Field level security needed for OTBI subject area analysis reporting

Donna Curtis

Organization Name

Clayton Homes Inc.

Description

When creating an analysis using a Subject area in OTBI reporting, there are fields that may contain PII data that need to be secure.  If someone has access to the entire Subject area, they can pull any data associated to that area regardless of whether they should have access to it or not.  There is no way to secure any of the data in a Subject area once it is accessible.  Since there is much needed additional data that is not PII, removing the subject area completely is not necessarily the best option.  Reporting needs to happen but security for specific fields needs to be available also.

Use Case and Business Need

The Supplier Tax ID can contain social security numbers for a supplier that could be a person/employee type supplier.  Therefore, this field can be considered PII data.  Since a user has access to the Supplier – Real Time subject area to run reports associated to the Suppliers and their data, they have access to the Tax ID and other fields, such as Supplier Bank Accounts.  Supplier Bank Account information is already masked, so that PII data is secured already, but the Tax ID field is not.  Any user with the subject area of Supplier – Real Time can pull a report containing the Tax ID field for a supplier and therefore have access to social security numbers for suppliers that are employees or people.  This field needs to be secured for specific individuals.

There are also fields within the HCM Subject areas that can be viewed as PII data as well, and as such, should be secured for certain individuals also.  These fields should be secured in the same way that reports/folders are secured within OTBI.  Any field a company determines should be secure should have the ability to allow for security.

Original Idea Number: 9c9888babc