Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Masking property visibility for users

Updated on July 1, 2021

You can restrict access to values of one or more properties by using a property-level access control policy. By using various masking options in the access control policy, you can display partial information about a value to users who are not allowed to see the full value.

Before you begin:
  • You must have the pzCanManageSecurityPolicies privilege, which is included in the PegaRULES:SecurityAdministrator role.
Property-level policies can be enforced only on optimized properties. Also, the policies cannot be enforced in some Pega Platform features. For example, polices cannot be enforced in features that retrieve data for potential sharing across multiple users whose credentials are not available at the time of retrieval, and whose credentials might vary and might change following retrieval, such as node-scoped and cluster-scoped data pages and scheduled reports. These same limitations also apply to row-level policies.
  1. In the navigation panel, click RecordsSecurityAccess Control Policy, and then click Create.
  2. In the Label field, enter the policy name.
  3. In the Action list, click PropertyRead.
  4. In the Context section in the Apply to field, enter a class.
  5. In the Add to ruleset field, select a ruleset.
  6. Click Create and open.
  7. Optional: To prevent overriding the policy in a descendant class, on the Definition tab, select the Disallow creation of a policy with the same name at a descendant class check box.
  8. In the Permit access if field, enter the condition rule name under which the access is permitted.
  9. Click Add property.
  10. In the Property field, select the property to mask.
    You can mask DateTime, Integer, and Text property types.
  11. In the Restriction Method field, select one of the following masking options for the property.
    DateTime
    • Mask entire Date – All the date information is replaced.
    • Mask Year – Only the year information is replaced.
    • Mask Day and Month – Only the day and month information is replaced.
    Integer
    • Mask with N digits – The whole value is replaced with a defined number of characters.
    Text
    • Full Mask – The whole text is replaced with one character.
    • Mask all but last 'N' – The whole value is replaced, except for the last N characters.
    • Mask all but first 'N' – The whole value is replaced, except for the first N characters.
  12. Click the Switch to edit mode icon.
  13. In the Masking and Formatting Options form, fill out the required fields.
    Note: When the value for a restricted property is NULL for a case, the value looks as though it is not set.
    DateTime property type
    1. Depending on the selected masking option, in the Masking values section, in the Month, Day, or Year field, select or enter the value to replace.
    2. Click Submit.
    Integer property type
    1. In the Masking digit field, enter a digit, letter, or symbol to replace the property value.
    2. In the Number of digits field, enter the number that is the number of times the digit, letter, or symbol appears in the property values.
    3. Click Submit.
    Text – Full Mask
    1. In the Masking character field, enter a digit, letter or symbol that should be used to replace the property value.
    2. Select the Display length is fixed check box or Display length matches value check box, to specify the length of the replaced property.
    3. If you selected Display length is fixed check box, enter a digit in the Display characters length field to specify the length of the replaced property.
    4. Click Submit.
    Text – Mask all but last 'N' and Mask all but first 'N'
    1. In the Masking character field, enter a digit, letter, or symbol to replace the property value.
    2. In the Number of unmasked character field, enter a digit to specify the length of the characters that are not replaced in a property.
    3. Select the Display length is fixed check box or the Display length matches value check box to specify the length of the replaced property.
    4. Click Submit.
  14. Click Save.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us