Working with Protected Custom Attributes

This guide describes the steps required in order to set up a Protected Custom Attribute (PCA). Before we begin, you should be aware of the following security driven limitations on PCAs.

• PCAs cannot be included in Reports or Desktops.
• PCAs cannot be the driver for a Cascading Attribute.
• PCAs are excluded from the TDWebAPI.
• PCAs are excluded from Notifications.
• Changes to PCAs are not logged in the feed. If only PCAs change as part of an edit, the feed entry will read “Edited this [item].”
• PCAs can only be applied to new attributes.
• PCAs cannot be added in Ticket Templates
• PCAs cannot be imported using the ticket or asset import tools.

Editing BE Admin Permissions

In order to configure Protected Custom Attributes, a user must be an organization administrator. Follow these steps in order to assign the permission for PCAs.

1. Within TDAdmin, click the organization name at the top of the navigator.
2. Select the Administrators tab.
3. Click on the user whose permissions need to be edited.
4. Check the “Can Create/Modify Attribute Protections” checkbox.
5. Save.

Creating Protected Custom Attributes

Protected Custom Attributes can only be defined when creating a new attribute; existing attributes cannot be protected after the fact.

1. In TDAdmin, navigate to the appropriate Attributes screen to manage Ticket, Asset, Configuration Item, Issue or Risk attributes. 
2. On the Attributes screen, click “+ New.”
3. Fill in each of the fields needed to define the attribute.
4. At the bottom of the form, check the “Protected” checkbox. This makes the attribute a PCA, and disables the Client Visible checkbox.
5. Click Save.
   1. The Usage, Permissions, Access Log, and Configuration Log tabs will appear.
   2. The Usage tab works the same as non-protected attributes, and is read-only.
6. The Protected Configuration section will display at the bottom of this page. You may want to set the following settings:
   1. “Always allow requestor to view data in Client Portal” – This allows the requestor to view this attribute in the client portal, even if they couldn’t otherwise view it.
   2. “Require technician to enter PIN to access data.” – This forces the requestor to enter a PIN before viewing the data. For more information on PIN Settings, click here. 
   3. “Number of characters to unmask” – The number of characters that will automatically be unmasked to users, even if they are not in the groups which can view the full attribute.
   4. “Number of seconds to display values” – The number of seconds an unmasked value can be viewed before it automatically becomes masked again.

8. Click Save.

Setting Permissions for Protected Custom Attributes.

Protected Custom Attributes will only be visible to users in allowed groups. All other users cannot ever view the attribute.

1. Open the attribute’s edit page.
2. Click on the Permissions tab.

3. Choose the appropriate group(s) to view the attribute in the “Add Associated Groups” field.
   1. You must set your Protected Custom Attribute to be associated to a Group or Groups. If you do not, it will stay masked on the ticket and unable to view the full details of the attribute value. This also includes unlocking it with a PIN. 
   2. The PIN eyeball icon will appear when the PCA is associated with Group permissions. 
4. Click Add.

Adding Protected Custom Attributes to Forms

Protected Custom Attributes are added to Forms in the same way as any other custom attributes, with the following considerations:

• When you add a PCA to a form, the Protected icon () displays. Clicking it will provide a summary of the PCA’s settings, including which groups can view it.

• PCAs cannot be marked as hidden or read-only for TDNext.