UAT Overview for Work Package #4 - Masking PII in FSCM
Purpose: This guide is intended to aid Local Security Administrators and Finance staff engaged in User Acceptance Testing (UAT) the configurations made in the Page and Field Configurator that enable masking of Personally Identifiable Information (PII) in the Financials and Supply Chain Management (FSCM) pillar. These changes impact specific pages in the Accounts Payable (AP), Accounts Receivable (AR), Expenses (EX) and Treasury (TR) modules.
Audience: Local Security Administrators and Finance staff in AP, AR, EX and TR modules.
Issues Reported are now detailed in the Work Package #4 Issues and Resolutions section below.
The Security Administration System Improvement (SASI) Project Information Guide, contains all background details on the requirements and solution design work that lead us to our User Acceptance Testing effort for this new custom ctcLink Security feature.
Monday, October 20, 2025 9:00 am and repeated 3:00 pm
MORNING SESSION:9:00 A.M. Meeting Information:
Meeting Link: https://sbctc.webex.com/sbctc/j.php?MTID=m8f85f5ca8cff75907e58dccc4715f6d4
Meeting number (access code): 2664 401 0798
Meeting password: qKJKsYWy327
Meeting Recording: https://sbctc.webex.com/sbctc/ldr.php?RCID=cde06799776a3222c1ab4843fbca5916
AFTERNOON SESSION: 3:00 P.M. Meeting Information:
Meeting Link: https://sbctc.webex.com/sbctc/j.php?MTID=m6b0f3514efd8e47cc088fd5c3e222ae8
Meeting number (access code): 2664 753 9975
Meeting password: PTkRiZMm792
Meeting Recording: https://sbctc.webex.com/sbctc/ldr.php?RCID=1c29a07346b52d8e54a2eac0d0a77cfb
Join either session by phone:
+1-415-655-0002 US Toll
+1-206-207-1700 United States Toll (Seattle)
Presentation Materials:
Join us for an Open Q&A session regarding the WP#4 UAT
Wednesday, October 22, 2025 1:00pm
Meeting Link: https://sbctc.webex.com/sbctc/j.php?MTID=m245401449ce9d8d90907b9bd47327c0c
Meeting number (access code): 2668 991 0304
Meeting password: ABmVmCMF539
Overview of Masking of PII Data in FSCM Functionality
To help college testers better understand how the new Masking of PII Data security feature works a Quick Reference Guide (QRG) has also been provided in the ctcLink Reference Center, under the SASI Project Information guide and also below:
Access to the UAT Environment
The PQA Environment, where UAT activities are taking place, was refreshed on September 4th, 2025 from Production.
Employee job data and the state of security User Profiles is as of end of business the day before the snapshot, so any changes (onboarding new hires, offboarding separating employees or adjustments to an individual user's security profile made on or after 09/04/2025 will not be in the PQA environment unless replicated there for testing purposes.
To request access to the User Acceptance Test environment (PQA), follow the link below and provide the name, last 4-digits of EMPLID, email, contact phone number and college. Be sure to sign up Local Security Administrators and Finance staff who have the job duty justification to warrant them viewing PII data.
Testing will occur in the PQA environment. Testers will be logging on using their EMPLID. In order to access the impacted pages where the masking feature is applied, testers would need to have one or more of the security roles that enable navigation to these pages.
Impacted User Query:
Run Report in Finance of those with the impacted “Masked” security roles: QFS_SEC_MASKING_USERS_ROLES
- Run “Wide Open” (by Business Unit) and save Excel output.
- Report will display ONLY those with Primary Permission List matching the Business Unit.
- Report will list the “Masked” security role the employee has.
- Will also display IF they have a role that triggers “unmasking” and whether the user also has access to highly sensitive data via Query.
The following security roles are affected (PII field masking) by these changes:
Accounts Payable:
- ZD Accounts Payable Inquiry
- ZD Purchasing Inquiry
- ZZ Supplier Entry
- ZC Supplier Entry
- ZZ Voucher Entry
- ZZ Quick Invoice Entry
- ZZ Voucher Approval
- ZZ_AP_MANAGER
- ZZ_AP_SPECIALIST
- ZZ Payment Creation
Accounts Receivable:
- ZD AR Inquiry
- ZZ AR Apply Payments
- ZZ AR Collections
- ZZ AR Item Entry
- ZD CC Budget Inquiry
Expenses:
- ZZ Expenses User Admin
Treasury:
- ZD Treasury Inquiry
- ZD Treasury Local Config Inq
- ZZ Treasury Accounting Maint
- ZZ Treasury Approvals
- ZZ Treasury Bank Processing
- ZZ Treasury Local Config
- ZZ Treasury Maintenance
- ZZ Treasury Processing
- ZZ Treasury Reports
- ZZ Treasury Workcenter
This environment rests behind an OKTA instance and therefore you will be prompted to establish a password during activation.
Login Access Link: https://oktapreview.ctclink.us/
NOTE: If access was already granted, it will be noted in the Google sheet linked above with the word "Granted" - check the google sheet to confirm.
