Data governance and privacy Tutorial: Protect your data

Take this tutorial to protect your data with the Data governance and privacy use case of the data fabric trial. Your goal is to control access to data across services in the data fabric.

The following animated image provides a quick preview of what you’ll accomplish by the end of this tutorial where you will create data protection rules to deny access to confidential information and mask personal information. Right-click the image and open it in a new tab to view a larger image.

The story for the tutorial is that Golden Bank has several departments that need access to high-quality customer mortgage data. As a Data Steward on the governance team, you will create data protection rules to protect confidential mortgage data.

In this tutorial, you will complete these tasks:

1. Create a data protection rule to deny access.
2. Create a data protection rule to mask data.

If you need help with this tutorial, ask a question or find an answer in the Cloud Pak for Data Community discussion forum.

Preview the tutorial

Watch this video to preview the steps in this tutorial. There might be slight differences in the user interface shown in the video. The video is intended to be a companion to the written tutorial.

This video provides a visual method as an alternative to following the written steps in this documentation.

Prerequisites

Complete the Trust your data tutorial

Complete the Trust your data tutorial to import and enrich data assets and publish them to a catalog.

Task 1: Create a data protection rule to deny access

A data protection rule controls access to a data asset. You can either mask data in the data asset or deny access to the data asset. Follow these steps to create a data protection rule to deny access to confidential information in some of the mortgage data assets:

1. From the Cloud Pak for Data navigation menu , choose Catalogs > All catalogs.

2. Open the Mortgage Approval Catalog.

3. Click the CREDIT_SCORE data asset. Notice that it contains the confidential tag. You will create a rule to deny access to this data asset.

4. From the Cloud Pak for Data navigation menu , choose Governance > Rules.

5. Click Add rule > New rule.

6. Select Data protection rule.

7. Click Next.

8. For the Name, type:

   Confidential Information
   

9. For the Business definition, type:

   Rule to prevent unauthorized users from accessing data assets that have been tagged as confidential
   

10. For Condition 1, select the following options.

    1. Select Tag.

    2. Select contains any.

    3. Type the tag name, confidential.

11. For the Action, select deny access to data.

12. Click Cancel to avoid interfering with your company's existing data protection rule. The rule would deny access for anyone trying to access data assets that are tagged as “Confidential”. The rule would apply in the Catalog Preview, Catalog Download, Data Refinery, and Project Asset preview. The rule doesn’t apply to the person who created the rule or added an asset to a catalog.

13. Watch the video at 02:20 to see what other users see trying to access the CREDIT_SCORE data asset.

Check your progress

The following image shows the data protection rule to deny access. This rule takes effect immediately.

The following image shows what the user sees when this rule is in effect. In this case, the user is denied access to the asset.

Task 2: Create a data protection rule to mask data

Some of the mortgage data assets include personal identifiable information, which you need to protect, but the rest of the columns contains valuable information that is beneficial to a broader audience. That is where data masking comes in handy. Follow these steps to create a data protection rule that masks data assets containing columns with a US Social Security Number:

1. From the Cloud Pak for Data navigation menu , choose Catalogs > All catalogs.

2. Click Mortgage Approval Catalog.

3. In the catalog, click the MORTGAGE_APPLICANTS_TRUST data asset.

4. Click the Asset tab to preview the data. Notice that one of the columns contains Social Security Numbers.

5. Click the View icon for the Social Security Number column. Notice that this column was auto-assigned the Social Security Number business term. You will create a rule to mask this column.

6. Click Close to return to the asset preview.

7. From the Cloud Pak for Data navigation menu , choose Governance > Rules.

8. Click Add rule > New rule.

9. Select Data protection rule.

10. Click Next.

11. For the Name, type:

    Redact Social Security Number
    

12. For the Business definition, type:

    Rule to redact Social Security Number
    

13. For Condition 1, select the following options:

    1. Select Business term.

    2. Select contains any.

    3. Start typing social, and then select Social Security Number.

14. For the Action, select mask data. Business term and Social Security Number are filled in for you.

15. For the masking options, select Redact. This option replaces the data with Xs. You can hover over each masking option to see an example of masked data with the selected option.

16. Click Cancel to avoid interfering with your company's existing data protection rule. The rule would redact columns with US Social Security Numbers in data assets.

17. Watch the video at 03:49 to see what other users see accessing the MORTGAGE_APPLICANTS data asset.

Check your progress

The following image shows the data protection rule to mask data. This rule takes effect immediately.

The following image shows what the user sees when this rule is in effect. In this case, the Social Security Number column is masked using the redact method.

As a Data Steward on the governance team, you learned how to create data protection rules to protect confidential mortgage data.

Next steps

You are now ready to know your data by evaluating, sharing, shaping, and analyzing data in the data fabric. See the Know your data tutorial.

Learn more

• Trust your data

• Know your data

• Catalogs

• Governance

Parent topic: Data fabric tutorials