Setting up a transformation integration
After the IBM® Knowledge Catalog - Guardium integration is working, you can integrate Guardium® query rewrite functionality with IBM Knowledge Catalog and the IBM Cloud Pak® for Data Data Privacy service to provide masking and transformation for specified data sources.
Before you begin
To integrate Guardium query
rewrite with IBM Knowledge Catalog transformation,
you need:
- Cloud Pak for
Data 4.6 or
later with IBM Knowledge Catalog
service.Note: IBM Knowledge Catalog works with the Cloud Pak for Data Data Privacy service to provide masking and transformation. Be sure to check the Known issues for Data Privacy (Masking flow) in the IBM Docs for Cloud Pak for Data for any issues that you might need to know about.
- One or more users with privileges to run Cloud Pak for Data data protection rules. The users do not need to be admins.
- Guardium Data
Protection 11.5 or
later.Important: Guardium query rewrite must be enabled on the S-TAP used for IBM Knowledge Catalog integration. For more information, see Enabling query rewrite.
- A supported data source for which a set of user-defined functions (UDFs) is available.
- A UDF for your data source. User-defined functions are precompiled into libraries that are suitable for each data source. For more information about the supported data sources and UDFs, see Adding User-Defined Functions (UDFs) for IBM Knowledge Catalog - Guardium integration.
- You can include up to two conditions in your IBM Knowledge Catalog query. For more information, see Filtering rows in data protection rules (IBM Knowledge Catalog).
About this task
After the transformation integration is set up and running, you will not see anything different. However, details about the data transformations are available in Guardium reports.
From a Guardium
perspective, the transformation integration takes the following steps:
- A customer defines data protection rules in IBM Knowledge Catalog.
- Guardium sends session and request details to IBM Knowledge Catalog for evaluation in the form of a resource key.
- The verdict from IBM Knowledge Catalog is returned and can include a transformation specification that provides details about how to transform the query.
- Guardium uses its query rewrite capabilities to rewrite the query in accordance with the transformation specification.
- The altered query is forwarded to the database server by an S-TAP (or External S-TAP) and the Guardium sniffer.
- The transformed (such as pseudonymized, redacted, or anonymized) data is returned to the database client.
Procedure
- Have both Guardium and IBM Knowledge Catalog installed and running.
- Have your data source prepared.
- Start the integration, as described in Starting the IBM Knowledge Catalog and Guardium Data Protection integration.
- Acquire and install the UDF for your data source. For more information, see Adding User-Defined Functions (UDFs) for Watson Knowledge Catalog (WKC) - Guardium integration.
- Create data protection rules in IBM Knowledge Catalog. You can incorporate Guardium query rewrite policy rules to provide row-level filtering. You can include up to two conditions in your IBM Knowledge Catalog query. For more information, see Filtering rows in data protection rules (IBM Knowledge Catalog).
Results
GDM_QR_LOG
table.