Immuta v2023.1 Release Notes
Immuta v2023.1.2
Immuta v2023.1.2 was released May 25, 2023.
Bug Fixes
- The Redshift integration did not properly create views for tables that included column names with special characters.
When users queried those views, they received
column doesn't exist
errors. - When configuring Snowflake object tag ingestion, the connection failed if the host provided was a Snowflake PrivateLink URL.
- Fix to address a race condition that prevented job clusters from starting properly on Databricks runtimes 9.1 and 10.4.
- Vulnerability:
CVE-2023-32314
Immuta v2023.1.1
Immuta v2023.1.1 was released May 2, 2023.
Bug Fixes
- The enhanced subscription policy variable
@hasTagAsAttribute
did not unsubscribe users with that attribute from the data source when a matching column tag was removed. - Running an external catalog sync did not trigger policy updates when only table tags had changed. If users only added or removed table tags, global policy updates were not applied to data sources.
- Fix to repair impact of a change in Databricks that caused an error on clusters with the
Databricks Spark integration with Unity Catalog support enabled. This error appeared with a stack trace that includes
the error text
Caused by: java.lang.NoSuchFieldException: unityTokenOpt
. - Snowflake integration:
- Connection validation failed if users created a custom system account role name when setting up the integration.
- Snowflake table grants did not properly update user subscriptions to data sources if their group in Immuta was renamed and the group name was used in an automatic subscription policy.
- If a group's access was revoked from a data source in Immuta (manually or through a policy), table grants was not issuing revokes in Snowflake for members of the group that lost its subscription status, allowing them to still access that data. However, if low row access policies for Snowflake was disabled, all the rows in the data source were appropriately hidden.
Immuta v2023.1.0
Immuta v2023.1.0 was released March 30, 2023.
New Features and Enhancements
- The Starburst (Trino) integration v2.0 is generally available. Immuta’s Starburst integration v2.0 allows you to access policy-protected data directly in your Starburst (Trino) catalogs without rewriting queries or changing your workflows. Instead of generating policy-enforced views and adding them to an Immuta catalog that you have to query (like in the legacy Starburst integration), Immuta policies are translated into Starburst rules and permissions and applied directly to tables within your existing catalogs.
- The Default subscription policy option allows you to choose whether or not a subscription policy will automatically restrict access to tables when they are registered as Immuta data sources. By default, Immuta does not apply a subscription policy on data you register (unless an existing global policy applies to it) so that you can preserve policies applied by your underlying data platform on those tables, leaving existing access controls and workflows intact.
- Snowflake low row access policy mode improves query performance in Immuta's Snowflake integration by decreasing the number of Snowflake row access policies Immuta creates.
- Snowflake table grants is generally available. Let Immuta manage privileges on your Snowflake tables instead of manually granting table access to users. With Snowflake table grants enabled, Snowflake Administrators don't have to manually grant table access to users; instead, Immuta manages privileges on Snowflake tables and views according to the subscription policies on the corresponding Immuta data sources.
- Block a set of Immuta's custom user-defined functions (UDFs) from being used on your Databricks Spark clusters. Blocking use of these functions allows you to restrict users from changing projects within a session.
- Left navigation UI enhancement. The left navigation includes two tiers and reorganizes several pages:
- Data includes the data sources and projects pages.
- People includes the admin page.
- Policies includes the subscription policies and data policies pages.
- Tag enhancements feature is generally available and updates various components of the UI.
- Support for Databricks Runtime 11.3 LTS.
Bug Fixes
- When applying a global subscription policy that uses the
@hasTagAsGroup
orhasTagAsAttribute
enhanced subscription policy variable (for example, "Allow users to subscribe when@hasTagAsAttribute('AllowedAccess', 'dataSource')
on all data sources") to a data source, user access was restricted as expected; however, if the data source tag changed through the Immuta V2 API, access wasn't changed, which could potentially allow users to see data that they shouldn't. Additionally, access wasn't changed if the policy was removed. - Users could not save configuration changes if they enabled Snowflake table grants after creating the integration.
- Users were unable to add S3 data sources through the Immuta API using instance role as the authentication method.
- Users could not save configuration changes if they edited an existing Snowflake integration.
- Vulnerabilities:
CVE-2022-23491
CVE-2022-23529
CVE-2022-32149
CVE-2022-40899
Known Bugs
Editing a schema project to a database that already exists fails.
Deprecations and Breaking Changes
Removed Databases
The following databases have been removed from the product.
Feature | Deprecation Notice | End of Life (EOL) |
---|---|---|
Apache Hive | 2022.5 | 2023.1 |
SAP Hana | 2022.5 | 2023.1 |
Teradata Native Lite | 2022.5 | 2023.1 |
Vertica | 2022.5 | 2023.1 |
Removed Feature
Users can no longer register multiple data sources that reference the same underlying table in their remote data platform. Existing duplicate data sources that point to the same remote table will not be affected by this change; this feature removal only applies to data source creation.
Deprecated Features
Deprecated items remain in the product with minimal support until their end of life date.
- External Masking
- Custom server plugins
Breaking Change
Users can no longer set schema
to null
when bulk updating data sources using the
api/v2/data
endpoint.
v2023.1.0 Migration Note
All users must be on Immuta version 2022.5 or newer to migrate directly to 2023.1.