Data Privacy Framework Query Incorrectly Masks Emplid and Returns Error 'You have insufficient access to retrieve this data. (30,15)' if NATIONAL ID is Marked as Sensitive on STDNT_AID_SRCH but EMPLID is not Marked Sensitive
(Doc ID 2813251.1)
Last updated on FEBRUARY 20, 2024
Applies to:
PeopleSoft Enterprise CS Campus Community - Version 9.2 and laterInformation in this document applies to any platform.
Symptoms
When Query Masking is enabled and National ID is marked sensitive under Maintain Data Privacy Settings - e.g. Product = FA-General - for record STDNT_AID_SRCH, there are problems encountered when running simple queries in Query Manager. Note, these problems only occur when authorized user "CS - Administrator" is removed from the logged in user's user profile, prior to running the query. If user "CS - Administrator" remains attached to the logged in user's user profile and the same query is run, nothing is masked, which is the expected result.
First the results of the following query shows the Emplid masked, when it's expected only the NATIONAL_ID should be masked.
The issue can be reproduced with the following steps:
- Login as PS/PS
- Navigate to Enterprise Components> Data Privacy Framework > Maintain Data Privacy Settings
- Search for a product to display relevant records/fields (in this example, enter 'FA' into the Product filter and click Search)
- Select FA-General
- Click Search
- Scroll down to locate the STDNT_AID_SRCH rows
- Enable the 'Sensitive' checkbox for the STDNT_AID_SRCH row.
Record name: STDNT_AID_SRCH
Field name: NATIONAL_ID
Category: Government Identifier
Classification: National Identifier
Product: FA-General - Add Authorized Role under Enterprise Components > Data Privacy Framework > Query Masking > Authorized Roles
Role Name: CS - Administrator
Record Name: STDNT_AID_SRCH
Access Code: Authorized - Navigate to Enterprise Components > Data Privacy Framework > Query Masking > System Settings
- Enable Query masking (Make sure that Enable Query masking is set to Yes)
- Navigate to Enterprise Components > Data Privacy Framework > Query Masking > Run Data Sync
- On Synchronize Data tab, click Run
- Click Process Scheduler link
- Click Refresh button until Status is Success | Posted
- Click Details and go to Message Log --> make sure there's no error.
- Navigate to PeopleTools > Security > User Profiles
- Open User ID = PS
- Go to Roles tab and make sure "CS - Administrator" is in the list of roles attached to the user
- Navigate to Reporting Tools > Query > Query Manager
- Create a new query (e.g. SB_TEST_QRY_MASK) to fetch NATIONAL_ID field, EMPLID and other rows from STDNT_AID_SRCH record
Sample query SQL as follows:
--
SELECT A.EMPLID, A.INSTITUTION, A.AID_YEAR, A.NATIONAL_ID,
FROM PS_STDNT_AID_SRCH A
WHERE ( A.OPRCLASS = 'HCPPALL') - Run the query - it shows the National ID ok but EMPLID is masked. EMPLID is masked.
- Remove the authorized role "CS - Administrator" on logged in user's User Profile's role tab.
- Rerun the query. National ID is masked together with EMPLID. EMPLID is masked.
- Adjust the query to include critera on specific EMPLID. Query SQL should be similar to the following:
--
SELECT A.EMPLID, A.INSTITUTION, A.AID_YEAR, A.NATIONAL_ID
FROM PS_STDNT_AID_SRCH A
WHERE ( A.OPRCLASS = 'HCPPALL'
AND ( A.EMPLID = 'AA0002' )) - Click Run tab
- Error: "You have insufficient access to retrieve this data. (30,15)" is displayed.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |