Setting up a transformation integration

After the IBM® Knowledge Catalog - Guardium integration is working, you can integrate Guardium® query rewrite functionality with IBM Knowledge Catalog and the IBM Cloud Pak® for Data Data Privacy service to provide masking and transformation for specified data sources.

Before you begin

To integrate Guardium query rewrite with IBM Knowledge Catalog transformation, you need:
  • Cloud Pak for Data 4.6 or later with IBM Knowledge Catalog service.
    Note: IBM Knowledge Catalog works with the Cloud Pak for Data Data Privacy service to provide masking and transformation. Be sure to check the Known issues for Data Privacy (Masking flow) in the IBM Docs for Cloud Pak for Data for any issues that you might need to know about.
  • One or more users with privileges to run Cloud Pak for Data data protection rules. The users do not need to be admins.
  • Guardium Data Protection 11.5 or later.
    Important: Guardium query rewrite must be enabled on the S-TAP used for IBM Knowledge Catalog integration. For more information, see Enabling query rewrite.
  • A supported data source for which a set of user-defined functions (UDFs) is available.
  • A UDF for your data source. User-defined functions are precompiled into libraries that are suitable for each data source. For more information about the supported data sources and UDFs, see Adding User-Defined Functions (UDFs) for IBM Knowledge Catalog - Guardium integration.
  • You can include up to two conditions in your IBM Knowledge Catalog query. For more information, see Filtering rows in data protection rules (IBM Knowledge Catalog).

About this task

After the transformation integration is set up and running, you will not see anything different. However, details about the data transformations are available in Guardium reports.

From a Guardium perspective, the transformation integration takes the following steps:
  • A customer defines data protection rules in IBM Knowledge Catalog.
  • Guardium sends session and request details to IBM Knowledge Catalog for evaluation in the form of a resource key.
  • The verdict from IBM Knowledge Catalog is returned and can include a transformation specification that provides details about how to transform the query.
  • Guardium uses its query rewrite capabilities to rewrite the query in accordance with the transformation specification.
  • The altered query is forwarded to the database server by an S-TAP (or External S-TAP) and the Guardium sniffer.
  • The transformed (such as pseudonymized, redacted, or anonymized) data is returned to the database client.

Procedure

  1. Have both Guardium and IBM Knowledge Catalog installed and running.
  2. Have your data source prepared.
  3. Start the integration, as described in Starting the IBM Knowledge Catalog and Guardium Data Protection integration.
  4. Acquire and install the UDF for your data source. For more information, see Adding User-Defined Functions (UDFs) for Watson Knowledge Catalog (WKC) - Guardium integration.
  5. Create data protection rules in IBM Knowledge Catalog. You can incorporate Guardium query rewrite policy rules to provide row-level filtering. You can include up to two conditions in your IBM Knowledge Catalog query. For more information, see Filtering rows in data protection rules (IBM Knowledge Catalog).

Results

After the integration is running, you can view the results of the queries in Guardium reports. Create a custom report for the GDM_QR_LOG table.