BFDS Field Object Masking Installation
Purpose
To assist with the setting up of the component that introduces the ability to mask out certain specified fields so that users (except those specifically exempted) will not be provided with document views that include the unmasked field values. Specifically, the fields will be masked out in all but the search results grid. They will be masked in screen document views and in exported and printed documents.
Requirement
BFDS mask the Social Security field in DS32 so this doesn’t show when printing the documents. Although it was agreed with BFDS in the security training that Mitratech would disable the option to print to solve this in DataStore. It has evolved that there is a business requirement to print documents that contain the SSN field.
Solution
A plugin component (HitecLabs.DataStore.BFDS.FieldObjectMaskingPlugin.dll) to the DataStore service will be provided. This will be manually copied into the standard plugins folder which will be specified to the service via the Management Studio Configuration>Plugin Options. This plugin will then be loaded when the service is restarted, the service's configuration file will be read and, if valid, field masking will be active for the specified templates and for all non-exempted users. This will then apply to all clients of that DSX server.
The only fields that can be masked in this way are Document and Page type fields; Transaction fields cannot be masked.
COLD and Image documents may be masked successfully.
Document views retrieved via customer-written API user applications are also affected by field masking, as are views via Searching Client and Management Studio.
Configuration
The HitecLabs.dataStore.DataStoreService.exe.config requires the following additions:
- In configSections.
<section name="HitecLabs.DataStore.BFDS.FieldObjectMaskingPlugin.Settings" type="HitecLabs.DataStore.BFDS.FieldObjectMaskingPlugin.Settings, HitecLabs.DataStore.BFDS.FieldObjectMaskingPlugin"/> - In applicationSetting
<HitecLabs.DataStore.BFDS.FieldObjectMaskingPlugin.Settings maskingCharacter="*">
<DataDefinitions>
<DataDefinition id="66666666-5555-4444-3333-cccccccccccc">
<Fields>
<Field name="PrivateField1"/>
</Fields>
<ExemptUsers>
<User name="TrustedUser1"/>
</ExemptUsers>
</DataDefinition>
<DataDefinition id="88888888-4444-4444-4444-cccccccccccc">
<Fields>
<Field name="PrivateField1"/>
</Fields>
<ExemptUsers>
<User name="TrustedUser1"/>
<User name="TrustedUser2"/>
<User name="TrustedUser3"/>
</ExemptUsers>
</DataDefinition>
<DataDefinition id="77777777-3333-4444-5555-222222222222">
<Fields>
<Field name="PrivateField1"/>
<Field name="PrivateField2"/>
</Fields>
<ExemptUsers>
<User name="TrustedUser1"/>
<User name="TrustedUser2"/>
<User name="TrustedUser3"/>
<User name="TrustedUser4"/>
</ExemptUsers>
</DataDefinition>
</DataDefinitions>
</HitecLabs.DataStore.BFDS.FieldObjectMaskingPlugin.Settings>
The numeric identifiers of the Data Definitions are needed as are the names of any fields to be masked and the names of any users who are to be exempt from masking. That is to say they will see the relevant fields in plain text.
Note: A Data Definition may only appear once in this section. That is to say a DD has a single list of masked fields and a single list of exempted users.
Note: The maskingCharacter="*" may be varied to suite. This is a simple character by character replacement, so the field length is still apparent after masking.
Searching Client view of a masked document:
Note: The masked field is called “Name” and is shown in the result grid in plain text, but is masked on the document view (line beginning “Status :”).
Note: The user Mr Bland (highlighted red) is not an exempted user. An export of this document produces a view showing Status: ********