Protecting access to data is a critical requirement for many enterprises. To ensure that
your data is protected from unauthorized access, IBM®
watsonx.data allows admin to enforce access controls
for data. A user with admin privileges on the data can create access policies to define, extend,
limit, and deny access, by using the data security solution that is provided by watsonx.data.
watsonx.data on IBM Software
Hub
watsonx.data Developer
edition
About this task
To maintain data security, you can create access policies for schemas, tables, and columns by
permitting actions to individual users or group of users.
Ensure that you have Admin access to the catalog, storage, or service. For more information, see
Infrastructure
access.
Note: Ensure to add the users and user groups to the installation before you begin creating a
policy. For more information, see
Managing
users.
Procedure
- Access the instances page, locate the watsonx.data instance and click the overflow menu to
open the watsonx.data console.
- From the navigation menu, select Access control.
- Go to the Policies tab and click Add
policy. The Create access control policy page opens.
- In the Create access control policy page, provide the following
details to add a new policy.
- In the Details page, enter the following details and click
Next:
Field |
Description |
Policy name |
Enter a name. |
Policy description (Optional) |
Give a brief description. |
Policy status after creation |
Set the status to activate the policy at the time of creation or later. |
- In the Data objects page, select a resource from the drop-down
list.
You can select one of the following categories:
- Eligible catalogs
-
- Select a catalog.
- Choose one, more than one, or all schemas.
Note:
- If you choose a single schema, you can select one, more than one, or all tables.
- If you choose more than one schema, you cannot select any tables. The policy applies to all
tables within the schemas.
- Choose one, more than one, or all tables.
Note:
- If you choose a single table, you can select one, more than one, or all columns.
- If you choose more than one table, you cannot select any columns. The policy applies to all
columns of the tables.
- Storages
-
- Select a storage.
- Choose an object. Choose Regular Expression to enter the object path
manually or Explore object path to search and select the object.
- Eligible services
-
- Select a service.
Note: Currently, Milvus is the only service available. You can define policies
to a Milvus service directly without selecting any databases. Select the service and proceed with
step 7.
- Choose one, more than one, or all databases.
- Choose one, more than one, or all collections.
Note:
- If you choose a single database, you can select one, more than one, or all collections.
- If you choose more than one database, you cannot select any collections. The policy applies to
all collections in the selected databases.
- Click Next to add rules.
- In the Rules page:
- Click Add rule to go to the Add rule
page.
- Select the rule type Allow or
Deny.
- Select the actions on the data objects. The list of actions depend on the data object
chosen in the earlier page. You can select one or more actions.
- In the Authorized users and groups section, click
Add. The Add users and groups to rule page
opens.
- Search and select one or more users or user groups to add to the rule. Ensure to add
the users and user groups to the installation. For more information, see Managing users.
- Click Add. The added users and user groups appear under the
Authorized users and groups section.
- Click Add. The added rule appears in the
Rules page.
- You can add more rules or click Review. The
Summary page opens.
- In the Summary page:
- You can review the policy.
- Click Back to go to the previous page.
- Click Cancel to cancel the process.
- Or click Create to create the policy.