Testers who have already activated themselves in the PQA environment for other testing activities (concurrent UAT activities do occur in this environment) will not be required to re-activate as this is a shared environment for all concurrent UAT activities.
Having Issues Logging In? Contact the Security Team. ([email protected])
Don't Forget: You have the ability to reset your own password in Okta. If encountering password issues, try this first. You might be able to self-help quicker!
Also, if you're struggling after regular service hours, feel free to download the Tester Login Reference Guide (below) to see if the answer you need is in here:
Organizational Change Management (OCM) Aids
To support the roll-out of this new feature, the following documents are provided to help engage Finance staff. These communication blocks offer a starting point for drafting initial emails about the upcoming change. If testing assistance is needed, they can also help initiate that conversation.
Test Navigation List with Test Details
Test Scenario Tracker
The Test Tracker provided (attached below) allows colleges to plan their testing activities. You can add the Name or EMPLID of each person who will be testing each scenario. The tracker includes the security roles that will be impacted by this change, a place to track the status of each tested navigation and security role combination and also provides the security roles used to 'unmask' a field on that navigation. In most cases there are at least two different security roles that could unmask the data. Test with each of those unmasking roles to ensure both function properly. Record your results in this sheet for a well planned and executed test! You do not have to submit your worksheet upon completion of testing, it is provided simply to help you organize your testing effort.
UPDATED Test Tracker as of 10/22/2025
Test Details & Navigation
To Verify Masking During Testing:
- Masked View: Navigate to the relevant page using a security role with access to view the page with masking enabled. This can be done by assigning the role to yourself or asking a finance staff member with Production access that has that role. Testers without PII access should perform this initial pass to confirm data is masked.
- Unmasked View: Apply a role that unblocks specific field types (e.g., SSN or bank account numbers) and confirm the data is visible. Only testers authorized to view PII should perform this step using one of the following roles:
- ZZ FS Unmask SSN
- ZZ Finance PII Data
- ZZ FS Unmask Bank Acct
Some of these pages may be less frequently used, therefore a link to a Quick Reference Guide (QRG) that details how to search for and engage with the page is provided.
This test isn't about completing the transaction per the QRG, but using it to navigate to the page and confirm that fields are correctly masked or unmasked:
- In the Search Criteria Lookups (prompt table).
- In the Search Results returned.
- In the specific fields on the page when viewing and adding a new value via Lookup (prompt table).
Issue Resolution During Testing
Still want to submit an issue? Please report your issue via the Service Desk.
Request Type: ctcLink Support > Special Project Activities > SASI Work Group Testing
Subject (begins with): SASI Work Package #4: <add your words...>
Each Issue Will Be Represented by a Title
- Issue Details: Outline of issue reported by another college during testing.
- Research: Security team research notes.
- Resolution: Explanation of the resolution discovered and any retesting needed to validate the solution.
- Issue Details: College submitted a request to modify the Query [QFS_SEC_MASKING_USERS_ROLES] used to identify users impacted by masking.
- Research: Data Services team was able to identify the best source for the addition of the employee name (User Profile Description).
- Resolution: Query has been modified in PQA to now display the employee name.
- Note: The query output now contains two points of PII and therefore should NOT be emailed as an attachment.
- Issue Details: When attempting to test the Expenses Employee Traveler's Profile the Local Security Administrator roles do not allow the LSA to view the Banking tab.
- Research: The reduced access for the LSA was confirmed.
- Resolution: The Test Tracker was updated (see newly attached version) to remove the need for testing using either LSA security role. The roles were removed from this guide under that navigation.
- Issue Details: It was reported by a college that when testing the Voucher Payment and Voucher Regular Entry pages that the masking was not eliminated with the application of either the ZZ Unmask Bank Acct or ZZ Finance PII Data security roles.
- Research: This is due to Oracle applying delivered masking (4 characters visible) to those pages and they are not control by the Page & Field Configurator.
- Resolution: It was determined that there is no need to test the unmasking of those roles. The Test Tracker was updated (see newly attached version to set those tests to N/A.
Test Status
Once colleges have fully completed their User Acceptance Testing and are ready to sign-off the ctcLink Point of Contact will be asked to "sign-off" on behalf of the college.
Link to UAT Sign-Off (MS Form): Sign-Off Survey Form
Sign-Off form will be open Monday, October 20, 2025 until Monday, October27, 2025 @7pm
Colleges Confirmed Complete with Sign-Off:
- none
Colleges Awaiting Sign-Off:
- Bates Technical College
- Bellevue College
- Bellingham Technical College
- Big Bend Community College
- Cascadia College
- Centralia College
- Clark College
- Clover Park Technical College
- Columbia Basin College
- Edmonds College
- Everett Community College
- Grays Harbor College
- Green River College
- Highline College
- Lake Washington Institute of Technology
- Lower Columbia College
- Olympic College
- Peninsula College
- Pierce College District
- Renton Technical College
- SBCTC
- Seattle Colleges
- Shoreline Community College
- Skagit Valley College
- South Puget Sound Community College
- Spokane District
- Tacoma Community College
- Walla Walla Community College
- Wenatchee Valley College
- Whatcom Community College
- Yakima Valley College
0 Comments
Add your comment