Security

Schema

The application’s owner schema OHI_<APPLICATION>_OWNER also stores the generated base views. Those base views are not accessible by the OHI_<APPLICATION>_USER schema. Instead they are granted to the OHI_<APPLICATION>_BASE_VIEWS role.

Personal Identifiable Information

The base views do not include any data that contains Personal Identifiable Information (PII).

Both fixed- and dynamic fields that contain are excluded PII:

  • Excluded fixed fields:

    • All foreign key columns referencing insurable entities.

    • All foreign key columns referencing relations of type person

    • A fixed set of relation columns:

      • code

      • first name

      • last name

      • name

      • name partner

      • date of birth

      • The non-address contact detail restrictions (persons table)

    • all database column that may contain PII. This may differ per application:

      • In claims, this category includes all non-matched fields

      • In claims, this included fields in the claim transaction repository

      • The financial subsystem also has a number of fields that may contain PII:

        • The member code of the base financial object

        • The insurable entity code of the financial transaction detail

        • The counterparty code of the financial transaction detail process data

      • Tables with CLOB’s or message like columns that may contain PII in the payload

  • Excluded dynamic fields:

    • Dynamic fields that contain PII can be marked as such by setting the PII? indicator for the dynamic field usage. The base view generator skips dynamic fields with the PII? indicator checked.

    • Record fields also have a PII? indicator. The base view generator skips record fields with the PII? indicator checked as well.

Retrieval auditing

Retrieval auditing is not implemented in the base views.