UAT Overview for Work Package #4 - Masking PII in FSCM {closed}
Purpose: This guide is intended to aid Local Security Administrators and Finance staff engaged in User Acceptance Testing (UAT) the configurations made in the Page and Field Configurator that enable masking of Personally Identifiable Information (PII) in the Financials and Supply Chain Management (FSCM) pillar. These changes impact specific pages in the Accounts Payable (AP), Accounts Receivable (AR), Expenses (EX) and Treasury (TR) modules.
Audience: Local Security Administrators and Finance staff in AP, AR, EX and TR modules.
Issues Reported are now detailed in the Work Package #4 Issues and Resolutions section below.
The Security Administration System Improvement (SASI) Project Information Guide, contains all background details on the requirements and solution design work that lead us to our User Acceptance Testing effort for this new custom ctcLink Security feature.
Overview of Masking of PII Data in FSCM Functionality
To help college testers better understand how the new Masking of PII Data security feature works a Quick Reference Guide (QRG) has also been provided in the ctcLink Reference Center, under the SASI Project Information guide and also below:
Organizational Change Management (OCM) Aids
To support the roll-out of this new feature, the following documents are provided to help engage Finance staff. These communication blocks offer a starting point for drafting initial emails about the upcoming change. If testing assistance is needed, they can also help initiate that conversation.
Testing Information
Monday, October 20, 2025 9:00 am and repeated 3:00 pm
MORNING SESSION:9:00 A.M. Meeting Information:
Meeting Link: https://sbctc.webex.com/sbctc/j.php?MTID=m8f85f5ca8cff75907e58dccc4715f6d4
Meeting number (access code): 2664 401 0798
Meeting password: qKJKsYWy327
Meeting Recording: https://sbctc.webex.com/sbctc/ldr.php?RCID=cde06799776a3222c1ab4843fbca5916
AFTERNOON SESSION: 3:00 P.M. Meeting Information:
Meeting Link: https://sbctc.webex.com/sbctc/j.php?MTID=m6b0f3514efd8e47cc088fd5c3e222ae8
Meeting number (access code): 2664 753 9975
Meeting password: PTkRiZMm792
Meeting Recording: https://sbctc.webex.com/sbctc/ldr.php?RCID=1c29a07346b52d8e54a2eac0d0a77cfb
Join either session by phone:
+1-415-655-0002 US Toll
+1-206-207-1700 United States Toll (Seattle)
Presentation Materials:
Join us for an Open Q&A session regarding the WP#4 UAT
Wednesday, October 22, 2025 1:00pm
Meeting Link: https://sbctc.webex.com/sbctc/j.php?MTID=m245401449ce9d8d90907b9bd47327c0c
Meeting number (access code): 2668 991 0304
Meeting password: ABmVmCMF539
The PQA Environment, where UAT activities are taking place, was refreshed on September 4th, 2025 from Production.
Employee job data and the state of security User Profiles is as of end of business the day before the snapshot, so any changes (onboarding new hires, offboarding separating employees or adjustments to an individual user's security profile made on or after 09/04/2025 will not be in the PQA environment unless replicated there for testing purposes.
To request access to the User Acceptance Test environment (PQA), follow the link below and provide the name, last 4-digits of EMPLID, email, contact phone number and college. Be sure to sign up Local Security Administrators and Finance staff who have the job duty justification to warrant them viewing PII data.
Testing will occur in the PQA environment. Testers will be logging on using their EMPLID. In order to access the impacted pages where the masking feature is applied, testers would need to have one or more of the security roles that enable navigation to these pages.
Impacted User Query:
Run Report in Finance of those with the impacted “Masked” security roles: QFS_SEC_MASKING_USERS_ROLES
- Run “Wide Open” (by Business Unit) and save Excel output.
- Report will display ONLY those with Primary Permission List matching the Business Unit.
- Report will list the “Masked” security role the employee has.
- Will also display IF they have a role that triggers “unmasking” and whether the user also has access to highly sensitive data via Query.
The following security roles are affected (PII field masking) by these changes:
Accounts Payable:
- ZD Accounts Payable Inquiry
- ZD Purchasing Inquiry
- ZZ Supplier Entry
- ZC Supplier Entry
- ZZ Voucher Entry
- ZZ Quick Invoice Entry
- ZZ Voucher Approval
- ZZ_AP_MANAGER
- ZZ_AP_SPECIALIST
- ZZ Payment Creation
Accounts Receivable:
- ZD AR Inquiry
- ZZ AR Apply Payments
- ZZ AR Item Entry
- ZD CC Budget Inquiry
Expenses:
- ZZ Expenses User Admin
Treasury:
- ZD Bank Setup Inq
- ZD General Ledger Inquiry
- ZD Treasury Inquiry
- ZZ GL Local Configuration
- ZZ Treasury Accounting Maint
- ZZ Treasury Approvals
- ZZ Treasury Bank Processing
- ZZ Treasury Maintenance
- ZZ Treasury Processing
- ZZ Treasury Reports
This environment rests behind an OKTA instance and therefore you will be prompted to establish a password during activation.
