Data protection rules
You create data protection rules to specify what data to control and how to control it.
Data protection rules apply to all governed catalogs and all assets within these catalogs. You must add these rules to policies to enforce them.
A data protection rule consists of criteria that specify which data to control and an action that specifies how to prevent access to that data. This diagram shows the components of data protection rules.
The criteria consists of one or more conditions. A condition consists of two or more items that describe the contents of data or identify users and that are combined by operators:
- Asset classifications
- The type of sensitive information in the asset, for example, sensitive personal information, personally identifiable information, confidential, or none.
- Data classes
- The classification of a column that categorizes the content of the data, for example, customer number, date of birth, or city.
- Data class groups
- Sets of similar data classes, for example, the Contact Details group contains all classifiers that describe addresses.
- System terms
- Categories of types of terms, for example, asset classification, data classes, asset owner, asset tags, or user name.
- Business terms
- Terms in your business glossary that replace the predefined names of asset classifications, data classes, or other business terms.
- Metadata associated with assets.
- User names or email addresses
- The name or email address of an existing user.
- The operations that are appropriate for the type of term and the position in the condition, for example, contains any, does not contain, And, and Or.
An action prevents catalog members from accessing the data specified by the conditions:
- Deny access to the entire asset. Affected users can see the entry for the asset in the catalog but cannot preview the contents of the asset or perform any actions on the asset.
- Mask the data in columns of relational data sets based on the type of content in the column. Depending on the method of data masking, data is redacted, substituted, or obfuscated with retained formatting in the asset preview. Affected users can see masked columns but the values are replaced, an icon indicates that the column is masked, and a tooltip lists the name of the policy.
You can create data protection rules while you create a policy, or separately, and later add them to one or more policies.
You must have the Admin role for the Watson Knowledge Catalog app to create rules. Other users can only view rules.
Some Watson Knowledge Catalog plans have limits on the number of rules that you can create.