LinkedIn
Copied!

Table of Contents

Masking the values of sensitive properties

You need to ensure that sensitive data such as Social Security number (SSN) are visible only to human resources staff and to the employee.

Assume that in the Employee class, a property named SSN defines the employee’s Social Security number.
  1. In Dev Studio, create an access control policy for an Apply to class equal to Employee and Action equal to PropertyRead. For more information, see Creating an access control policy.

  2. Next to the Permit access if field, click the Open icon to create a new Access control policy condition instance.

  3. Create an access control policy condition named CanViewSSN to define who can view the SSN value. Enter the following values. For more information, see Creating an access control policy condition

    1. Policy condition A = Requestor.AccessGroup = HRApp:HRStaff (the user works in human resources)

    2. Policy condition B = Requestor.OperatorID = EmployeeID (the user is looking at the user’s own employee record)

    3. Conditional logic = A OR B

  4. On the Access control policy instance, in the Permit access if field, enter CanViewSSN.

  5. Click Add property and in the Property field, enter SSN.

  6. In the Restriction Method list, select whether to fully mask all values or to mask only the values in a certain position. For example, you might want to permit viewing the last 4 digits of the SSN. The value is masked for everyone except the users who satisfy the condition in step 3c.

    You can combine property encryption with property masking.

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.