Skip to content

You are viewing documentation for Immuta version 2023.1.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

Write a Time-Based Restriction Policy

Use Case

A company in the financial services industry conducts an analysis of changes in rate of return in customer portfolios over the past 2 years.

Compliance Requirement: Access to data sources will be limited to users by only showing recent data within the past 2 years.

For this organization's purposes, they should write a time-based restriction policy for the selected data sources, so that only data more recent than 2 years will be shown for all users. The steps below use this scenario to illustrate the policy, but other policy builder options are noted throughout the tutorial.

  1. Navigate to the Data Policies tab on the Policies page.

  2. Click Add Policy, enter a name for the policy, and select Only show data by time from the first dropdown.

  3. Select where data is more recent than or older than from the next dropdown, and then enter the number of minutes, hours, days, or years that you would like to restrict the data source to. Note that unlike many other policies, there is no field to select a column to drive the policy. This type of policy will be driven by the data source's event-time column, which is selected at data source creation.

  4. Select for everyone from the next dropdown menu to continue the condition. Additional options include for everyone except and for everyone who.

    • If you select for everyone except, you must select conditions that will drive the policy such as group, purpose, or attribute key / value pair.

    • If you choose for everyone who as a condition, you will need to complete the Otherwise clause before continuing to the next step.

    • You can add more than one condition by selecting + ADD. The dropdown menu in the far right of the Policy Builder contains conjunctions for your policy. If you select or, only one of your conditions must apply to a user for them to see the data. If you select and, all of the conditions must apply.

  5. Opt to complete the Enter Rationale for Policy (Optional) field, and then click Add.

  6. Click the dropdown menu beneath Where should this policy be applied, and select On all data sources. Additional options include On data sources and When selected by data owners.

    If you select On data sources, finish the condition in one of the following ways:

    • Tagged: Select this option and then search for tags in the subsequent dropdown menu.

    • With columns tagged: Select this option and then search for tags in the subsequent dropdown menu.

    • With column names spelled like: Select this option, and then enter a regex and choose a modifier in the subsequent fields.

    • In server: Select this option and then choose a server from the subsequent dropdown menu to apply the policy to data sources that share this connection string.

    • Created between: Select this option and then choose a start date and an end date in the subsequent dropdown menus.

  7. Click Create Policy, and then click Activate Policy or Stage Policy.