People often ask how they can be sure that some security sensitive information such as Social Insurance Number will be removed from less-secured sources such as change history, logs, reports and etc.
It's quite easy to accomplish.
Let's start from creating stored virtual attribute with DyrectoryString syntax and assign it to a user class. Then open attribute's Advanced Properties and locate property edsaAttributeFlags. In our case the value of this property will be "8".
There are some known values for this property:
- non-stored custom virtual attribute – 2
- stored custom virtual attribute – 8
- value is secret (this is what we need) – 16
- Read-only – 64
- Always Readable (rights are not required to read attribute) - 128
After that we can modify our attribute's value and check how it looks like in Change History and events.