Today we will see how Data Masking works in PeopleSoft HCM and how to implement it. PeopleSoft HCM provides row-level security so that only authorized users can see employee data intended for them. But there is no way to control access for specific field for which have sensitive information like SSN etc. PeopleSoft has provided configurations to mask sensitive content on a page so that they are visible only to Authorized users.
The feature was introduced in Image 28 and allows to data masking only for below mentioned Sensitive fields.
Bank Account Number
Date of Birth
National ID
Driver’s License Number
Passport Number
Following are the steps to be followed for implementing Data Masking .
1) Setup Data Masking on PeopleSoft Installation table.
Check if the Enable Masking checkbox is checked on the installation table HCM Options page. This checkbox should be checked to enable Data Masking.
Navigation : Setup HCM > Installation Table > HCM Options
2) Setup Authorized Role who can view the sensitive data. For a user who wants to see the sensitive information the role should be attached to their User Profile. We will consider an example of National ID field for our example.
Navigation : Setup HCM > Security > Data Masking > Authorized Roles
You can use your custom role on this Authorized Role page ,we will use HR Administrator for our example.
3) Next step is to Setup Component Level Masking, on this page you can enable or disable data masking at PeopleSoft component level . The page will list all the components which are preconfigured for data masking . We will consider PERSONAL DATA component for our example. Click on Masking Parameters to view details for the field.
Navigation : Setup HCM > Security > Data Masking > Setup Component level Masking
You can select the Masking format for the field on this page, the default is 'XXXX' .
Masking Format(refer below) can be used to vary the way the National ID is displayed for the end user.
Similarly Number fields and Date fields have different Data Masking formats.
Note:
Try logging in as a User who doesn't have our Authorized security role HR Administrator. The user will see the National ID as masked .The number of characters masked will differ with the Default Mask Format used on the Setup Component Level Masking page.
In the similar way ,we can configure masking for date fields (e.g. Date of Birth) ,Number fields (Bank account, Passport number) etc.
For additional information ,you can always refer to the People Books link below
In the coming posts we will see how to mask data for any field using Page and Field Configurator and implement data masking in PS Query outputs.
