1. To create a sensitive attribute, you must first create one or more sensitive attribute definitions.
    For example, to create a sensitive attribute definition that will only allow access to the employeeSSN attribute by clients using secure connections, the following configuration changes may be made:
    $ bin/dsconfig create-sensitive-attribute \ 
      --attribute-name "Employee Social Security Numbers" \ 
      --set attribute-type:employeeSSN \ 
      --set include-default-sensitive-operational-attributes:true \ 
      --set allow-in-returned-entries:secure-only \ 
      --set allow-in-filter:secure-only \
      --set allow-in-add:secure-only \ 
      --set allow-in-compare:secure-only \
      --set allow-in-modify:secure-only
  2. Associate those sensitive attribute definitions with the client connection policies for which you want them to be enforced.
    $ bin/dsconfig set-client-connection-policy-prop --policy-name default \ 
      --set "sensitive-attribute:Employee Social Security Numbers"