Demo Instructions

In this demo, the Social Security Number can be edited, but is masked when viewed by the node creator demo_user1. This is an industry standard best practice for handling confidential data (see Visa CISP Data Security Standard). The node creator will always have edit privileges, regardless of view private number access permissions.

The user demo_editor has access to the edit node, but does not have view private number privileges. Try editing the node and viewing the HTML source and you will see the Social Security Number value is never shown to the user.

The user demo_admin has access to both view the private number and edit the node. In practice, no user should be able to view all private numbers. Access to the superuser (uid 1) account is not provided in this demo, but it behaves exactly like demo_editor with no view private number privileges.