Best practices for creating a data product

Last updated: Mar 28, 2025

The best practices to consider when creating data products include how to protect sensitive data and how to preserve data protection rules.

Protecting sensitive data

You can protect sensitive data by following these practices:

Follow the principle of least privilege when creating connections and setting delivery credentials.
Set the access level to Requires approval if the data product contains sensitive data, independent of whether data protection rules are in use. For details, see Completing your data product.
Select the Data product contents tab to review and verify the contents of each item in a data product before publishing. Masked columns are reflected as a visualization of the data product item. If you are expecting masked columns as determined by data protection rules, but do not see masking applied as a visualization of the data product item, check the connection's credentials. The credentials on the asset’s connection must be the delivery credentials and not the asset owner’s credentials. Data protection rules are not enforced when the data source is accessed using the credentials of the asset owner.

Data protection rules that were defined in IBM Knowledge Catalog are preserved in a delivered data product under the following conditions:

The data source is either IBM Data Virtualization or IBM watsonx.data.
Access to the data source for the Data extract and Flight service delivery methods is granted using the delivery credentials, rather than the credentials of the asset owner. Deep enforcement engines do not apply data protection rules when the data source is accessed using the credentials of the asset owner.

Parent topic: Creating a data product

Was the topic helpful?

0/1000