With the deployment of DG6A a change was applied in ctcLink Production to set masking of the Social Security Number on any Search Criteria page where the EMPLID had a Lookup icon available.  This change was applied when it was discovered that the page itself restricted the user to only view records relative to their allowed institution(s), but the Lookup display did not restrict access to data to a specific institution.  The lookup return results pane displayed clear text Social Security Number (SSN) or National Identification (NID) and Date of Birth (DOB) to any user with masking permissions set to allow the display of those fields.

Managing each individual search criteria code was not sustainable for total cost of ownership.  Oracle does provide a delivered feature known as Demographic Data Access (DDA) security that enables PeopleSoft system users to manage the obfuscation of Category 4 data (highly sensitive) holistically within the application.

Per Oracle's published information:

With DDA security, you can mask the display of national ID and birth date data in search records, prompt records, and on the Bio/Demo Data and the Relationships pages if these pages have display-only security. You can mask entire fields, the first five characters of the national ID field, or the year of the birth date field. You can apply masking to one, both, or neither field.  No matter which masking configuration you use, users can search on the entire national ID field.

By applying this fix, using DDA security, all EMPLID lookup features related to Bio/Demo data can be masked, and should apply regardless of future PUM releases granting additional lookup features on any new pages.

At initial release there were concerns raised:

• Change impacted search behavior and staff were not prepared for altering search entry behavior to accommodate for this new masking approach.  
• Partial masking of the DOB impacted user's confidence that the correct record was located, due to the number of students with similar names and close dates of birth.
• Impact of this applied masking on the Student Self-Service page where staff engage in the student experience caused concerns about how this access was distributed to users who had become accustomed to accessing category 4 data.

Because of the above concerns, the initial release was removed, the Working Group (Governance) participated in a lengthy testing exercise and approved a re-release of the DDA security application with no masking on the DOB.  The information in the sections below are intended to address the other concerns raised by our college community.

Fundamental PeopleSoft functionality for pages that contain multiple transactions is to land a user on a Search Criteria page to enter in selection parameters that limit the user's returned set of transactions to a single record, or up to 300 transaction rows at a time.  The majority of Search Criteria pages that allow for searching by EMPLID (or simplified to ID in some pages) will have a Look Up (spy glass) icon, but not every page will.  

When clicking on the EMPLID (or ID) lookup, a pop up window will appear and a set of search criteria fields are displayed allowing a user to narrow do the returned EMPLID results to include a single EMPLID in the page's Search Criteria (see example).  The following are key behaviors of all Search Criteria Look Up panes.

• Any of the listed fields shown in the Advanced Look Up ID pane can be used to narrow down the search to a single EMPLID.
• Search 'operators' can be used to widen the search range (e.g. using 'Contains' rather than 'Begins with').
• Clicking a row below will insert the ID in the search field on the main 'Find an Existing Value' pane to access the specific transaction on the page.

The Student Services Center (Student) page has been a source utilized for staff for viewing student Personal Information.

Navigation: NavBar>Navigator>Campus Community>Student Services Center (Student) 

Users who access the Student Services Center (Student) page to view personal demographic data for students will not see a clear text SSN on this page, even if their masking allows them to view a Clear Text SSN, if they have the ZD CC Personal Info Student role. Only those users who have been granted the ZZ CC Personal Info Student, ZC CC Personal Info Student or ZZ CC Pers Info NID Update role are able to view a clear text SSN and edit the SSN in the various pages where SSN appears within the CS Pillar.

Those users with the security role ZZ CC Person Info-Biogra Stdnt are granted edit rights to the Add/Update page Only.

• Main Menu>Campus Community>Personal Information>Add/Update a Person
  • 15-Add Update/Display Update/Display All Correction