Masking
A mask allows the configuror to define restrictions on the characters and length of the input and to format the display including the ability to hide all or part of a text field's value from view in OIPA. Here are the high level steps involved in setting up and applying a mask.
Configure a Mask
-
Define the mask security levels in AsCode. Open Admin Explorer | Administration | Code Names and scroll to AsCodeMaskSecurityLevel. Check out this file to add or revise mask security levels. These security levels must be defined before a mask can be created.
-
Create a mask in the Mask editor. Open Admin Explorer | Administration | Masks. Right-click on the Masks folder and select New Mask Detail. Enter the mask details. Any number of security levels may be created as needed for the intended use of the mask. For example, a phone number mask may need only one level of mask as it may not be necessary to hide the entry data based on the user. A tax ID mask may require that a few users actually view the data and all others view a set of replacement characters for the actual data. The number of security levels for this mask depends on the number of unique obfuscated views of the data in addition to the non-obfuscated view.
-
Create a transaction or screen (or open an existing transaction or screen). In the Fields pane, click on the text field that will contain a mask. The Field Properties Window will open. The last property listed is the mask property. Select a mask format. These formats are defined in the AsMaskDetail table and can be edited in the Mask editor in the Admin Explorer.
-
Add security to Mask. Open Admin Explorer | Security | Application Security | Security Groups. Open the Security Group folder and drill down to the security folder containing the page that holds the new mask. Open it and select the transaction or page. When it opens in the Configuration Area, scroll to the bottom of the screen to the Mask section and select a level of Mask security. These levels are saved in AsCodeMaskSecurityLevel and AsMaskDetail. The former can be edited through the AsCode editor in the Admin Explorer. The latter can be edited through the Mask editor in the Admin Explorer.
Mask Formats
A mask consists of two parts. First, an input format must be defined. This is used to validate the information a user enters in OIPA. The input mask must be a regular expression. The regular expression will validate the type of characters and the number of characters entered in OIPA. The regular expression also defines how the input characters are grouped. A grouping is defined by a pair of parenthesis. If a particular group should not be included in the output a question mark and a colon can be placed before the information inside the parenthesis and the section will not be included. Ex: (?:.....)
Second, an output format must be defined to tell OIPA how to display the input by the defined groups and supplied characters such as hyphens, parenthesis, etc.
Example: Phone number with masking
Input format: (\d{3})(\d{3})(\d{4})
Output format: ($1) $2-$3
Each input group is surrounded by a pair of parenthesis. In the example above there are three groups:
-
group one: (\d{3}) /d indicates numeric characters. {3} indicates the number of characters. (\d{3}) is one group and because it is first in the definition it is assigned to $1.
-
group two: (\d{3}) /d indicates numeric characters. {3} indicates the number of characters. (\d{3}) is one group and because it is second in the definition it is assigned to $2.
-
group three: (\d{4}) /d indicates numeric characters. {4} indicates the number of characters. (\d{4}) is one group and because it is third in the definition it is assigned to $3.
The output format shows that group one should be displayed inside a pair of parenthesis with a space before group two and a hyphen between group two and group three.
In total 10 digits are expected in the input with no additional format characters (hyphens, parenthesis, etc.) allowed in the entered data. A system error displays if any alpha character is entered or if the incorrect number of characters is entered. The output format defines, by group, how to re-display the input. In this case they are displayed in the order they were input. That does not have to be the case. The output format can mix up the groups as desired. The parenthesis, the hyphen and the space are added to create the format. With this definition the valid entry of 1234567890 becomes (123) 456-7890. If the output format was defined like this, $1-$2-$3, the re-display would be 123-456-7890 ($1.$2.$3 would be 123.456.7890).
Example: SSN with masking
Input format: (\d{3})(\d{2})(\d{4})
Output format: ***-**-$3
The asterisks in the output format tell OIPA to hide the input value. The $3 tells OIPA that the third group should be displayed. This demonstrates replacement of input characters. Entry of 123456789 becomes ***-**-6789.
Example: Entire value is hidden
Input format: (\d{3})(\d{2})(\d{4}
Output format: ***
The three asterisks in the output format tell OIPA that all three groups of input values should be hidden. This demonstrates replacement of all input characters. Entry of 123456789 becomes ***.