Enabling the enforcement of data protection rules in Watson Query

You can specify whether data protection rules are enforced in Watson Query.

Important: You might experience delays of up to 10 minutes before data protection rules are enforced or before changes to the data protection rules are reflected.

Before you begin

Required role: To complete this task, you must have the Watson Query Manager role. For more information, see Watson Query roles.


To enable or disable the enforcement of data protection rules in Watson Query, complete the following steps:

  1. On the navigation menu, click Data > Data virtualization.
    The service menu opens to the Data sources page by default.
  2. On the service menu, click Settings > Service settings.
    The General page appears.
  3. On the Governance tab, enable the Enforce data protection rules for virtual objects option to enforce data protection rules on virtual data.
    This option does not impact data protection rules in catalogs. These rules continue to be enforced.

    If the option is turned off, users can query data in Watson Query without enforcing data protection rules.

  4. To improve performance, you can cache IBM Knowledge Catalog data protection rules in the Watson Query policy enforcement point (PEP) cache.
    You can configure the PEP cache settings by using the Service settings UI. By default, the PEP cache is configured with a live time of 10 seconds and a size of 2000 entries. You can use the short default live time for proofs of concept to minimize the potential delay of updates. In production environments, increase the live time to improve performance.
    1. Change the settings as appropriate.
      • Cache size is the maximum number of cached responses from the IBM Knowledge Catalog policy service.
      • Cache live time determines how long a cached response remains valid in the cache, in seconds.
      Set either value to 0 to disable the caching of data protection rules.
    2. Save your changes.
