Configuration Guide › LDAP User Store Management › User, Group, and Organization Managed Object Descriptions › Managing Sensitive Attributes › Data Classification Attributes

Data Classification Attributes

The Data Classification element provides a way to associate additional properties with an attribute description. The values in this element determine how CA IdentityMinder handles the attribute. This element supports the following parameters:

• sensitive

  Causes CA IdentityMinder to display the attribute as a series of asterisks (*) in View Submitted Tasks screens. This parameter prevents old and new values for the attribute from appearing in clear text in View Submitted tasks screens.

  Additionally, if you create a copy of an existing user in the User Console, this parameter prevents the attribute from being copied to the new user.

• vst_hide

  Hides the attribute in the Event Details screen for the View Submitted Tasks tab. Unlike sensitive attributes, which are displayed as asterisks, vst_hidden attributes are not displayed.

  You can use this parameter to prevent changes to an attribute, such as the salary, from displaying in View Submitted Tasks.

• ignore_on_copy

  Causes CA IdentityMinder to ignore an attribute when an administrator creates a copy of an object in the User Console. For example, assume that you have specified ignore_on_copy for the password attribute on a user object. When copying a user profile, CA IdentityMinder does not apply the password of the current user to the new user profile.

• AttributeLevelEncrypt

  Encrypts attribute values when they are stored in the user store. If CA IdentityMinder is FIPS 140-2 enabled, CA IdentityMinder uses RC2 encryption or FIPS 140-2 encryption.

  For more information about FIPS 140-2 support in CA IdentityMinder, see the Configuration Guide.

  The attributes appear in clear text during runtime.

  Note: To prevent attributes from appearing in clear text in screens, you can also add a sensitive data classification element to encrypted attributes. For more information, see How to Add Attribute-Level Encryption.

• PreviouslyEncrypted

  Causes CA IdentityMinder to detect and decrypt any encrypted values in the attribute when it accesses the object in the user store.

  You use this data classification to decrypt any previously encrypted values.

  The clear text value is saved to the store when you save the object.