Creating a sensitive attribute - PingDirectory

Creating a sensitive attribute - PingDirectory - 9.3

PingDirectory 9.3

bundle

pingdirectory-93

ft:publication_title

PingDirectory 9.3

Product_Version_ce

PingDirectory 9.3 (Latest)

category

Product

pd-93

pingdirectory

ContentType_ce

Creating sensitive attributes involves creating and associating definitions to set configuration properties and policies according to your business needs.

To create a sensitive attribute:

Create one or more sensitive attribute definitions using

dsconfig
                  create-sensitive-attribute

For example, to create a sensitive attribute definition that only allows access to the employeeSSN attribute by clients using secure connections, make the following configuration changes.

$ bin/dsconfig create-sensitive-attribute \ 
  --attribute-name "Employee Social Security Numbers" \ 
  --set attribute-type:employeeSSN \ 
  --set include-default-sensitive-operational-attributes:true \ 
  --set allow-in-returned-entries:secure-only \ 
  --set allow-in-filter:secure-only \
  --set allow-in-add:secure-only \ 
  --set allow-in-compare:secure-only \
  --set allow-in-modify:secure-only

Associate the sensitive attribute definitions with the client connection policies that you want to enforce using dsconfig set-client-connection-policy-prop.
```
$ bin/dsconfig set-client-connection-policy-prop --policy-name default \ 
  --set "sensitive-attribute:Employee Social Security Numbers"
```