Data policy

Protecting access to data is a critical requirement for many enterprises. To ensure that your data is protected from unauthorized access, IBM® watsonx.data allows admin to enforce access controls for data. A user with admin privileges on the data can create access policies to define, extend, limit, and deny access, by using the data security solution that is provided by watsonx.data.

watsonx.data on IBM Software Hub

watsonx.data Developer edition

About this task

To maintain data security, you can create access policies for schemas, tables, and columns by permitting actions to individual users or group of users.

Ensure that you have Admin access to the catalog, storage, or service. For more information, see Infrastructure access.

Note: Ensure to add the users and user groups to the installation before you begin creating a policy. For more information, see Managing users.

Procedure

  1. Access the instances page, locate the watsonx.data instance and click the overflow menu to open the watsonx.data console.
  2. From the navigation menu, select Access control.
  3. Go to the Policies tab and click Add policy. The Create access control policy page opens.
  4. In the Create access control policy page, provide the following details to add a new policy.
  5. In the Details page, enter the following details and click Next:
    Field Description
    Policy name Enter a name.
    Policy description (Optional) Give a brief description.
    Policy status after creation Set the status to activate the policy at the time of creation or later.
  6. In the Data objects page, select a resource from the drop-down list.
    You can select one of the following categories:
    Eligible catalogs
    1. Select a catalog.
    2. Choose one, more than one, or all schemas.
      Note:
      • If you choose a single schema, you can select one, more than one, or all tables.
      • If you choose more than one schema, you cannot select any tables. The policy applies to all tables within the schemas.
    3. Choose one, more than one, or all tables.
      Note:
      • If you choose a single table, you can select one, more than one, or all columns.
      • If you choose more than one table, you cannot select any columns. The policy applies to all columns of the tables.
    Storages
    1. Select a storage.
    2. Choose an object. Choose Regular Expression to enter the object path manually or Explore object path to search and select the object.
    Eligible services
    1. Select a service.
      Note: Currently, Milvus is the only service available. You can define policies to a Milvus service directly without selecting any databases. Select the service and proceed with step 7.
    2. Choose one, more than one, or all databases.
    3. Choose one, more than one, or all collections.
      Note:
      • If you choose a single database, you can select one, more than one, or all collections.
      • If you choose more than one database, you cannot select any collections. The policy applies to all collections in the selected databases.
  7. Click Next to add rules.
  8. In the Rules page:
    1. Click Add rule to go to the Add rule page.
    2. Select the rule type Allow or Deny.
    3. Select the actions on the data objects. The list of actions depend on the data object chosen in the earlier page. You can select one or more actions.
    4. In the Authorized users and groups section, click Add. The Add users and groups to rule page opens.
    5. Search and select one or more users or user groups to add to the rule. Ensure to add the users and user groups to the installation. For more information, see Managing users.
    6. Click Add. The added users and user groups appear under the Authorized users and groups section.
    7. Click Add. The added rule appears in the Rules page.
    8. You can add more rules or click Review. The Summary page opens.
  9. In the Summary page:
    1. You can review the policy.
    2. Click Back to go to the previous page.
    3. Click Cancel to cancel the process.
    4. Or click Create to create the policy.