Examine the list of masked fields and look for "logical
fields".
For example, assume your list contains the following masked fields:
- The Person - Main page retrieves information using the person
page service. This page contains a grid that contains
the various forms of ID associated with the person. Entries in the
grid with an ID Type of "Social Security Number" are subject to masking.
- The Control Central - Main page retrieves data by invoking a search
service. This service shows a person's primary form of ID in the
search results. If a person's primary ID is their social security
number then it is subject to masking.
- The Control Central - Account Information page contains a map
zone that retrieves data by invoking a service script. One of the
elements in this script's schema holds the person's social security
number and it is subject to masking.
In the above example, there is a single "logical field" associated
with the three secured elements: the social security number.
Examine your list and define the distinct logical fields. For
each one, create a security type with two authorization levels:
-
1 - Can only see the element masked
-
2 - Can only see the element unmasked
You should link all of the security types to an application service
of your choosing. We recommend linking every masking-oriented security
type to a single application service (e.g., CM_MASK) as it makes granting access easier.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.