Allowing and denying access to data in Data Virtualization

Last updated: Mar 17, 2025

With the default data access convention setting in IBM Knowledge Catalog, you can choose whether data is unlocked or locked by default in Data Virtualization and whether you write rules to deny or allow access to data.

The default data access convention setting determines whether you write deny of access rules, or allow access rules. Locked convention, or deny of access, prevents users from accessing all the data of a Data Virtualization asset. You write rules to give users access to specific data. Unlocked convention, or allow access, gives users access to all the data of a Data Virtualization asset. You write rules to deny users access to specific data.

By default, the data access convention is unlocked. Unless you change the setting to locked, users can access all data assets until you write rules that deny access.

Note:

The Data Virtualization native Db2 authorizations (GRANTs) continue to be enforced, regardless of the default data access convention settings. For more information, see Managing access to virtual objects in Data Virtualization.

Objects that are not published to a governed catalog are subject to the selected default data access convention setting of the rule settings in IBM Knowledge Catalog. Unless you change the setting to locked, or write rules to deny access, users can access all data assets that are not published to governed catalogs. In the locked convention, only object owners are allowed to query unpublished data.

For more information about changing the default settings, see Managing rule settings (IBM Knowledge Catalog).

Was the topic helpful?

0/1000