Authorize some users and deny everyone else with policies
This scenario shows how to allow only limited people to view assets and deny everyone else.
- You have assets that contain US social security numbers (SSN) or individual taxpayer identification numbers (ITIN).
- Only authorized users should be allowed to view these assets.
- Create a policy to allow only limited people to view the assets.
- Identify the users you want to allow to view the information: userA and userZ
- Identify the data class group provided by IBM that comprises SSN and ITIN: Government Identities
- Create a rule and define the conditions:
- Select User Name to enter the users.
- Select Data Class to choose a term from the data class group list.
How to define these conditions
Complete the rule builder:
Then select Deny. To finish the rule, click Create.
- Add this rule to the policy you created.
- Click Publish to make this policy available for your environment.
Only userA and userZ can now access the data assets containing SSN or ITIN in your environment. Whenever one of the other Watson Studio users (except for userA@example.com or userZ@example.com) attempts to access a data asset that contains SSN or ITIN data in a catalog with policies enforced, this user is denied access by the system.
Open Governance > Data Dashboard to view and monitor policy activities.