Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Masking the values of sensitive properties

Updated on March 15, 2022

You need to ensure that sensitive data such as social security number (SSN) are visible only to human resources staff and to the employee.

Before you begin: Assume that in the Employee class, a property named SSN defines the employee’s social security number.
  1. In Dev Studio, create an access control policy for an Apply to class equal to Employee and Action equal to PropertyRead. For more information, see Creating an access control policy.
  2. Next to the Permit access if field, click the Open icon to create a new Access control policy condition instance.
  3. Create an access control policy condition named CanViewSSN to define who can view the SSN value. Enter the following values. For more information, see Creating an access control policy condition
    1. Policy condition A = Requestor.AccessGroup = HRApp:HRStaff (the user works in human resources)
    2. Policy condition B = Requestor.OperatorID = EmployeeID (the user is looking at the user’s own employee record)
    3. Conditional logic = A OR B
  4. On the Access control policy instance, in the Permit access if field, enter CanViewSSN.
  5. Click Add property and in the Property field, enter SSN.
  6. In the Restriction Method list, select whether to fully mask all values or to mask only the values in a certain position. For example, you might want to permit viewing the last 4 digits of the SSN. The value is masked for everyone except the users who satisfy the condition in step 3c.
    You can combine property encryption with property masking.
  • Previous topic Encrypting the values of sensitive properties
  • Next topic Securing your application for mashup communication

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us