Cloud Pak for Data Group

Expand all | Collapse all

How to Make and Adopt Rule

  • 1.  How to Make and Adopt Rule

    Posted Mon April 27, 2020 08:54 PM
    Hello,

    I want to mask a specific data using rule, however it and its IBM documents are more complicated than I expect.
    So could you tell me about the point below?

    ・The brief description about the each function of Rule, Rule Definition, Data Class.
    ・The procedure or use case about creating and adopting rules.
    ・The type of assets which can be restricted by rules (ex. catalog, assets in data virtualization, assets in project).
    ・Whether rule depends on users or not (ex. If admin creates a rule, only he can see the data not masked).

    Kind regards,
    Chris

    ------------------------------
    Chris
    ------------------------------


  • 2.  RE: How to Make and Adopt Rule

    Posted Tue April 28, 2020 05:07 AM

    Hi,

    Did you have a look at the IIS documentation?:

    https://www.ibm.com/support/knowledgecenter/SSZJPZ_11.7.0/com.ibm.swg.im.iis.igcug.doc/topics/t_igcug_discovering.html

    This should have good explanation/examples.

    Thanks



    ------------------------------
    TOMASZ HANUSIAK
    ------------------------------



  • 3.  RE: How to Make and Adopt Rule

    Posted Tue April 28, 2020 10:23 AM

    Hi Chris.

    Have you evaluated the Data masking feature
    https://www.ibm.com/support/knowledgecenter/SSZJPZ_11.7.0/com.ibm.swg.im.iis.ds.entpak.opt.doc/topics/c_dmp_container_usage.html



    ------------------------------
    Patrick van Nieuwenhuyze
    ------------------------------



  • 4.  RE: How to Make and Adopt Rule

    Posted 29 days ago
    hi Chris

    The recommendations so far have pointed you to IIS documentation; but I think you want to discuss "masking data" specifically within Cloud Pak for Data; correct?

    So, as you probably know, Cloud Pak for Data; comprises a number of different types of rule (each with a different purpose). The rule type you are interested in - for masking data - is a data protection rule. This is documented in the v2.5 product documentation here: https://www.ibm.com/support/producthub/icpdata/docs/content/SSQNUZ_current/wsj/governance/dmg_rules.html .

    Data protection rules are evaluated/applied, for example - when you access an asset in a governed catalog. If the rule criteria is met; then the rule action is applied. The link above also contains information of how/when data protection rules are applied; here is an extract: "Data protection rules apply to all governed catalogs and all assets within these catalogs. Data protection rules are automatically enforced when a catalog member attempts to view or act on a data asset in a governed catalog to prevent unauthorized users from accessing sensitive data. However, if the user who is trying to access the asset is the owner of the asset (by default, the user who created the asset), then access is always granted."

    Note - that in v3.0 (to be released GA soon) - it will be possible to leverage data protection rules & policies for Data Virtualization.

    This page takes you through the creation/configuration of a data protection rule: https://www.ibm.com/support/producthub/icpdata/docs/content/SSQNUZ_current/wsj/governance/manage_dp_rules.html .

    Which documentation did you find complicated? Maybe it needs to be amended?!

    ------------------------------
    JOHN MATTHEWS
    ------------------------------



  • 5.  RE: How to Make and Adopt Rule

    Posted 22 days ago
    Hello,

    Thank you everyone for your reply.
    I understand the rule system came from Information Governance.
    Stil It is somehow difficult for me to adapt the rules because its making process is complicated, and there are similar functions such as Rule definiton, Classification, etc.
    What is worse, it is not possible even for Admin user to know which rules are adapted to each catalogs when I cannot see them.
    I hope the way of adapting rules becomes simple, and the sample usecase is written on the official knowledge page.

