Skip to content

You are viewing documentation for Immuta version 2022.5.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

cancel

Manage Sensitive Data Discovery Classifiers

Audience: Data Owners and Governors

Content Summary: This page details the immuta sdd classifier command, its subcommands, and its arguments.

Prerequisite

Command Overview: immuta sdd classifier

This command allows you to manage classifiers that will apply tags to data that matches patterns you specify during SDD. The table below illustrates subcommands and arguments.

Subcommands Aliases Description
create save Create a classifier.
delete None Delete the passed classifier.
get None Get a classifier.
search ls, list Search all classifiers.
update None Update a classifier.

Options

Use these options to get more details about the sdd classifier command or any of its subcommands:

  • -h
  • --help
$ immuta sdd classifier -h
Manage Sensitive Data Discovery Classifiers

Usage:
  immuta sdd classifier [command]

Available Commands:
  create      Create an SDD classifier
  delete      Delete the passed SDD classifier
  get         Get an SDD classifier
  search      Search all classifiers
  update      Update an SDD classifier

Flags:
  -h, --help   Help for classifier

Global Flags:
      --config string    Config file (default $HOME/.immutacfg.yaml)
  -p, --profile string   Specifies the profile for what instance/api the cli will use (default "default")

Use "immuta sdd classifier [command] --help" for more information about a command.

Create a Classifier

  1. Save your classifier to a valid YAML or JSON file using these attributes.

    Attribute Description Required
    name string Unique, request-friendly classifier name. Yes
    displayName string Unique, human-readable classifier name. Yes
    description string The classifier description. Yes
    type string The type of classifier: regex, dictionary, columnNameRegex, or builtIn. Yes
    config object May include config.minConfidence, config.values, config.caseSensitive, config.regex, config.columnNameRegex, and config.tags. *See descriptions below. Yes
    minConfidence* number When the detection confidence is at least this percentage, tags are applied. Yes
    tags* array[string] The name of the tags to apply to the data source. Yes
    regex* string A case-insensitive regular expression to match against column values. No
    columnNameRegex* string A case-insensitive regular expression to match against column names. No
    values* array[string] The list of words to include in the dictionary. No
    caseSensitive* boolean Indicates whether or not values are case sensitive. Defaults to false. No

    Examples are provided below.

    Regex Classifier

    {
  "name": "MY_REGEX_CLASSIFIER",
  "displayName": "My Regex Classifier",
  "description": "A classifier using regex",
  "type": "regex",
  "config": {
    "regex": "^[A-Z][a-z]+",
    "minConfidence": 0.5,
    "tags": ["Discovered.regex-example"]
  }
}

    Dictionary Classifier

    {
  "name": "MY_DICTIONARY_CLASSIFIER",
  "displayName": "My Dictionary Classifier",
  "description": "A classifier using dictionary",
  "type": "dictionary",
  "config": {
    "values": ["Bob", "Eve"],
    "caseSensitive": true,
    "minConfidence": 0.6,
    "tags": ["Discovered.dictionary-example", "Discovered.dictionary-identifier-example"]
  }
}

    Column Name Regex Classifier

    {
  "name": "MY_COLUMN_NAME_REGEX_CLASSIFIER",
  "displayName": "My Column Name Regex Classifier",
  "description": "A classifier using column name regex",
  "type": "columnNameRegex",
  "config": {
    "columnNameRegex": "ssn|social ?security",
    "tags": ["Discovered.column-name-example"]
  }
}

  2. Run immuta sdd classifier create <filepath> [flags], referencing the file you just created. The options you can specify include

    • -h or --help: Get more information about the command.
    • -o or --output json | yaml: Specify the output format.
    • --outputTemplate string: Format the response using a Go template.

Example

$ immuta sdd classifier create ./account-classifier.json
Creating classifier from ./account-classifier...
Create successful.

Get a Classifier

Run immuta sdd classifier get <classifierName> [flags], specifying the name of the classifier you would like to get. Options you can specify include

  • -h or --help: Get more information about the command.
  • -o or --output json | yaml: Specify the output format.
  • --outputTemplate string: Format the response using a Go template.

Example

The example below illustrates a user getting a classifier called ACCOUNT_NUMBER_CLASSIFIER.

