• Masking Character - The character to be used as a mask. The default character is an asterisk (*).

• Number of Unmasked Characters - The number of suffix characters to unmask. Commonly, the last x characters are displayed unmasked to allow some identification. A value of zero masks all characters.

• Unmasked Characters - List of characters without spaces to leave unmasked. This is commonly used to denote delimiter characters to enhance recognition.

• Application Service - Used for security authorization checking. The Application Service allows global or local services to be configured to indicate security access to data masks.

• Security Type - The security type that flags the users that will view the data in masked or unmasked format. User groups need to be connected to the Application Service and security type, and given the Authorization Level to determine the level of data masking.

• Authorization Level - The authorization level that determines if the user can access the unmasked data. All other authorization levels in the security type will indicate masked data.

• Configure an algorithm entry using the F1-MASK algorithm type for the desired configuration. Algorithm entries can be shared across fields to be masked using the Algorithm menu option of the Administration menu.

• Attach user groups to the Application Service with the appropriate Authorization Level for the Security Type.

• Create or update a feature configuration with a Data Masking feature type by using the Feature Configuration menu option of the Administration menu.

• For each field to mask, add an entry to the Options section of Feature Configuration and configure the following settings:

• Option Type: Field Masking

• Sequence: A numeric value for sorting purposes

• Value: A tag string delimited by a comma to indicate the data masking definition.

• The supplied algorithm only supports fields defined as strings.

• Enter alg=”algorithm name” to reference the masking algorithm. The corresponding Algorithm Type must reference the Data Masking algorithm entity.

• For data accessed via a scheme-based object call, reference a metadata field name from its schema definition. For example, to mask a credit card number with a schema of <creditCard mdField=”CCNBR” mapField=”EXT_ACCT_ID”/>, set the option value field=”CCNBR”, alg=”algorithm name”.

• For data accessed by a page maintenance service call, indicate the table name and field name where the data resides. For example, table=”table_name”, field=”fld_name”, and alg=”algorithm name”.

• A WHERE clause can be specified, which is useful for data that resides in a child table where only of a certain type needs to be masked. For example, table=”CI_PER_ID”, field=”PER_ID_NBR”, alg=”algorithm_name”, where=”ID_TYPE_CD=’SSN’”.

• For data stored as a characteristic, indicate the characteristic type as CHAR_TYPE_CD=’char type’, alg=”algorithm name”. This needs to be defined only once regardless of which characteristic entity the Char Type may reside. Note that only ad-hoc characteristics are supported at the present time.

• For data displayed via a search service call, indicate the search name and the appropriate field to mask along with the masking algorithm. For example, search=”SearchServiceName”, field=”PER_ID_NBR”, where=”D_TYPE_CD=’SSN’”, alg=”algorithm name”. To find the search service name, launch the search in question then right-click the filter area, select View Source, and search ServiceName. To find the field name to mask, return to the search window and right-click the search area then select View Source. Look for the Widget Info section and find the field name in the search results but exclude the $. Note that the WHERE statement can only apply to fields that are also part of the search results.