Authorize some users and deny everyone else with data policies

This scenario shows how to allow only limited people to view assets and deny everyone else.

Basic assumption

  • You have assets that contain US social security numbers (SSN) or individual taxpayer identification numbers (ITIN).
  • Only authorized users should be allowed to view these assets.

Next step

  • Create a policy to allow only limited people to view the assets.
  • Identify the users you want to allow to view the information: userA and userZ
  • Identify the classifier group provided by IBM that comprises SSN and ITIN: Government Identities
  • Create a rule and define the conditions:
    • Select User Name to enter the users.
    • Select Attribute Inferred Classification to choose a term from the classifier group list.

How to define these conditions


Complete the rule builder:

IF **User Name**
DOES NOT CONTAIN
userA@example.com
AND
**User Name**
DOES NOT CONTAIN
userZ@example.com
AND
**Attribute Inferred Classification**
CONTAINS
**Government Identities**
THEN **Deny**

To finish the rule, click Create.

Final steps

  1. Add this rule to the policy you created.
  2. Click Publish to make this policy available for your environment.

Only userA and userZ can now access the data assets containing SSN or ITIN in your environment. Whenever one of the other Watson Studio users (except for userA@example.com or userZ@example.com) attempts to access a data asset that contains SSN or ITIN data in a catalog with data policies enforced, this user is denied access by the system.

Open Catalog > Data Dashboard to view and monitor data policy activities.

Learn more