    Thank you,
    Chris

    ------------------------------
    Chris
    ------------------------------



  • 6.  RE: How to Make and Adopt Rule

    Posted 21 days ago
    hi Chris

    For masking - you are only interested in "Data protection rules". Forget everything else - Classifications etc - they are not applicable for masking.
    You can view Data protection rules (& Governance rules) under Organize > Data and AI governance > Rules. You can then filter using the "All rule types" drop-down; and selecting "Data protection rules".
    Data protection rules are evaluated/applied, for example - when you access an asset in a governed catalog.

    ------------------------------
    JOHN MATTHEWS
    ------------------------------



  • 7.  RE: How to Make and Adopt Rule

    Posted 18 days ago
    Hello,

    Thank you for your cooperation.
    I have not succeeded at adapting rules and protecting specific data yet,
    and what I want to ask you is...
    1. What is governed catalog? Is that different from Default Catalog?
    2. When Admin published an asset to the catalog, other users could not see it. what restriction is implemented?
         In this case, it is not worth using any rules.

    Kind regards,
    Chris

    ------------------------------
    Chris
    ------------------------------



  • 8.  RE: How to Make and Adopt Rule

    Posted 18 days ago
    Edited by JOHN MATTHEWS 18 days ago
    hi Chris

    re. your questions:

    1. The default catalog is automatically governed. For subsequent catalogs (that you create), you can choose whether the catalog is governed or ungoverned; you can't change this governance setting after you create a new catalog. To easily see whether an existing catalog is governed or not; simply open the catalog and click Settings to go to the Settings page.

    governed catalog
    Once a catalog administrator has created a new catalog (or is administering the default one) - they can start adding assets and collaborators to it (see below for more info on collaborators).

    2. As you are probably aware - for a user to access a catalog they must, at a minimum, have the "Access catalog" permission. Most of the predefined roles out-of-the-box have this permission already; for example: Business Analyst, Data Steward etc. Managing Users

    If you have the Admin role in the catalog, you can manage access to the catalog on the catalog Access control page. You add collaborators with specific roles that determine their permissions to perform actions: Managing access to a catalog

    Catalog Access Control

    Re. your comment "When Admin published an asset to the catalog, other users could not see it." - I suspect you haven't added collaborators to the catalog?

    ------------------------------
    JOHN MATTHEWS
    ------------------------------



  • 9.  RE: How to Make and Adopt Rule

    Posted 18 days ago
    hi Chris

    One other thing; though not entirely about data protection rules; this video may be of some interest to you: https://www.youtube.com/watch?v=6oMRpTgN78Y&feature=youtu.be

    You can find a short discussion re. data protection rules between minutes 4.40 & 5.30; and a short discussion on those (or similar) rules being enacted when previewing asset data in a governed catalog between minutes 9 - 9.45.

    ------------------------------
    JOHN MATTHEWS
    ------------------------------



  • 10.  RE: How to Make and Adopt Rule

    Posted 17 days ago
    Hello,

    Thank you  for your cooperation.
    I got to understand it a little.

    I tried to apply rule, but  I found that my asset did not have the space for data class.
    On the contrary, other assest in the same catalog had them.

    What makes this difference?

    Kind regards,
    Chris

    ------------------------------
    Chris
    ------------------------------



  • 11.  RE: How to Make and Adopt Rule

    Posted 17 days ago
    hi Chris

    I don't follow your last update; if its a different topic - can you open a different topic thread? Did you manage to get a data protection rule to work?

    ------------------------------
    JOHN MATTHEWS
    ------------------------------



  • 12.  RE: How to Make and Adopt Rule

    Posted 15 days ago
    Hello,

    I am afraid but I think it is not unrelated problem at all.
    As you insructed me through https://www.youtube.com/watch?v=6oMRpTgN78Y&feature=youtu.be
    , I tried to apply the rule.
    However, I found it is necessary to make a classification for data class at first to make the rule.
    (Without a classification, I cannot select data class at making rule)
    Also, i think it is necessary to adapt the classification to data class corresponded.

    Is this flow wrong?

    Regards,
    Chris

    ------------------------------
    Chris
    ------------------------------