International Business Machines Corporation
Push down policy enforcement

Abstract:

A method, computer program product, and a system where a processor(s) intercepts a query from a client targeting a database. The processor(s) analyzes the query to determine contextual data relevant to the query and determines, based on a data masking policy, if a portion of results responsive to the intercepted query should be provided to the client as masked data. When the processor(s) determines that the portion of the results should be provided to the client as masked data, the processor(s) determines computing resources managing data comprising the results responsive to the intercepted query. The processor(s) executes the query on the computing resources by obtaining the masked data via coprocessors deployed on the computing resources, where the coprocessors mask the portion of the results. The processor(s) returns query results comprising the portion of the results masked by the coprocessors, to the client.