Adding User-Defined Functions (UDFs) for IBM Knowledge Catalog - Guardium integration

Created by Miriam Lezak on Mon, 10/03/2022 - 16:42
Published URL:
https://www.ibm.com/support/pages/node/6826047
6826047

How To


Summary

You can integrate your Guardium® Data Protection with IBM Knowledge Catalog (IKC) to help ensure that data assets that are protected by IBM Knowledge Catalog Data Protection Rules are also extended at the data level using Guardium® Data Protection Query-rewrite (QRW) capability.

With the addition of data source-specific user-defined functions (UDFs), you can create IBM Knowledge Catalog data protection rules (such as masking or redacting sensitive information) that use Guardium query rewrite policies behind the scenes. This added level of protection and masking can be useful if your site manages data in both Guardium and IBM Cloud Pak® for Data. In addition, if you have very large amounts of data, using Guardium® to manage the data protection policies can be much faster.

Objective

To use IBM Knowledge Catalog policies for masking (query rewrite), you need to install a set of data source-specific user-defined functions (UDFs). The UDFs must be available to any user who runs the policies.  The UDFs for each data source are unique. This document describes the available user-defined functions and links to documentation on how to retrieve, unpack, install, grant privileges, and test the UDFs that are available for each data source.
Note: Guardium will continue to add UDFs for data sources. If you need to use the Guardium - IBM Knowledge Catalog integration for a specific data source, keep checking back.

Environment

Cloud Pak for Data with IBM Knowledge Catalog and Guardium Data Protection are required.
 
Cloud Pak for Data validated version Guardium patch version Sniffer patch version
Cloud Pak for Data 4.6.5 and 4.7.1 with DPS 3.5.1280 12.0 n/a

(included with 12.0 release)
Cloud Pak for Data 4.7.1 with DPS 3.5.1280 11.5 p530. p4070
Cloud Pak for Data 4.6.5 with DPS 3.5.1280
11.5 p530 required for
row-level filtering for Hive, MS SQL Server, and MySQL.
p4070
Cloud Pak for Data 4.6.5 with DPS 3.5.1280
11.5 p525 required for row-level filtering for Oracle and PostgreSQL.
p4067
Cloud Pak for Data 4.6.5 with DPS 3.5.1280
11.5 p525 required for:
  • Column alias feature
  • Row-level filtering  for Teradata
p4062
Cloud Pak for Data 4.6.3 and later 11.5 p520 p4055
Cloud Pak for Data 4.6.0 and later 11.5 p510 p4054

 
Minimum requirements for each data source, including patch numbers, are documented for the specific UDF.

Steps

The user-defined functions are available from Fix Central.

Guardium provides user-defined functions for the following data sources. For each set of UDFs that you need, download the UDF and read the Guardium WKC - UDF Installation Guides for information about how to download, install, and test the UDF for your data source.
User-defined functions for Guardium - WKC policies
Data source Version Environment Minimum appliance and sniffer patch # UDF download
Hive Cloudera Data Platform 7.1.7 SP2 Any operating system that  supports Cloudera Data Platform 7.1.7 and Hive.
App: 11.0p510
Sniffer: 11.0p4054
UDF
Microsoft SQL Server

SQL Server 2014 or 2016

  •  Windows Server 2016, 2019 or 2022
  •  SQL Server Management Studio
 App: 11.0p520
Sniffer: 11.0p4055
UDF
MySQL MySQL database server: 5.5, 5.6, 5.7, 8 RHEL 7.x, RHEL 8.x
App: 11.0p510
Sniffer: 11.0p4054
UDF
Oracle Oracle 12, 18c, 19c RHEL 7.x, RHEL 8.x, Solaris 11
App: 11.0p510
Sniffer: 11.0p4054
UDF
PostgreSQL PostgreSQL 11, 12, 13, 14 RHEL 8.x
 App: 11.0p520
Sniffer: 11.0p4055
UDF
Teradata Teradata 17 SUSE Linux 12.3
App: 11.0p510
Sniffer: 11.0p4054
UDF

Additional Information

Internal Use Only

12/21/22 -- Published!
12/21/22 -- Removed the Teradata Classic UDF from the Installation Guide.
2/1/23 -- Added Appliance and Snif patch #s to UDF table.
3/31/23 -- Updated with MS SQL Server and PostgreSQL
4/5/2023 - Updated to add CPD release information.
4/6/23 - Updated PostgreSQL uninstall script name per GRD-69899
6/12/23 - Updated to add new versions for CPD (4.6.5), and patches for new features.
9/21/23 - Updates per GRD-75079 by Matt.
9/25/23 - Typo repair.
10/23/23 - Updates to prepare for updated UDFs -- Fixed the links to Cloud Pak for Data docs.
10/25/23 - Turns out that Hive does support Row Level Filtering.
11/27/23 Watson Knowledge Catalog is now IBM Knowledge Catalog (or will be shortly).  Updated to reflect the change.
12/18/23 Updated validated versions to include CPD 4.7.1.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000Gp0OAAS","label":"POLICY"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.5.0;12.0.0"}]

Document Information

Modified date:
18 December 2023

UID

ibm16826047