How to make an attribute be secured

I have been asked many time how to make a virtual attribute secured: to hide the user input to this attribute under asterisks on UI, to hide the attribute value in the ActiveRoles Server Event Log and Change History and everywhere.

Well, let me demonstrate a solution for this. Imagine, I have to assign personal PIN-codes to user accounts. For that, I created a new virtual stored integer attribute for user accounts. (please, don’t forget to re-connect your ARS MMC after the attribute creation).

Next, I put this attribute on user properties on Web Interface. (it might require you to restart ARS Web Interface service to consider the new attribute)

Well, let’s try to input any data in this attribute.. As you can see, the value is not secured. Here are pictures that demonstrate this.

On Web Interface:

In Change History:

In Event Log:

Ok, I’ll fix this right now. I’m going to set the 4th bit of the edsaAttributeFlags attribute of the object of my virtual attribute. For that I use ARS MMC, open Advanced Properties on the attribute object, and read the edsvaAttributeFlag attribute value (8 in decimal, 0000 1000 in binary format), set the 4th bit (0001 1000 in binary, 24 in decimal format), and save the changes.

Well, let’s review how the change affects my ActiveRoles Server instance. Great, as you can see, the attribute value gets hidden under asterisks.

Please be noticed that this setting doesn't prevent you get the attribute value as a plain text (with script, for example). It's just hides the attribute value on UI.

In ActiveRoles MMC Console:

In Event Log:

In ActiveRoles Event Log:

Unfortunately, it doesn’t work for ActiveRoles Server Web Interface. I believe we change it in one of further version of ActiveRoles Server.

About the Author