Adding column masking policy

Add a column masking policy to restrict users from accessing sensitive data. Users can view data only in masked format.

watsonx.data on IBM Software Hub

Before you begin

IBM® watsonx.data instance.
Apache Ranger is provisioned.
Enable the Apache Ranger policy in watsonx.data. For more information, see Enabling Apache Ranger policy for resources.

Complete the following steps.
1. Log in to Apache Ranger by using the username and password.
2. Go to Service Manager > service_name policies page to add a masking policy.
3. In the Policy Details section, provide the policy details like name, description.
4. In the Resources section, select the catalog, schema, table, and column for which the policy is applicable.
5. In the Masking Conditions section, select the user (example, User1), set the Permissions to Select, set the Select Masking Option to Custom and enter the masked value as xxx.
6. Click Save.
Complete the following steps to verify access control:
1. Log in to watsonx.data instance as User1.
2. From the navigation menu, click Query workspace.
3. Run a simple query to access the table again, now User1 view see the sensitive data in masked format (xxx) in the target column in the result.