Login Access Link: https://oktapreview.ctclink.us/
NOTE: If access was already granted, it will be noted in the Google sheet linked above with the word "Granted" - check the google sheet to confirm.
Testers who have already activated themselves in the PQA environment for other testing activities (concurrent UAT activities do occur in this environment) will not be required to re-activate as this is a shared environment for all concurrent UAT activities.
Having Issues Logging In? Contact the Security Team. ([email protected])
Don't Forget: You have the ability to reset your own password in Okta. If encountering password issues, try this first. You might be able to self-help quicker!
Also, if you're struggling after regular service hours, feel free to download the Tester Login Reference Guide (below) to see if the answer you need is in here:
The Test Tracker provided (attached below) allows colleges to plan their testing activities. You can add the Name or EMPLID of each person who will be testing each scenario. The tracker includes the security roles that will be impacted by this change, a place to track the status of each tested navigation and security role combination and also provides the security roles used to 'unmask' a field on that navigation. In most cases there are at least two different security roles that could unmask the data. Test with each of those unmasking roles to ensure both function properly. Record your results in this sheet for a well planned and executed test! You do not have to submit your worksheet upon completion of testing, it is provided simply to help you organize your testing effort.
UPDATED Test Tracker as of 10/22/2025
Issue Resolution During Testing
Still want to submit an issue? Please report your issue via the Service Desk.
Request Type: ctcLink Support > Special Project Activities > SASI Work Group Testing
Subject (begins with): SASI Work Package #4: <add your words...>
Each Issue Will Be Represented by a Title
- Issue Details: Outline of issue reported by another college during testing.
- Research: Security team research notes.
- Resolution: Explanation of the resolution discovered and any retesting needed to validate the solution.
- Issue Details: College submitted a request to modify the Query [QFS_SEC_MASKING_USERS_ROLES] used to identify users impacted by masking.
- Research: Data Services team was able to identify the best source for the addition of the employee name (User Profile Description).
- Resolution: Query has been modified in PQA to now display the employee name.
- Note: The query output now contains two points of PII and therefore should NOT be emailed as an attachment.
- Issue Details: When attempting to test the Expenses Employee Traveler's Profile the Local Security Administrator roles do not allow the LSA to view the Banking tab.
- Research: The reduced access for the LSA was confirmed.
- Resolution: The Test Tracker was updated (see newly attached version) to remove the need for testing using either LSA security role. The roles were removed from this guide under that navigation.
- Issue Details: It was reported by a college that when testing the Voucher Payment and Voucher Regular Entry pages that the masking was not eliminated with the application of either the ZZ Unmask Bank Acct or ZZ Finance PII Data security roles.
- Research: This is due to Oracle applying delivered masking (4 characters visible) to those pages and they are not control by the Page & Field Configurator.
- Resolution: It was determined that there is no need to test the unmasking of those roles. The Test Tracker was updated (see newly attached version to set those tests to N/A.
- Issue Details: It was reported by a college that when testing the Schedule Payment Dispatch search function page, they were able to see other college's bank accounts.
- Research: This is a known issue and has been take up with the Finance Support Team.
- Resolution: After the masking project has concluded, the Finance Support Team plan to continue working on the issue and will send out updates.
External Accounts Pages - Bank Account Not Limited by Business Unit
- Issue Details: Reported the lookup for Bank is not limiting by the user's Business Unit.
- Research: This is a known issue and has been take up with the Finance Support Team.
- Resolution: After the masking project has concluded, the Finance Support Team plan to continue working on the issue and will send out updates.
Oracle Issue Discovered on Enter Transfer Templates - Moved to Phase 2
- Issue Details: Lookup for Bank Account was not masked.
- Research: Attempts to correct masking on Lookup resulted in Bank Account field being "grayed out" and no longer being a field that the user can access. Filed an Oracle Service Request.
- Resolution: This item will be removed from the Phase 1 scope and moved to Phase 2 awaiting a solution from the vendor.
Test Status: Approved for Production
Once colleges have fully completed their User Acceptance Testing and are ready to sign-off the ctcLink Point of Contact will be asked to "sign-off" on behalf of the college.
Link to UAT Sign-Off (MS Form): Sign-Off Survey Form
Sign-Off form is open until Tuesday, October 28, 2025 @7pm
All College Sign-Off Status:
Colleges Confirmed Complete with Sign-Off: ~ Approved for Release to Production
- Bates Technical College
- Bellevue College
- Bellingham Technical College
- Big Bend Community College
- Cascadia College
- Centralia College
- Clark College
- Clover Park Technical College
- Columbia Basin College
- Edmonds College
- Everett Community College
- Grays Harbor College
- Green River College
- Highline College
- Lake Washington Institute of Technology
- Lower Columbia College
- Olympic College
- Peninsula College
- Pierce College District
- Renton Technical College
- SBCTC
- Seattle Colleges
- Shoreline Community College
- Skagit Valley College
- South Puget Sound Community College
- Spokane District
- Tacoma Community College
- Walla Walla Community College
- Wenatchee Valley College
- Whatcom Community College
- Yakima Valley College
Colleges Awaiting Sign-Off:
- none
0 Comments
Add your comment