Query Data Masking

New in PeopleTools 8.58 is the ability to mask data within queries. Since BI Publisher reports and pivot grids are driven from queries, this masking capability also extends to those functions.

First, your organization must identify who can and cannot see sensitive data. Delivered in the demo environment, we’ll look at the PS administrator and DREESE roles.

Navigation: Enterprise Components > Data Privacy Framework > Query Masking > Authorized Roles

Anyone assigned an administrator User ID PS role would be authorized to access the birthdate and marital status.

Since the DREESE role is not an administrator, anyone assigned this role would not be able to access those same fields.

When creating a query, we should expect to see masking for DREESE and no masking for PS. 

Let’s first look at the PS role. We will create a query using the PERSON and PERS_DATA_EFFDT tables.

Running the query for User PS, we see no masking.

Now running the same query, let’s look at DREESE.

You can see that User DREESE has masking under MAR STATUS and BIRTHDATE as defined.

It is important to note if we run the same query and include other sensitive data that an HR Administrator role is not specifically authorized to view, that data will also be masked. Here we can include the gender identification for role PS. You will see it is masked.

Data masking in query can be a powerful tool to secure sensitive data in an efficient manner.

Here is a link to PeopleSoft apps blog on how to setup query masking. Click here to read our prior blog on advanced query security: 

If you would like any additional information, contact me at larry.zagata@miproconsulting.com.