Friday Feature - SSN Permission Setup
As discussed last week, Escape Online supports masking social security numbers. This week we are going to talk about the underlying user permissions that make the privacy protection as easy as 1-2-3.
Let's walk through a set of permissions for an HR User for an employee's SSN.
The first level of privacy protection is at the role level. Escape Online uses roles to give a standard set of permissions to a group of users. They are intuitive and easy to apply. For the HR module, there are quite a few roles, as you can see below. I highlighted the roles, including the HR User, that automatically get edit permissions to the SSN in the Employee record, allowing these users to enter and update employee records as part of their daily tasks. Any of these roles can be excluded on a wholesale basis. More often than not, though, the exclusion is defined at the user level, as needed for the individual's duties.
The second level of privacy protection is at the tab level. Escape Online uses tabs to organize information within a record. For example, the Employee record has an employee tab, assignment tab, seniority tab, you get the picture. These tabs can be assigned to edit and read only permissions (or not assigned at all, which means the tab is hidden for that user). As we can see below, our sample user has edit permission to the Employee tab of the Employee record.
The third level of privacy protection is tied to the SSN field. So far, this user is going to have complete access to the SSN, but that is not what we want for this user. We want this user to be able to update demographic information, but not view or edit the employee's social security number. So, we define this user's activity-task permission to Allow=NO.
That's the philosophy of Escape Online: only enter the exceptions. All the other users have the standard access, but this user, this exception, does not, and in three easy steps, we defined the exact access this user needs, protecting the privacy and securing the SSN.
That's beyond standard, that's exceptional!