consider purposes as attributes. Attributes identify a user, and purposes identify why that user should have access.

Chapter 5 Use Case Scenario

Use Case

This use case is presented throughout this chapter in a call-out to illustrate specific project features. The solutions presented can be adjusted to meet your specific needs.

This organization manages access to multiple environments (Dev, Test, and Prod). They redact PII for all users through Global Subscription Policies and Global Data Policies, but they have additional requirements to fulfill:

  1. They need users to only WRITE to specified locations in Dev (and this written data should be sharable with other users in Dev).
  2. The code executed in Test and Prod should only WRITE to certain locations.

These requirements can be met when Data Owners collaborate with admins and complete the objectives outlined below.

Chapter Objectives

In this chapter, you will complete tutorials that demonstrate how to

  1. create a project and manage the project subscription policy.
  2. enable Project Equalization.
  3. write data to a project workspace.
  4. create a derived data source.

Chapter Contents

Concept Overviews: Each of these pages explains a concept and how it connects to other features in Immuta.

Tutorials: Each of these pages provides step-by-step instructions for using a feature in Immuta.

Policy as Code: API Reference Guides: This page details how to access Immuta through the API.