$ immuta sdd classifier get ACCOUNT_NUMBER_CLASSIFIER
Getting classifier ACCOUNT_NUMBER_CLASSIFIER...
{
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "name": "ACCOUNT_NUMBER_CLASSIFIER",
  "displayName": "Account Number Classifier",
  "description": "This classifier identifies account numbers using a regex",
  "type": "regex",
  "config": {
    "tags": [
      "Discovered.account-number"
    ],
    "regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$",
    "minConfidence": 0.5
  },
  "id": 69,
  "createdAt": "2022-03-28T14:52:14.004Z",
  "updatedAt": "2022-03-28T14:52:14.004Z"
}

Search Classifiers

Run immuta sdd classifier search [string] [flags] to list all classifiers or search classifiers by name. Options you can specify include

  • -h, --help: Help for search.
  • --limit int The search limit for pagination (default 25).
  • --offset int: The search offset for pagination.
  • --order asc | desc: The sort order.
  • -o, --output json | yaml: The output format.
  • --outputTemplate string: Format the response using a Go template.
  • -s, --sort id | name | displayName | type | createdAt | updatedAt: Field to sort by.
  • --type regex | columnNameRegex | dictionary | builtIn: Limit results to the specified classifier type.

Example

The example below illustrates a user searching all classifiers containing account.

$ immuta sdd classifier search account
Searching all classifiers...
ACCOUNT_NUMBER_CLASSIFIER This classifier identifies account numbers using a regex.

Update a Classifier

  1. Update your classifier in a valid YAML or JSON file using these attributes:

    Attribute Description Required
    name string Unique, request-friendly classifier name. Yes
    displayName string Unique, human-readable classifier name. Yes
    description string The classifier description. Yes
    type string The type of classifier: regex, dictionary, columnNameRegex, or builtIn. Yes
    config object May include config.minConfidence, config.values, config.caseSensitive, config.regex, config.columnNameRegex, and config.tags. *See descriptions below. Yes
    minConfidence* number When the detection confidence is at least this percentage, tags are applied. Yes
    tags* array[string] The name of the tags to apply to the data source. Yes
    regex* string A case-insensitive regular expression to match against column values. No
    columnNameRegex* string A case-insensitive regular expression to match against column names. No
    values* array[string] The list of words to include in the dictionary. No
    caseSensitive* boolean Indicates whether or not values are case sensitive. Defaults to false. No

  2. Run immuta sdd classifier update <classifierName> <filepath> [flags], referencing the file you just updated. The options you can specify include

    • -h or --help: Get more information about the command.
    • -o or --output json | yaml: Specify the output format.
    • --outputTemplate string: Format the response using a Go template.

Example

The example below illustrates a user updating a classifier named ACCOUNT_NUMBER_CLASSIFIER.

$ immuta sdd classifier update ACCOUNT_NUMBER_CLASSIFIER ./account-classifier -o json
{
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "name": "ACCOUNT_NUMBER_CLASSIFIER",
  "displayName": "Account Number Classifier",
  "description": "This classifier identifies account numbers using a regex.",
  "type": "regex",
  "config": {
    "tags": [
      "Discovered.account-number"
    ],
    "regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$",
    "minConfidence": 0.5
  },
  "id": 69,
  "createdAt": "2022-03-28T14:52:14.004Z",
  "updatedAt": "2022-03-28T15:25:28.575Z"
}

Delete a Classifier

Run immuta sdd classifier delete <classifierName> [flags] to delete the classifier. The options you can specify include

  • -h or --help: Get more information about the command.
  • -o or --output json | yaml: Specify the output format.
  • --outputTemplate string: Format the response using a Go template.

Example

$ immuta sdd classifier delete ACCOUNT_NUMBER_CLASSIFIER -o json
{
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "name": "ACCOUNT_NUMBER_CLASSIFIER",
  "displayName": "Account Number Classifier",
  "description": "This classifier identifies account numbers using a regex.",
  "type": "regex",
  "config": {
    "tags": [
      "Discovered.account-number"
    ],
    "regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$",
    "minConfidence": 0.5
  },
  "id": 69,
  "createdAt": "2022-03-28T14:52:14.004Z",
  "updatedAt": "2022-03-28T15:25:28.575Z"
}