Authorize some users and deny everyone else with policies

This scenario shows how to allow only limited people to view assets and deny everyone else.

Basic assumption

  • You have assets that contain US social security numbers (SSN) or individual taxpayer identification numbers (ITIN).
  • Only authorized users should be allowed to view these assets.

Next step

  • Create a policy to allow only limited people to view the assets.
  • Identify the users you want to allow to view the information: userA and userZ
  • Identify the data class group provided by IBM that comprises SSN and ITIN: Government Identities
  • Create a rule and define the conditions:
    • Select User Name to enter the users.
    • Select Data Class to choose a term from the data class group list.

How to define these conditions

Complete the rule builder:

If User name does not contain [email protected] [email protected]


Data Class contains Government Identities

Then select Deny. To finish the rule, click Create.

Final steps

  1. Add this rule to the policy you created.
  2. Click Publish to make this policy available for your environment.

Only userA and userZ can now access the data assets containing SSN or ITIN in your environment. Whenever one of the other Watson Studio users (except for [email protected] or [email protected]) attempts to access a data asset that contains SSN or ITIN data in a catalog with policies enforced, this user is denied access by the system.

Open Governance > Data Dashboard to view and monitor policy activities.

Learn more