Note: Dynamic Access Control offers a more robust way to secure users in Vault. We recommend configuring Dynamic Access Control on the User object instead of Hide User Information.
Hide User Information is a method of protecting your users’ identities. With Hide User Information, you can configure your Vault to prevent unauthorized users from viewing user names and identifying details. This hide action only applies to users whose email address has a different domain. See About Hide User Information for details.
Setting Up Hide User Information
Every permission set in your Vault has the View User Information permission by default. To use Hide User Information, you must use custom security profiles and permission sets. Assign users who shouldn’t see user information to a security profile that does not include the Application: User: View User Information permission.
Recommended Vault Settings
Some Vault features may reveal user information even when a user does not have the View User Information permission.
To support Hide User Information, we recommend that you use the following configurations:
- Use Dynamic Access Control
- Disable User Mentions in the Vault
- Remove the following from permission sets without the View User Information permission:
- All API permissions
- Audit Trail permissions
- Any permission involving the Admin area
- All reporting permissions
Customizing User Masking
The table below lists common user information and how it displays for users without the View User Information permission. You can load new values using the Bulk Translation Tool.
Value | Object Key | With View User Information Permission | Without View User Information Permission |
Display Name |
displayname_mask__v
|
Gladys Dunford | Vault User |
User name |
username_mask__v
|
gladys.dunford | vault.user |
First Name |
givenname_mask__v
|
Gladys | Vault |
Last Name |
surname_mask__v
|
Dunford | User |
email_mask__v
|
gladys.dunford@veepharm.com | vault.user@veeva.com |