How To
Summary
You can integrate your Guardium® Data Protection with IBM Knowledge Catalog (IKC) to help ensure that data assets that are protected by IBM Knowledge Catalog Data Protection Rules are also extended at the data level using Guardium® Data Protection Query-rewrite (QRW) capability.
With the addition of data source-specific user-defined functions (UDFs), you can create IBM Knowledge Catalog data protection rules (such as masking or redacting sensitive information) that use Guardium query rewrite policies behind the scenes. This added level of protection and masking can be useful if your site manages data in both Guardium and IBM Cloud Pak® for Data. In addition, if you have very large amounts of data, using Guardium® to manage the data protection policies can be much faster.
Objective
To use IBM Knowledge Catalog policies for masking (query rewrite), you need to install a set of data source-specific user-defined functions (UDFs). The UDFs must be available to any user who runs the policies. The UDFs for each data source are unique. This document describes the available user-defined functions and links to documentation on how to retrieve, unpack, install, grant privileges, and test the UDFs that are available for each data source.
Note: Guardium will continue to add UDFs for data sources. If you need to use the Guardium - IBM Knowledge Catalog integration for a specific data source, keep checking back.
Environment
Cloud Pak for Data with IBM Knowledge Catalog and Guardium Data Protection are required.
| Cloud Pak for Data validated version | Guardium patch version | Sniffer patch version |
|---|---|---|
| Cloud Pak for Data 4.6.5 and 4.7.1 with DPS 3.5.1280 | 12.0 | n/a (included with 12.0 release) |
| Cloud Pak for Data 4.7.1 with DPS 3.5.1280 | 11.5 p530. | p4070 |
|
Cloud Pak for Data 4.6.5 with DPS 3.5.1280
|
11.5 p530 required for
row-level filtering for Hive, MS SQL Server, and MySQL.
|
p4070 |
|
Cloud Pak for Data 4.6.5 with DPS 3.5.1280
|
11.5 p525 required for row-level filtering for Oracle and PostgreSQL.
|
p4067 |
| Cloud Pak for Data 4.6.5 with DPS 3.5.1280 |
11.5 p525 required for:
|
p4062 |
| Cloud Pak for Data 4.6.3 and later | 11.5 p520 | p4055 |
| Cloud Pak for Data 4.6.0 and later | 11.5 p510 | p4054 |
Minimum requirements for each data source, including patch numbers, are documented for the specific UDF.
Steps
The user-defined functions are available from Fix Central.
Guardium provides user-defined functions for the following data sources. For each set of UDFs that you need, download the UDF and read the Guardium WKC - UDF Installation Guides for information about how to download, install, and test the UDF for your data source.
| Data source | Version | Environment | Minimum appliance and sniffer patch # | UDF download |
|---|---|---|---|---|
| Hive | Cloudera Data Platform 7.1.7 SP2 | Any operating system that supports Cloudera Data Platform 7.1.7 and Hive. |
App: 11.0p510
Sniffer: 11.0p4054
|
UDF |
| Microsoft SQL Server |
SQL Server 2014 or 2016 |
|
App: 11.0p520
Sniffer: 11.0p4055
|
UDF |
| MySQL | 5.5, 5.6, 5.7, 8 |
App: 11.0p510
Sniffer: 11.0p4054
|
UDF | |
| Oracle | , Solaris 11 |
App: 11.0p510
Sniffer: 11.0p4054
|
UDF | |
| PostgreSQL | PostgreSQL 11, 12, 13, 14 | RHEL 8.x |
App: 11.0p520
Sniffer: 11.0p4055
|
UDF |
| Teradata |
App: 11.0p510
Sniffer: 11.0p4054
|
UDF |
Additional Information
- As of Cloud Pak for Data 4.8, Watson Knowledge Catalog is now IBM Knowledge Catalog.
- With Guardium 12.0 and Guardium 11.5 with the appropriate patches, row-level filtering is available for all data sources.
- Be sure to check for Prerequisites and known issues before you upgrade.
- For more information about the Guardium - IBM Knowledge Catalog integration, see Integrating with IBM Knowledge Catalog for federated data protection.
- For more information about creating masking policies with IBM Knowledge Catalog, see Designing data protection rules (IBM Knowledge Catalog) and Mask data with data protection rules (IBM Knowledge Catalog).
- For more information about installing user-defined functions for your data source, see the Guardium WKC - UDF Installation Guides
Internal Use Only
12/21/22 -- Published!
12/21/22 -- Removed the Teradata Classic UDF from the Installation Guide.
2/1/23 -- Added Appliance and Snif patch #s to UDF table.
3/31/23 -- Updated with MS SQL Server and PostgreSQL
4/5/2023 - Updated to add CPD release information.
4/6/23 - Updated PostgreSQL uninstall script name per GRD-69899
6/12/23 - Updated to add new versions for CPD (4.6.5), and patches for new features.
9/21/23 - Updates per GRD-75079 by Matt.
9/25/23 - Typo repair.
10/23/23 - Updates to prepare for updated UDFs -- Fixed the links to Cloud Pak for Data docs.
10/25/23 - Turns out that Hive does support Row Level Filtering.
11/27/23 Watson Knowledge Catalog is now IBM Knowledge Catalog (or will be shortly). Updated to reflect the change.
12/18/23 Updated validated versions to include CPD 4.7.1.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000Gp0OAAS","label":"POLICY"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.5.0;12.0.0"}]
Was this topic helpful?
Document Information
Modified date:
18 December 2023
UID
ibm16826047