Adding User-Defined Functions (UDFs) for IBM Knowledge Catalog - Guardium integration

Created by Miriam Lezak on Mon, 10/03/2022 - 16:42
Published URL:

How To


You can integrate your Guardium® Data Protection with IBM Knowledge Catalog (IKC) to help ensure that data assets that are protected by IBM Knowledge Catalog Data Protection Rules are also extended at the data level using Guardium® Data Protection Query-rewrite (QRW) capability.

With the addition of data source-specific user-defined functions (UDFs), you can create IBM Knowledge Catalog data protection rules (such as masking or redacting sensitive information) that use Guardium query rewrite policies behind the scenes. This added level of protection and masking can be useful if your site manages data in both Guardium and IBM Cloud Pak® for Data. In addition, if you have very large amounts of data, using Guardium® to manage the data protection policies can be much faster.


To use IBM Knowledge Catalog policies for masking (query rewrite), you need to install a set of data source-specific user-defined functions (UDFs). The UDFs must be available to any user who runs the policies.  The UDFs for each data source are unique. This document describes the available user-defined functions and links to documentation on how to retrieve, unpack, install, grant privileges, and test the UDFs that are available for each data source.
Note: Guardium will continue to add UDFs for data sources. If you need to use the Guardium - IBM Knowledge Catalog integration for a specific data source, keep checking back.


Cloud Pak for Data with IBM Knowledge Catalog and Guardium Data Protection are required.
Cloud Pak for Data validated version Guardium patch version Sniffer patch version
Cloud Pak for Data 4.6.5 and 4.7.1 with DPS 3.5.1280 12.0 n/a

(included with 12.0 release)
Cloud Pak for Data 4.7.1 with DPS 3.5.1280 11.5 p530. p4070
Cloud Pak for Data 4.6.5 with DPS 3.5.1280
11.5 p530 required for
row-level filtering for Hive, MS SQL Server, and MySQL.
Cloud Pak for Data 4.6.5 with DPS 3.5.1280
11.5 p525 required for row-level filtering for Oracle and PostgreSQL.
Cloud Pak for Data 4.6.5 with DPS 3.5.1280
11.5 p525 required for:
  • Column alias feature
  • Row-level filtering  for Teradata
Cloud Pak for Data 4.6.3 and later 11.5 p520 p4055
Cloud Pak for Data 4.6.0 and later 11.5 p510 p4054

Minimum requirements for each data source, including patch numbers, are documented for the specific UDF.


The user-defined functions are available from Fix Central.

Guardium provides user-defined functions for the following data sources. For each set of UDFs that you need, download the UDF and read the Guardium WKC - UDF Installation Guides for information about how to download, install, and test the UDF for your data source.
User-defined functions for Guardium - WKC policies
Data source Version Environment Minimum appliance and sniffer patch # UDF download
Hive Cloudera Data Platform 7.1.7 SP2 Any operating system that  supports Cloudera Data Platform 7.1.7 and Hive.
App: 11.0p510
Sniffer: 11.0p4054
Microsoft SQL Server

SQL Server 2014 or 2016

  •  Windows Server 2016, 2019 or 2022
  •  SQL Server Management Studio
 App: 11.0p520
Sniffer: 11.0p4055
MySQL MySQL database server: 5.5, 5.6, 5.7, 8 RHEL 7.x, RHEL 8.x
App: 11.0p510
Sniffer: 11.0p4054
Oracle Oracle 12, 18c, 19c RHEL 7.x, RHEL 8.x, Solaris 11
App: 11.0p510
Sniffer: 11.0p4054
PostgreSQL PostgreSQL 11, 12, 13, 14 RHEL 8.x
 App: 11.0p520
Sniffer: 11.0p4055
Teradata Teradata 17 SUSE Linux 12.3
App: 11.0p510
Sniffer: 11.0p4054

Additional Information

Internal Use Only

12/21/22 -- Published!
12/21/22 -- Removed the Teradata Classic UDF from the Installation Guide.
2/1/23 -- Added Appliance and Snif patch #s to UDF table.
3/31/23 -- Updated with MS SQL Server and PostgreSQL
4/5/2023 - Updated to add CPD release information.
4/6/23 - Updated PostgreSQL uninstall script name per GRD-69899
6/12/23 - Updated to add new versions for CPD (4.6.5), and patches for new features.
9/21/23 - Updates per GRD-75079 by Matt.
9/25/23 - Typo repair.
10/23/23 - Updates to prepare for updated UDFs -- Fixed the links to Cloud Pak for Data docs.
10/25/23 - Turns out that Hive does support Row Level Filtering.
11/27/23 Watson Knowledge Catalog is now IBM Knowledge Catalog (or will be shortly).  Updated to reflect the change.
12/18/23 Updated validated versions to include CPD 4.7.1.

Document Location


[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000Gp0OAAS","label":"POLICY"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.5.0;12.0.0"}]

Document Information

Modified date:
18 December 2023