In the last post we saw how to mask data for sensitive fields in PeopleSoft. However there was an open loophole in this. Even though the user can see the data as masked on PeopleSoft page ,they can still see the data unmasked in PS Query output. To close this gap PeopleSoft has also introduced the functionality of masking sensitive fields in PS Query output in People Tools 8.58.02 . In this post we will see how to setup data masking on PS Query output.
Enable Query Masking
Use the System settings page to enable or disable Query Data Masking.
Navigation : Enterprise Components > Data Privacy Framework > Query Masking > Query Masking System Settings
Authorized Roles for Query Masking
Next we will setup the roles which are authorized to see unmasked data in the PS Query output. The users who have access to these roles can see unmasked data in PS Query output.
Navigation : Enterprise Components > Data Privacy Framework > Query Masking > Query Masking Authorized Roles
You can use this page to add Record & Field combination for which the users should be able to see data masked. I'm using an example of National ID (NATIONAL_ID) field from PERS_NID record and marking it as Authorized. This will allow only user who has HR Administrator role to view the field data unmasked in PS Query output.
Synchronize Data for Fields for Data Privacy Mapping
Use the Synchronize Data page for synchronizing data privacy mappings In Data Privacy Framework with the PeopleSoft Query system and authorized roles and their access to sensitive record fields. PeopleSoft has delivered the Application Engine EODP_QRYMSK is responsible for updating the data privacy mappings.
Navigation: Enterprise Components > Data Privacy Framework > Query Masking > Run Query Masking Data Sync
This completes the steps which has to be done to setup data masking for PS Query output.
Demo
I have created a query on the PERS_NID table and selected National ID (NATIONAL_NID) field and you can see the field is coming as masked in Query output for a normal user who does not have HR Administrator role attached to their User Profile.
No comments:
Post a Comment