PingDirectory

Creating a sensitive attribute

Creating sensitive attributes involves creating and associating definitions to set configuration properties and policies according to your business needs.

About this task

To create a sensitive attribute:

Steps

  1. Create one or more sensitive attribute definitions using dsconfig create-sensitive-attribute.

    Example:

    For example, to create a sensitive attribute definition that only allows access to the employeeSSN attribute by clients using secure connections, make the following configuration changes.

    $ bin/dsconfig create-sensitive-attribute \
  --attribute-name "Employee Social Security Numbers" \
  --set attribute-type:employeeSSN \
  --set include-default-sensitive-operational-attributes:true \
  --set allow-in-returned-entries:secure-only \
  --set allow-in-filter:secure-only \
  --set allow-in-add:secure-only \
  --set allow-in-compare:secure-only \
  --set allow-in-modify:secure-only

  2. Associate the sensitive attribute definitions with the client connection policies that you want to enforce using dsconfig set-client-connection-policy-prop.

    Example:

    $ bin/dsconfig set-client-connection-policy-prop --policy-name default \
  --set "sensitive-attribute:Employee Social Security Numbers"