The following points provide additional information to
assist in your masking configuration:
- You should examine the Data Masking feature
configuration in the demonstration system because it will probably
contain masking rules that will match your own.
- On data input pages, a user might be able to enter or change masked
data, such as a bank account number, but not be able to subsequently
see what they added or changed.
- External systems can request information by performing a service
call via XAI. Please keep in mind that some XAI requests require
data to be masked and some do not. For example, a request from an
external system to synchronize person information needs the person's
social security number unmasked; whereas a request from a web self
service application to retrieve the same person information for display
purposes needs the person's social security number masked. To implement
this type of requirement, different users must be associated with
each of the requests and these users must belong to separate user
groups with different access rights.
- If you need to mask a field value that is retrieved by invoking
a business object (BO), a business service (BS), or a service script
(SS), the associated element in the invoked schema must be associated
with a meta-data field. It is this field's name that is referenced
on the field's respective option value on the Data Masking feature configuration. For example, if you need to mask a bank
account number that's returned via a business object call, the element
in the schema that holds the bank account number must have either
an mdField= attribute or a mapField= attribute that references a field name (for example, BANK_ACCT). This is because when the option value in
the Data Masking feature configuration is defined, it references the BANK_ACCT field and not the element name in the schema.
Please note that if other BO, BS or SS schema elements reference
this meta-data field, the same masking rules will be applied.
- If a maintenance object (MO) contains a CLOB field
that holds an XML document and a service call invokes the MO's service
program directly, the system will mask individual XML elements in
the CLOB if a Determine BO algorithm has been
plugged into the maintenance object and the element(s)
in the respective BO schema have been secured as described above.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.