Page created: 6 Nov 2019
|
Page updated: 25 Mar 2020
| 1 min read
8.0 Product PingDirectory Administration User task Product documentation Content Type Configuration Administrator Audience IT Administrator Software Deployment Method Directory Capability
-
To create a sensitive attribute, you must first create one or more sensitive
attribute definitions.
For example, to create a sensitive attribute definition that will only allow access to the
employeeSSN
attribute by clients using secure connections, the following configuration changes may be made:$ bin/dsconfig create-sensitive-attribute \ --attribute-name "Employee Social Security Numbers" \ --set attribute-type:employeeSSN \ --set include-default-sensitive-operational-attributes:true \ --set allow-in-returned-entries:secure-only \ --set allow-in-filter:secure-only \ --set allow-in-add:secure-only \ --set allow-in-compare:secure-only \ --set allow-in-modify:secure-only
-
Associate those sensitive attribute definitions with the client connection
policies for which you want them to be enforced.
$ bin/dsconfig set-client-connection-policy-prop --policy-name default \ --set "sensitive-attribute:Employee Social Security Numbers"