Creating rules for policies
Rules control access to assets. Rules are based on criteria, conditions, and an action you define. They use predefined terms in expressions to define conditions. These terms can be defined and managed in the business glossary.
You can define rules, separately, and later add them to policies. They are processed when these policies are enforced.
Some Watson Knowledge Catalog plans have limits on the number of rules that you can create.
To work on rules you must be assigned the Admin role for the Watson Knowledge Catalog service.
You can create a rule when defining or editing a policy, or by selecting Governance > Policy Manager, then:
- Click Add > Rule to create a rule.
- Enter the required information:
- The preselected policy type Access indicates that the purpose of this rule is to control the users’ access to data.
- The business definition is a simple description of what this rule does in plain language that is easy to understand. Include standard words and terms to make it easy to search for this rule.
- You can assign a business term to a rule and add this rule to various policies.
To get an overview of which assets, policies, and rules are associated with a specific business term, open the Business Glossary, select the business term, and click Related content.
- Define the conditions in the rule builder:
The first term in a rule condition specifies an asset or user property. It can be one of the following:
- The operators of this condition depend on your selection for the first term. The operators must be the same within a condition as well as between condition blocks.
- Depending on the first term of this condition, the second term can be one of the following:
- If there are values listed, choose a value from the list.
- Otherwise, enter one or more values, such as tags, user IDs, or names:
- To enter a name or user ID, start typing the name or email address of a user in your IBM Cloud account and choose the account user from the selection list. Press Enter to add more values if applicable.
- To enter several tags manually, separate these tags with a comma.
- Specify the next conditions, if required:
- Click the plus-sign icon to specify additional conditions.
- Click the minus-sign icon to remove the specified conditions.
- Select the action to take when the specified conditions are met:
- Deny access to the asset
- Masking data
- Click Create.
Note: You can’t delete existing rules.