Background on PeopleSoft Security Masking Changes

 
Masking UAT
 
PEOPLESOFT SECURITY
 
Shelia Sloan
July 2022
 
AGENDA
 
Background
Masking Changes on 4/24/22
New Masking Changes July 2022
Demo
Q&A
 
2
 
BACKGROUND
 
Masking as Delivered by Oracle traditionally is controlled by the Primary
permission list of the user.
CTC_PT_MASK_NONE
CTC_PT_MASK_ALL
CTC_PT_MASK_PARTIAL
CTC_PT_MASK_SSN
This delivered method 
only masks social security number and date of
birth
, and doesn’t consider other level 4 data elements.
This method also only works on the search look up pages, not on the
main pages themselves.
Once the user is drilled down to the main page, oracle doesn’t mask the
SSN/DOB unless the user has read only access via a security role to
enforce masking.
This can be an interruption to daily business processes as some users need to
update the data, but not be able to see the SSN.
 
3
 
BACKGROUND (CONTINUED)
 
Prior to April, here were the settings for the Primary Permission Lists.
CTC_PT_MASK_NONE – Could See FULL SSN and DOB on look up pages
CTC_PT_MASK_ALL – SSN and DOB Fully Masked on look up pages
CTC_PT_MASK_PARTIAL – Partial SSN and Partial DOB displayed on look up pages
CTC_PT_MASK_SSN – SSN Fully masked and DOB unmasked on look up pages.
Also once they drilled down to the page itself if they had a ZZ or ZC role,
the SSN and DOB was fully unmasked even with Mask All.
If they had a ZD role, the SSN/DOB was masked.
 
4
 
MASKING CHANGES 4-24-22
 
In April the settings for the Primary Permission Lists were changed.
CTC_PT_MASK_NONE – 
SSN Fully Masked
/ DOB visible on look up pages
CTC_PT_MASK_ALL – 
SSN and DOB Fully Masked
 on look up pages
CTC_PT_MASK_PARTIAL – 
SSN Fully Masked 
and Partial DOB displayed on look up
pages
CTC_PT_MASK_SSN – 
SSN Fully masked 
and DOB visible on look up pages.
Still once they drilled down to the page itself, if they had a ZZ or ZC role,
the SSN and DOB were fully unmasked.
If they had a ZD role, the SSN/DOB were masked.
 
5
 
WHY THE CHANGE IN APRIL
 
Not all pages are delivered to be secured by business unit.
SBCTC has enhanced this feature by introducing security
views on the pages to secure them by business
unit/institution.  There were many out of the box that were
not, and SBCTC has made tremendous progress over the
years updating them and enhancing data protection. We are
narrowing down the list released 50 more in the month of
March. Our next batch has been developed and should be
released in late July, early August.
The Masking Changes that went in during April, help protect
SSN/DOB information on the lookup pages themselves.
 
6
 
WHERE WE ARE GOING
 
The out-of-box delivered masking solution is not adequate.  Oracle
delivered a new tool for masking that will allow us to not only mask
SSN/DOB on the lookup pages, but it also will allow masking for ALL data
4 level elements on the drill down pages themselves, not matter what
type of role the user has.
Users will then be able to have update roles to change data if they need
to, and have the SSN/DOB masking in effect as well as the other
elements.  This will significantly enhance the protection of PII data and
not interrupt business processes.
We will release this in batches.  The first batch of navigations have
passed the development phase and system integration testing(SIT).
Welcome to UAT
 
7
 
ADD/UPDATE A PERSON SEARCH PAGE - EXAMPLE OF USER WITH
CTC_PT_MASK_ALL PERMISSION LIST
 
8
 
ADD/UPDATE A PERSON PAGE - EXAMPLE OF BEFORE
MASKING SOLUTION CHANGES
 
User with ZZ/ZC role:  Once the land on the drill down page, even with
MASK ALL, they can still see PII Data.
 
9
 
ADD/UPDATE A PERSON PAGE - EXAMPLE OF AFTER
MASKING SOLUTION CHANGES
 
User with ZZ/ZC role:  Once the land on the drill down page, Now with
MASK ALL, Mask SSN and Mask Partial, they can see masked PII Data.
 
10
 
WHAT ARE THE LEVEL FOUR ELEMENTS
 
Social Security Number
Date of Birth
Bank Account
Drivers License
Visa Work Permit Number
Net Pay
Garnishments
Accommodations
Disability
Password
Credit Card Number
Sexual Orientation
Gender Identity
Immunization Information
 
 
 
11
 
DEMO
 
12
 
QUESTIONS AND FEEDBACK
 
Questions?
Feedback?
Any Parking Lot issues
 
THANK YOU FOR ATTENDING
Slide Note
Embed
Share

The content discusses the traditional masking methods in Oracle's PeopleSoft security, changes made to primary permission lists in April, and the impact on SSN and DOB masking. It highlights the importance of securing data by business unit and the progress made by SBCTC in enhancing data protection. The changes implemented in April aim to protect SSN and DOB information on lookup pages.

