Jan 12, 2019

Oracle HCM Cloud: How to hide full/part of Social Security Number (SSN)



Seeded Human Resources Analyst/Specialist/Manager roles include the following data security policy to get access to manage employee social security number. Hiding full/part of it is most common ask among Oracle HCM Cloud user community. Oracle already have an enhancement request for this ask (Bug 21534753). This blog post will explain steps to do this.


Removing the following data security policies from a copy of seeded role will remove access to manage field. 




Things get complicated, when it needs to show part of it, say for example, last 4 digits of Social for verification purposes.




This requirement can be achived by following these simple steps.

Step#1) 

a) Create a Sandbox, navigate to “Manage Person” page, select “Edit pages” option which is available in “Settings and Actions” and select “Site Level” and click OK. Navigate to the seeded filed in Task Flow and edit the field component to uncheck “Show Component” checkbox as shown below.





b) If the requirement is to show last 4 digits of Social for specific roles, then do not uncheck directly, but use the following EL expression to conditionally not show this field for specific roles.

#{!securityContext.userInRole['CUSTOM_ROLE1,CUSTOM_ROLE2']}





Step#2)

a) Click “+” icon and select Components -> HTML Markup and select Add. Click edit output text and add the following script in “Value” area. Adjust all other properties as needed to match desired look and feel.






<p id="nidCustom"></p>

<script>
var is = "#{row.bindings.NationalIdentifierType.items[row.bindings.NationalIdentifierType.inputValue].label}" + ": XXX-XX-" + "#{row.NationalIdentifierNumber}".slice(-4);
document.getElementById("nidCustom").innerHTML = is;
</script>


b) If you choose to conditionally set this component field in Step#1a, then make sure to edit “Show Component” for this region to show only for specific roles as shown below.

#{securityContext.userInRole['CUSTOM_ROLE1,CUSTOM_ROLE2']}



Hope you find this useful, comment below to let me know.

Regards
Suresh


3 comments:

  1. Hi Suresh,
    Really helpful this document. But there are few questions, if you don't mind:
    > we have been testing and last 4 digits are hidden for persons having a single SSN or Nat ID - if there are many SSN, Nat IDs the rule does not apply. can you please confirm
    > does Nat ID from Person Management search page can be hidden?

    Many thanks
    Florina Ilie
    Oracle Support

    ReplyDelete
  2. Hi Suresh,
    I tried this but it seems it's not working now. Is there any change in the JS? Thank you! Abul

    ReplyDelete
    Replies
    1. Greetings,
      When I originally wrote this post, it was tested on classic pages. It may not work now on NUX pages.

      Suresh

      Delete