Masking the values of sensitive properties
You need to ensure that sensitive data such as social security number (SSN) are visible only to human resources staff and to the employee.
- In Dev Studio, create an access control policy for an Apply to class equal to Employee and Action equal to PropertyRead. For more information, see Creating an access control policy.
- Next to the Permit access if field, click the Open icon to create a new Access control policy condition instance.
- Create an access control policy condition named CanViewSSN
to define who can view the SSN value. Enter the
following values. For more information, see Creating an access control policy condition
- Policy condition A = Requestor.AccessGroup = HRApp:HRStaff (the user works in human resources)
- Policy condition B = Requestor.OperatorID = EmployeeID (the user is looking at the user’s own employee record)
- Conditional logic = A OR B
- On the Access control policy instance, in the Permit access if field, enter CanViewSSN.
- Click Add property and in the Property field, enter SSN.
- In the Restriction Method list, select whether to fully mask all values or to
mask only the values in a certain position. For example, you might want to
permit viewing the last 4 digits of the SSN. The value is masked for everyone
except the users who satisfy the condition in step 3c.You can combine property encryption with property masking.
Previous topic Encrypting the values of sensitive properties Next topic Securing your application for mashup communication