Creating a sensitive attribute - PingDirectory

Page created: 26 Jul 2021 |

Page updated: 14 Jan 2022

| 1 min read

9.0 Product PingDirectory Directory Capability Product documentation Content Type Administration User task Configuration IT Administrator Administrator Audience Software Deployment Method

Creating sensitive attributes involves creating and associating definitions to set configuration properties and policies according to your business needs.

To create a sensitive attribute:

Create one or more sensitive attribute definitions using

dsconfig
                  create-sensitive-attribute

For example, to create a sensitive attribute definition that only allows access to the employeeSSN attribute by clients using secure connections, make the following configuration changes.

$ bin/dsconfig create-sensitive-attribute \ 
  --attribute-name "Employee Social Security Numbers" \ 
  --set attribute-type:employeeSSN \ 
  --set include-default-sensitive-operational-attributes:true \ 
  --set allow-in-returned-entries:secure-only \ 
  --set allow-in-filter:secure-only \
  --set allow-in-add:secure-only \ 
  --set allow-in-compare:secure-only \
  --set allow-in-modify:secure-only

Associate the sensitive attribute definitions with the client connection policies that you want to enforce using dsconfig set-client-connection-policy-prop.
```
$ bin/dsconfig set-client-connection-policy-prop --policy-name default \ 
  --set "sensitive-attribute:Employee Social Security Numbers"
```