|
|
|
If you have an encrypted attribute in the Identity Manager Directory and then choose to store that attribute's values as clear text, you can remove the AttributeLevelEncrypt data classification.
Once the data classification has been removed, Identity Manager stops encrypting the new attribute values. Existing values are decrypted when you save the object associated with the attribute.
Note: To decrypt the attribute value, the task that you use to save the object must include the attribute. For example, to decrypt a password for an existing user, you save the user object with a task that includes the password field, such as the Modify User task.
To force Identity Manager to detect and decrypt any encrypted values that remain in the user store for the attribute, you can specify another data classification, PreviouslyEncrypted. The clear text value is saved to the user store when you save the object.
Note: Adding the PreviouslyEncrypted data classification adds extra processing on every object load. To prevent performance issues, consider adding the PreviouslyEncrypted data classification, loading and saving each object associated with that attribute, and then removing the data classification.This method automatically converts all stored encrypted values to stored clear text.
To remove attribute-level encryption from an existing user store, you complete the following steps:
For example:
<ImsManagedObjectAttr physicalname="salary" displayname="Salary" description="salary" valuetype="String" required="false" multivalued="false" maxlength="0" searchable="false"> <DataClassification name="PreviouslyEncrypted"/>
Note: For more information about the Bulk Loader, see the Administration Guide.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |