Return to Navigation

Applying Demographic Data Access Security

To set up demographic data access (DDA) security, use the Demographic Data Access component (PERS_MSK_CFG) and the Demographic Data Access process component (RUNCTL_MSK_CFG).

This section provides overviews of DDA security and setting up DDA security, and discusses how to:

With DDA security, you can mask the display of national ID and birth date data in search records, prompt records, and on the Bio/Demo Data and the Relationships pages if these pages have display-only security. You can mask entire fields, the first five characters of the national ID field, or the year of the birth date field. You can apply masking to one, both, or neither field. No matter which masking configuration you use, users can search on the entire national ID field.

Note: To enhance the flexibility of masking for the National ID and birth date in Search/Match functionality, see Search/Match display options. National ID and birth date data are not masked in queries and reports.

See Understanding Search/Match

See Setting Up Search/Match

To apply DDA security, you define masking configurations for all primary permission lists and assign a primary permission list to each user ID as part of his or her User Profile.

For example, suppose a primary permission list assigned to a user ID is named ALLPANLS. You might not want national IDs to appear throughout the system for this permission list, but you do want partial birth dates to appear. You would access the Demographic Data Access setup page and insert a row for the ALLPANLS permission list. In that row, you would configure the system to both mask the entire national ID and display a partial birth date field (masking the year).

You must then run the Demographic Data Access (MSK_CFG) process to replace data in the masking configuration table with the masking configuration that you defined. The new configuration will be applied to each user to whom that permission list is assigned.

In the example, after running the Demographic Data Access process, each user whose primary permission list is ALLPANLS will not see national IDs on search pages or prompts, but they will see the birth month and day where birth dates appear. The masking configuration for the primary permission list to which a user is assigned also controls how national ID and birth date data appear on the Bio/Demo Data page (SCC_BIO_DEMO_PERS) and the Relationships page (RELATIONSHIPS) throughout the system.

Note: The national ID and the birth date fields appear masked on the Biographical Details page and the Relationships page only for users who have security set to show the pages in display-only mode. If a user has more than one permission list and, therefore, has both add/update and display-only access to a masked page, then the least restrictive setting (add/update) takes precedence, and masking is not applied.

To set up DDA security, you must assign a primary permission list to each user ID, grant administrative access to components for managing DDA, and define masking configurations for each primary permission list.

Note: All Campus Solutions search records and prompts depend on DDA security. Therefore, you must assign a primary permission list to each user, even those who do not need the national ID and the birth date fields masked. In the latter case, set the masking configurations in the primary permission list for both the National ID and the Date of Birth to Display entire field.

Page Name

Definition Name

Navigation

Usage

General

USER_GENERAL

select PeopleTools, then select Security, then select User Profiles, then select User Profiles, then select General

Assign a primary permission list to a user ID.

Pages

ACL_MENU2

select PeopleTools, then select Security, then select Permissions & Roles, then select Permission Lists, then select Pages

Grant access to new components for managing DDA masking configurations for each primary permission list.

Grant access to new Student components for users that should prompt only against Students.

Demographic Data Access (setup)

PERS_MSK_CFG

select Set Up SACR, then select Security, then select Secure Student Administration, then select Permission List, then select Demographic Data Access, then select Demographic Data Access

Define masking configurations for primary permission lists.

Demographic Data Access (run control)

RUNCNTL_MSK_CFG

select Set Up SACR, then select Security, then select Secure Student Administration, then select Process, then select Demographic Data Access, then select Demographic Data Access

Initialize the primary permission list configuration for all primary permission lists assigned to users.

See PeopleTools: Security Administration

Access the Demographic Data Access (setup) page (select Set Up SACR, then select Security, then select Secure Student Administration, then select Permission List, then select Demographic Data Access, then select Demographic Data Access).

Image: Demographic Data Access (setup) page

This example illustrates the fields and controls on the Demographic Data Access (setup) page. You can find definitions for the fields and controls later on this page.

Demographic Data Access (setup) page

Important! Each time you make changes to the Demographic Data Access page, you must run the DDA process to apply the changes.

Configure Primary Permission List

Field or Control

Definition
Set As Default

Select to assign this masking configuration to all permission lists used as primary permission lists.

When selected, the Primary Permission List field becomes unavailable.
Primary Permission List

Insert a row for each primary permission list that requires a masking configuration different than the default masking configuration.

When you run the process, the system applies this masking configuration to all users to whom this primary permission list is assigned.
Mask National ID

Enter the configuration to use for national IDs. Values are Display entire field, Display partial field, and Mask entire field.

If you display a partial field, the system masks the first five characters of the national ID field.

These translate values should not be modified.

Mask Birthdate

Enter the configuration to use for birth dates. Values areDisplay entire field, Display partial date, and Mask entire field.

If you display a partial date, the system masks the year and displays month and day in the default date format for each birth date field.

These translate values should not be modified.

Access the Demographic Data Access (run control) page (select Set Up SACR, then select Security, then select Secure Student Administration, then select Process, then select Demographic Data Access, then select Demographic Data Access).

Image: Demographic Data Access (run control) page

This example illustrates the fields and controls on the Demographic Data Access (run control) page. You can find definitions for the fields and controls later on this page.

Demographic Data Access (run control) page

You must run the DDA process (MSK_CFG) to apply changes made on the Demographic Data Access (setup) page and to apply the default masking configuration to any newly created, newly assigned primary permission list whose masking configuration is not otherwise defined.

Note: The process applies the masking configuration only for permission lists that are used as "primary" permission lists. Therefore, if you assign a User ID a primary permission list that was not used as the primary the last time the DDA process was run, you will need to run the process again.