Understanding Restricted Data

Understanding Restricted Data

by on ‎04-27-2017 07:02 PM (514 Views)

This article covers the attribute property Restricted Data. This property is used to identify Attributes that contain data that should be omitted from UDH services that send data out of the system, such as 3rd party Connectors or DataAccess.

In this article:

Table of Contents Placeholder

What is Restricted Data?

In general terms, Restricted Data refers to any attribute containing data that is:

  • ✔ private or personal
  • ✔ protected by privacy laws
  • ✔ subject to controlled access

By default, Attributes are not restricted and may flow through to a variety of destinations. Attributes are made available to services, such as EventDB, as well as 3rd party Connectors. Attributes have a property called Restricted Data that, when checked, will prevent that attribute from being included in processes that send data out of the UDH. Attribute enrichments are not affected.


Not all services honor Restricted Data. For details, please read the section How Restricted Attributes are Handled.

Identifying Restricted Attributes

Identifying a Restricted Attribute is easy: simply check the Restricted Data checkbox of the Attribute that you want to restrict access to. This checkbox is available to Attributes of all scopes.


For security purposes, the Visitor ID Attribute is always marked as Restricted. This cannot be changed.

How Restricted Attributes Are Handled

The following services honor Restricted Attributes:

  • EventStore/EventDB

    By default, Restricted Attributes are omitted from incoming Streams. This behavior can be changed in the settings for each Stream. For more info see Live Event and Streams.

  • Data Layer Enrichment

    By default, Restricted Attributes are omitted, meaning they are not available to be enriched in your Data Layer. When the Tealium Collect Tag sends out a request for the latest visitor profile AudienceStream returns Attributes that are not restricted. There behavior cannot be changed.

The following services are not affected by Restricted Attributes:

  • AudienceStore/AudienceDB

    By default, Restricted Attributes are always included, whether they are sent to AudienceDB or exported using the AudienceStore Connector. This behavior cannot be changed.

  • Connectors (including Webhook)

    By default, Restricted Attributes are always included, whether you are sending them to the vendor through mappings or as part of the visitor profile. This behavior cannot be changed.

    A warning message will appear if your Connector request contains one or more Restricted Attributes.


  • Marking an Attribute as Restricted informs us that its contents are protected and need to be securely handled. Restricted Attributes are automatically omitted from the select Tealium services that honor it.
  • EventStore, EventDB, and Data Layer Enrichment services honor Restricted Data. With EventStore/EventDB, you have the ability to include Restricted Attributes.
  • AudienceStore, AudienceDB, and Connectors do not honor Restricted Data. These services will include Restricted Attributes; you cannot change it.
  • Restricted Attributes are available to all Enrichments.