---
title: Restricting the modification of attributes
description: Starting with PingDataGovernance 8.1, the Allow Attributes statement and Prohibit Attributes statement are no longer supported. If you have policies that use those statements, change them to use the impactedAttributes policy attribute.
component: pingauthorize
version: 11.0
page_id: pingauthorize:pingauthorize_policy_administration_guide:paz_restrict_attrs_mod
canonical_url: https://docs.pingidentity.com/pingauthorize/11.0/pingauthorize_policy_administration_guide/paz_restrict_attrs_mod.html
revdate: July 10, 2023
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Restricting the modification of attributes

Starting with PingDataGovernance 8.1, the Allow Attributes statement and Prohibit Attributes statement are no longer supported. If you have policies that use those statements, change them to use the `impactedAttributes` policy attribute.

## About this task

The `impactedAttributes` attribute is defined in `resource/policies/defaultPolicies.SNAPSHOT`. If you are using a branch created from that snapshot, the attribute already exists in the branch. If not, create the attribute.

## Steps

1. Go to Trust Framework, and then click Attributes.

2. From the [icon: plus, set=fa]menu, select Add new Attribute.

3. For the name, replace Untitled with `impactedAttributes`.

4. Verify that in the Parent field, no parent is selected. To remove a parent, click the delete icon to the right of the Parent field.

5. Click [icon: plus, set=fa]Add Resolver and set the Resolver type to Request.

6. In the Value Settings section:

   1. Select the box next to Default value and specify square brackets with no space between them (`[]`) as the value.

   2. Set Type to Collection.

7. Click Save changes.