Masking

Owned by Barb Sutton (Deactivated)
Sept 10, 2015
1 min read

Masking will customize the display of a field, when the full value cannot be shown to the user of a lookup, inquiry, or document. Masking is achieved by DD Definition Attribute Security and KIM data configuration. If an attribute is enabled with "masking" then authorizers and presentation controllers will use IdentityManagementService to view the permission granted for the specific user and decides to mask or unmask a field.

PayeeACHAccount.xml
<property name="attributeSecurity">
	<bean parent="AttributeSecurity">
  		<property name="mask" value="true"/>
		<property name="maskFormatter">
  		<bean parent="MaskFormatterLiteral" p:literal="*****************"/>
  		</property>
  		<property name="partialMask" value="true"/>
  		<property name="partialMaskFormatter">
  		<bean parent="MaskFormatterSubString" p:maskLength="5"/>
  		</property>
  	</bean>
  </property>

Inquiry

While performing inquiry, Inquirable.getSections() will invoke BusinessObjectAuthorizationService.getInquiryRestrictions() which will check "mask" attribute security and provides the field restrictions as defined in the "AttributeSecurity" property in the business object dictionary and KIM data configured for the current user. Then htmlControlAttribute.tag will check for mask flag and hides/masks as per the specifications.

Lookup

While performing lookup and displaying results, LookupableHelperServiceImpl will invoke BusinessObjectAuthorizationService.getLookupResultRestrictions() to check if attribute security is configured with masking details and against KIM data configuration for the current user to decide the restrictions. As mentioned above then htmlControlAttribute.tag will print the value appropriately.

Maintenance Documents

KualiMaintanceDocumentAction.execute() will always invoke BusinessObjectAuthorizationService().getMaintenanceDocumentRestrictions() which will check AttributeSecurity configuration for each field and decides the field level restriction based on the user and his KIM configuration.

Transactional Documents

Transactional Documents have their own jsp/tag files so there is no authorizer support for these document types, we can use the htmlControlAttribute.tag properties "displayMask" and "displayMaskValue" to mask field level values in respective jsp/tag files.

tags/kim/personAddress.tag
<kul:htmlControlAttribute property="document.addrs[${status.index}].line1" attributeEntry="${docAddressAttributes.line1}"
readOnly="${readOnlyEntity or !canModify}" displayMask="${maskData}" displayMaskValue="Xxxxxxx" />

 

 

Kuali documentation is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. 

Kuali software is licensed for use pursuant to the Affero General Public License, version 3.

 Copyright © 2014 Kuali, Inc. All rights reserved. 

Portions of Kuali are copyrighted by other parties as described in the Acknowledgments screen. 

Kuali ® is a registered trademark of the Trustees of Indiana University.