Seeded Human Resources Analyst/Specialist/Manager roles include the following data security policy to get access to manage employee social security number. Hiding full/part of it is most common ask among Oracle HCM Cloud user community. Oracle already have an enhancement request for this ask (Bug 21534753). This blog post will explain steps to do this.
Removing the following data security policies from a copy of seeded role will remove access to manage field.
Things get complicated, when it needs to show part of it, say for example, last 4 digits of Social for verification purposes.
This requirement can be achived by following these simple steps.
Step#1)
a) Create a Sandbox, navigate to “Manage Person” page, select “Edit pages” option which is available in “Settings and Actions” and select “Site Level” and click OK. Navigate to the seeded filed in Task Flow and edit the field component to uncheck “Show Component” checkbox as shown below.
b) If the requirement is to show last 4 digits of
Social for specific roles, then do not uncheck directly, but use the following
EL expression to conditionally not show this field for specific roles.
#{!securityContext.userInRole['CUSTOM_ROLE1,CUSTOM_ROLE2']}
Step#2)
a) Click “+” icon and select Components -> HTML Markup and select Add. Click edit output text and add the following script in “Value” area. Adjust all other properties as needed to match desired look and feel.
a) Click “+” icon and select Components -> HTML Markup and select Add. Click edit output text and add the following script in “Value” area. Adjust all other properties as needed to match desired look and feel.
<p id="nidCustom"></p>
<script>
var is = "#{row.bindings.NationalIdentifierType.items[row.bindings.NationalIdentifierType.inputValue].label}" + ": XXX-XX-" + "#{row.NationalIdentifierNumber}".slice(-4);
document.getElementById("nidCustom").innerHTML = is;
</script>
<script>
var is = "#{row.bindings.NationalIdentifierType.items[row.bindings.NationalIdentifierType.inputValue].label}" + ": XXX-XX-" + "#{row.NationalIdentifierNumber}".slice(-4);
document.getElementById("nidCustom").innerHTML = is;
</script>
b) If you choose to conditionally set this component field in Step#1a, then make sure to edit “Show Component” for this region to show only for specific roles as shown below.
#{securityContext.userInRole['CUSTOM_ROLE1,CUSTOM_ROLE2']}
Hope you find this useful, comment below to let me know.
Regards
Suresh
Hi Suresh,
ReplyDeleteReally helpful this document. But there are few questions, if you don't mind:
> we have been testing and last 4 digits are hidden for persons having a single SSN or Nat ID - if there are many SSN, Nat IDs the rule does not apply. can you please confirm
> does Nat ID from Person Management search page can be hidden?
Many thanks
Florina Ilie
Oracle Support
Hi Suresh,
ReplyDeleteI tried this but it seems it's not working now. Is there any change in the JS? Thank you! Abul
Greetings,
DeleteWhen I originally wrote this post, it was tested on classic pages. It may not work now on NUX pages.
Suresh