Create A Feature Configuration For Each Secured Element

Create a feature configuration with a Feature Type of Data Masking.

Add an option for every field that you defined in Identify The Fields To Be Masked.

Each field's option value will have an Option Type of Field Masking and a Value that references the respective algorithm defined above. In addition, the Value will contain mnemonics that differ depending on how the field is retrieved.

Note: Only fields defined as strings are supported.

Schema Based Object Field Masking

For data that is accessed via a schema-based object call and displayed in a UI map, the field to be masked must reference a meta-data field name in its schema definition: field="fld_​​name", alg="algorithm name"

If the element references an mdField in the schema, that is the field used to identify the masking rule. If there is no mdField reference but only a mapField reference, that is the field used to identify the masking rule. For example, if you want to mask a credit card number, let's assume that field is defined in the schema is the following:

<creditCard mdField="CCNBR" mapField="EXT_ACCT_ID"/>

In this case, the option value should be field="CCNBR", alg="algorithm name". An option value of field="EXT_​​ACCT_​​ID", alg="algorithm name" would not result in masking.

A "where" clause may also be specified. This is useful for data that resides in a list where only data of a certain type needs to be masked: field="fld_​​name", alg="algorithm name", where="fld_​​name='value'"

For example, person can have a collection of IDs and only IDs of type 'SSN' (social security number) should be masked. If the person data including its collection of person IDs is displayed on a UI map via a business object call, let's assume the collection is defined in the following way:

<personIDs type="list" mapChild=CI_PER_ID">
  <isPrimaryId mapField="PRIM_SW"/>
  <idType mapField="ID_TYPE_CD"/>
  <personIdNumber mapField="PER_ID_NBR"/>
</personIds>

The option value may look like this: field="PER_​​ID_​​NBR", alg="algorithm name", where="ID_​​TYPE_​​CD='SSN'"

Please note the following important points for schema based masking:

Records Maintained Using Page Maintenance

For data that is accessed via a page maintenance service call, indicate the table name and the field name where the data resides: table="table_​​name", field="fld_​​name", alg="algorithm name"

For example if the Person record and its collection of identifiers are displayed and maintained using page maintenance, the option value should be table="CI_​​PER_​​ID", field="PER_​​ID_​​NBR", alg="algorithm name"

A "where" clause may also be specified: table="table_​​name", field="fld_​​name", where="fld_​​name='value'", alg="algorithm name"

This is useful for data that resides in a child table where only data of a certain type needs to be masked. For the person ID example, table="CI_​​PER_​​ID", field="PER_​​ID_​​NBR", alg="algorithm name", where="ID_​​TYPE_​​CD='SSN'"

Characteristic Data

For data that is stored as a characteristic, simply indicate the characteristic type: CHAR_​​TYPE_​​CD='char type', alg="algorithm name"

This needs to be defined only once regardless of which characteristic entity the char type may reside on. Note that only ad-hoc characteristics are supported.

Masking Fields in Explorer Zones or Info Strings

In explorer zones data is often retrieved using SQL directly from the database. No masking is applied automatically in this case. If there is data in the explorer zone results that should be masked, the masking must be applied by calling a business service.

Similarly, an MO Info algorithm may not use BO interaction to get data. It may access data using SQL for efficiency purposes. No masking in applied when retrieving data via SQL. To apply masking to a string prior to including it in an info string, the masking must be applied by calling a business service.

The system supplies two business services to be called to determine if masking rules apply for a specific field.

Search Service Results

For data that is displayed via a search service call, indicate the search name and the appropriate field to mask along with the masking algorithm. For example: search="SearchServiceName", field="PER_​​ID_​​NBR", where="ID_​​TYPE_​​CD='SSN'", alg="algorithm name"

To find the name of the search service, launch the search in question, right click in the filter area and choose View Source. Search for ServiceName. The service name is listed there. To find the field name to mask, go back to the search window and right click on the results area and choose View Source. Look for the Widget Info section and find the field name in the SEARCH RESULTS (do not include the $). Note, the "where" statement can only apply to fields that are also part of the search results.