  • PeopleSoft
  • Security
  • Masking Changes
  • Oracle
  • Data Protection

Uploaded on Jul 13, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. PEOPLESOFT SECURITY Masking UAT Shelia Sloan July 2022

  2. AGENDA Background Masking Changes on 4/24/22 New Masking Changes July 2022 Demo Q&A 2

  3. BACKGROUND Masking as Delivered by Oracle traditionally is controlled by the Primary permission list of the user. CTC_PT_MASK_NONE CTC_PT_MASK_ALL CTC_PT_MASK_PARTIAL CTC_PT_MASK_SSN This delivered method only masks social security number and date of only masks social security number and date of birth birth, and doesn t consider other level 4 data elements. This method also only works on the search look up pages, not on the main pages themselves. Once the user is drilled down to the main page, oracle doesn t mask the SSN/DOB unless the user has read only access via a security role to enforce masking. This can be an interruption to daily business processes as some users need to update the data, but not be able to see the SSN. 3

  4. BACKGROUND (CONTINUED) Prior to April, here were the settings for the Primary Permission Lists. CTC_PT_MASK_NONE Could See FULL SSN and DOB on look up pages CTC_PT_MASK_ALL SSN and DOB Fully Masked on look up pages CTC_PT_MASK_PARTIAL Partial SSN and Partial DOB displayed on look up pages CTC_PT_MASK_SSN SSN Fully masked and DOB unmasked on look up pages. Also once they drilled down to the page itself if they had a ZZ or ZC role, the SSN and DOB was fully unmasked even with Mask All. If they had a ZD role, the SSN/DOB was masked. 4

  5. MASKING CHANGES 4-24-22 In April the settings for the Primary Permission Lists were changed. CTC_PT_MASK_NONE SSN Fully Masked SSN Fully Masked/ DOB visible on look up pages CTC_PT_MASK_ALL SSN and DOB Fully Masked SSN and DOB Fully Masked on look up pages CTC_PT_MASK_PARTIAL SSN Fully Masked SSN Fully Masked and Partial DOB displayed on look up pages CTC_PT_MASK_SSN SSN Fully masked SSN Fully masked and DOB visible on look up pages. Still once they drilled down to the page itself, if they had a ZZ or ZC role, the SSN and DOB were fully unmasked. If they had a ZD role, the SSN/DOB were masked. 5

  6. WHY THE CHANGE IN APRIL Not all pages are delivered to be secured by business unit. SBCTC has enhanced this feature by introducing security views on the pages to secure them by business unit/institution. There were many out of the box that were not, and SBCTC has made tremendous progress over the years updating them and enhancing data protection. We are narrowing down the list released 50 more in the month of March. Our next batch has been developed and should be released in late July, early August. The Masking Changes that went in during April, help protect SSN/DOB information on the lookup pages themselves. 6

  7. WHERE WE ARE GOING The out-of-box delivered masking solution is not adequate. Oracle delivered a new tool for masking that will allow us to not only mask SSN/DOB on the lookup pages, but it also will allow masking for ALL data 4 level elements on the drill down pages themselves, not matter what type of role the user has. Users will then be able to have update roles to change data if they need to, and have the SSN/DOB masking in effect as well as the other elements. This will significantly enhance the protection of PII data and not interrupt business processes. We will release this in batches. The first batch of navigations have passed the development phase and system integration testing(SIT). Welcome to UAT 7

  8. ADD/UPDATE A PERSON SEARCH PAGE - EXAMPLE OF USER WITH CTC_PT_MASK_ALL PERMISSION LIST 8

  9. ADD/UPDATE A PERSON PAGE - EXAMPLE OF BEFORE MASKING SOLUTION CHANGES User with ZZ/ZC role: Once the land on the drill down page, even with MASK ALL, they can still see PII Data. 9

  10. ADD/UPDATE A PERSON PAGE - EXAMPLE OF AFTER MASKING SOLUTION CHANGES User with ZZ/ZC role: Once the land on the drill down page, Now with MASK ALL, Mask SSN and Mask Partial, they can see masked PII Data. 10

  11. WHAT ARE THE LEVEL FOUR ELEMENTS Social Security Number Date of Birth Bank Account Drivers License Visa Work Permit Number Net Pay Garnishments Accommodations Disability Password Credit Card Number Sexual Orientation Gender Identity Immunization Information 11

  12. DEMO 12

  13. QUESTIONS AND FEEDBACK Questions? Feedback? Any Parking Lot issues THANK YOU FOR ATTENDING CC BY 4.0, except where otherwise noted.

More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#