Integrating with IBM Knowledge Catalog

Integrating IBM® watsonx.data with IBM Knowledge Catalog provides self-service access to data assets for knowledge workers who need to use the data assets to gain insights.

When integrating IBM Knowledge Catalog with IBM watsonx.data, you can configure data protection rules for individual rows in a table, allowing users to access a subset of rows in a table. For more information, see Filtering rows.

watsonx.data on IBM Software Hub

Before you begin

The IBM Knowledge Catalog integration governs all data in the Presto catalogs that are configured in the Infrastructure manager. Import all data assets into the governed catalog before setting up the integration in Infrastructure manager.
Note: You can define IKC governance policies for Presto (C++), and Presto (Java) engines.

After integration, you cannot import new data assets into the governed catalogs because watsonx.data doesn't allow accessing ungoverned data.

You can only integrate with one of the following policy engines starting with watsonx.data version 2.1.
  • Apache Ranger
  • IBM Knowledge Catalog
To do that, the watsonx.data instance administrator must select either Apache Ranger or IKC from the watsonx.data UI after the upgrade.
If you disable the integration, the data protection rules cannot protect the data. Consider the following workaround options to mitigate the security risks when integration is disabled:
  • Stop the applications that are connected to watsonx.data temporarily. If you are an administrator, monitor the Presto Query dashboard to make sure that others are not using the system.
  • If you are a data steward, you can create rules to deny access for others. For more information, see the data protection rules and setup rules to deny access.
  • You can temporarily disable the Presto external route. For more information, see Exposing secure route to Presto server.
  • You can define the built-in data policies to prevent others from accessing the data. For more information, see Data policy.
Note: IBM Knowledge Catalog - watsonx.data integration supports the following connectors for governance.
  • Hive
  • Iceberg
  • Hudi
  • Delta Lake
  • Oracle
  • Postgresql
  • Mysql
  • SQL server
  • Db2
  • MongoDB
  • Teradata
Supported datatypes

watsonx.data IKC integration supports the following datatypes:

  • Varchar
  • Bigint
  • Boolean
  • Date
  • Double
  • Integer
  • Smallint
  • Timestamp
  • Tinyint
  • Decimal
  • Char
  • Real
  • Time
  • Varbinary
-

About this task

IBM Knowledge Catalog provides a secure enterprise catalog management platform that is supported by a data governance framework. A catalog connects people to the data and knowledge that they need.

A catalog is how you share assets across your enterprise:

  • Collaborators in a catalog have access to data assets without needing separate credentials or being able to see the credentials.
  • An asset in a catalog consists of metadata about data, including how to access the data, the data format, the classification of the asset, which collaborators can access the data and other types of metadata that describe the data
Important: watsonx.data supports adding assets by using watsonx.data connector only. Assets that are brought into Cloud Pak for Data by using Presto connector are governed in Cloud Pak for Data, but not in watsonx.data.

Procedure

To integrate watsonx.data with IBM Knowledge Catalog, complete the following steps:

  1. Log in to watsonx.data console.
  2. From the navigation menu, select Access control.
  3. Click the Integrations tab.
  4. Click Integrate service. The Integrate service window opens.
  5. In the Integrate service window, provide the following details:
    Field Description
    Service Select the service (Knowledge Catalog) to be integrated.
    Storage catalogs Select the storage catalogs for Knowledge Catalog governance.
    IKC endpoint Specify the Knowledge Catalog endpoint URL. For example, https://<instance>.ibm.com
    API key Specify the Zen API key. For more information, see Generating an API authorization token.
    Port is SSL enabled Use the toggle switch to enable or disable SSL connection. Enabling the SSL connection ensures secure connection. If enabled,

    i. The Upload SSL certificate (.pem, .crt, .cert, or .cer) link is enabled.

    ii. Click the Upload SSL certificate (.pem, .crt, .cert, or .cer) link.

    iii. Browse the SSL certificate and upload.

    From the cluster where IKC is installed, you can retrieve the certificate using the following steps:

    1. Click on Not Secure in the address bar.
    2. Select Certificate details from the drop-down.
    3. Switch from the General tab to the Details tab.
    4. Click on Export to save the certificate.
    Connection status Click the Test connection link to test the Knowledge Catalog connection. If the Knowledge Catalog connection is successful, a success message appears.
  6. Click Integrate.
    The service is integrated and listed in the Access Control page.
    Note: You can transform or mask data in watsonx.data based on the data protection rules that are defined in the IBM Knowledge Catalog.
    Note: Integrating watsonx.data with IBM Knowledge Catalog is not supported in version 1.1.1.