Personal Identifiable Information Redaction in Logs

In a previous release, the system introduced redaction rules. Implementations use these rules to identify fields that may contain Personal Identifiable Information for their customer data. In this release, the redaction rules are now used to apply to data being written to debug log files.

By default the redaction rules are applied. In a production environment, this setting cannot be turned off. However, in a non-production environment, the setting can be turned off using a Feature Configuration.

When writing logs used for troubleshooting and debugging, any potential personal identifiable information for customers is redacted by default based on redaction rule configuration.

Steps to Enable

You don't need to do anything to enable this feature.

Tips And Considerations

The system uses a property to identify whether an environment is a live production environment or not. For cloud customers, this is set by the development operations team when a customer indicates they are live. For on-premises clients, you should set this property when you are live. Refer to the Framework Administrative User Guide for more information.

If you are in a non-production environment and the data getting written to the logs is not real customer information and you would like to turn off the log redaction, you may turn it off by adding a feature option:

• Go to Admin Menu > General > Feature Configuration.
• Look for an existing Feature Configuration record for the feature type 'General System Configuration'. If one exists, select it. If one does not exist, use the Add button in the page action area to add an entry for this feature type.
• Add an entry in the option type collection for the Option Type "Turn Off Log Redaction" and enter a value of "Y".

Note that only users with the Administrator access mode (F1SU) for the Feature Configuration application service (CILTWSDP) may add this entry.