Data protection rules evaluation (Watson Knowledge Catalog)
Data protection rules evaluate requests to access assets based on these elements:
- If the user who is trying to access the asset is the owner of the asset (by default, the user who created the asset), then access is always granted.
- If the asset is being classified and at the time of being evaluated for data protection there are data protection rules that depend on profiling, then only a user who has the Admin role in the catalog can access the asset. If profiling and evaluation fail to complete within 24 hours, the asset is blocked to all users except the owner of the asset.
- Data protection rules are processed in the order of their creation.
- The first data protection rule whose conditions result in a deny action blocks access to the asset and stops further data protection rule processing.
- If all data protection rules are processed and none of the data protection rule conditions result in a deny action, access to the asset is allowed.
- You can add data protection rules to policies, but doing so does not affect their processing.
- The User group condition allows you to include more than one user when you’re defining data protection rules. Use this condition when you’re denying access or masking data, such as personal identifiable information, from more than one user.