Restricted data
How to set up additional data protections for an app
Could not find section content. File does not exist: content/altinn-studio/guides/development/restricted-data/shared/style.css.md
Introduction
Restricted data refers to information requiring additional protection, such as personal, confidential, or classified data.
You can read more about the concept here.
Configuring Maskinporten
You must configure Maskinporten to allow the app to perform actions on behalf of the service owner.
You can find a detailed guide on that setup here.
Configuring the data types
The applicationmetadata.json file defines all data types in an application. Here, you specify which actions are required for your restricted data type.
In this example, we configure a new data type, specifying the actionRequiredToRead and actionRequiredToWrite properties, and disabling autoCreate. We use the identifier restrictedDataModel, though the name itself is not significant.
Could not find section content. File does not exist: content/altinn-studio/guides/development/restricted-data/shared/Applicationmetadata.json.md
restrictedDataModel data element with a user’s authorization token will result in a 403-Forbidden error.Configuring the authorization policy
Using the default policy.xml file as a starting point, modify rule #2 to grant the new custom actions to bearers of a service owner token.
Could not find section content. File does not exist: content/altinn-studio/guides/development/restricted-data/shared/Policy.xml.md
Interacting with the restricted data
Since the restrictedDataModel is not automatically created or attached to the user’s normal data flow, you must implement all relevant logic manually.
In this section we’ll create a service that helps us interact with the restricted data, before demonstrating how we can create, modify, and read restricted data elements in a normal app flow.
Helper service
To simplify authorization and interaction with the restricted data model, we can create a helper service to handle this complexity.
Could not find section content. File does not exist: content/altinn-studio/guides/development/restricted-data/shared/RestrictedDataHelper.cs.md
This service can then be registered in Program.cs and injected wherever you need it.
Could not find section content. File does not exist: content/altinn-studio/guides/development/restricted-data/shared/Program.cs.md
Writing data
As mentioned, we need to manually create the data element when the application enters the Task_1 process step.
To do this, use the UpdateOrCreateData method from the RestrictedDataHelper service.
The following example implements this logic in the IProcessTaskStart interface, fetching information from a fictional API and storing it in the restricted data model. This information remains unavailable to the user but can be retrieved later by the app.
Could not find section content. File does not exist: content/altinn-studio/guides/development/restricted-data/shared/ProcessTaskStartHandler.cs.md
Reading data
In the following code, we have created an implementation of the IDataWriteProcessor interface, where we perform a fictional tax calculation. This calculation requires information we previously stored in the restricted data model, so we use RestrictedDataHelper.GetOrCreateData to retrieve it.
Could not find section content. File does not exist: content/altinn-studio/guides/development/restricted-data/shared/DataWriteHandler.cs.md