Absent Member.
Absent Member.

Custom Plugin Display Mask?

Short of creating a derived custom schema attribute for the last 4
digits of a user's SSN, and then displaying THAT attribute, I am
wondering if there is a way, in iManager custom plugins,to display only
the last 4 digits of the SSN to our Help Desk?

Attribute masks? Truncate? anything?
Labels (1)
1 Reply
Absent Member.
Absent Member.

Re: Custom Plugin Display Mask?

I would expect that, with a custom plugin, you could do anything you like
since it's going to be written in Java (JSP) and displaying random text is
allowed. As a result you could have your plugin pull the full value, grab
the last four characters, and then only send those four to the browser as
static text.

With that written, I want to give some other options for a few reasons.
First, if iManager can do this for a user, then the user can also do it
for themselves, so it is important to NOT consider the thought above as
any kind of secure setting. If the helpdesk folks are able to make any
kind of connection with their user to the eDirectory box directly then
they can see the full attribute. As a result you could not claim that,
"Only your last four digits are known by the helpdesk folks." unless you
could also show that the helpdesk folks cannot access the directory
directly, or use any other parts of iManager to show the full user object
(assuming they have rights to do so).

Other options could involve using something like Identity Manager on the
backend to copy the last four digits to another attribute which could be
entirely exposed to the helpdesk staff. The benefit is that no matter how
they see the value (iManager, ConsoleOne, LDAP, iMonitor) they can only
see the four digits since the whole SSN is stored elsewhere entirely out
of reach (thanks to ACLs).

Finally, could you share what is causing this need? Most-often this type
of thing is needed for some kind of password reset scenario and, if that's
the case, you may be benefited by implementing something that lets users
reset their own passwords directly to offload work from the helpdesk and
empower users using challenge/response stuff. Just a thought.

Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.