Redacting Sensitive HR and Payroll Fields
You can control access to fields that could be used for identity theft, such as national insurance number, date of birth, driving licence, passport/visa, bank account number, and verification document ID number. Users that do not have full access to the fields see all or part of the field redacted, that is, replaced by asterisks (*) or question marks (?).
For each field that can be redacted, there is a corresponding control function, which begins %D. The user’s access to that function determines whether they can see the data in that field.
To set this up, you need to restrict access to:
The ADD or UPDATE of the primary functions related to the restriction.
The functions that correspond to the sensitive fields.
COINS recommends that you maintain access at the group level and not by user.
For example, to restrict access to National ID, Date of Birth, Passport, and Bank Account information for all regions you would first remove access to the add and update functions relating to Employee Maintenance:
Go to System > User Maintenance > Groups.
Search for the functions listed below and select them.
%WP69200BEMPA,%WPR0200BEMPA,%WPR1200BEMPA,%WPR2200BEMPA,%WPR3200BEMPA,%WP69200BEMPU,%WPR0200BEMPU,%WPR1200BEMPU,%WPR2200BEMPU,%WPR3200BEMPU,%WPR9200SEMPU,%WPR0200SEMPU,%WPR1200SEMPU,%WPR2200SEMPU,%WPR3200SEMPU
In the action menu, choose Set Access to No and click Apply Action.
Then, still in Groups, remove access to the fields:
Search for the functions listed below and select them.
%Demployee.ni-no,%Demployee.d-o-b,%Demployee.emp_taxid,%Demployee.bank-ac,%Demployee.emp_IBAN,%Demployee.emp_payslip_pwd,%Demployee.emp_spousedob,%Demployee.emp_passport,%Demployee.soc-ac,%Demployee.emp_taxfilenum
In the action menu, choose Set Access to No and click Apply Action.
You can redact all the date of birth and national insurance number fields by controlling access to the “domain” functions: %Ddomain.d-o-b and %Ddomain.ni-no.
Employee Fields
The following fields can be redacted by restricting access to the corresponding control function.
Field Name | Description | Control Function |
ni-no | National Insurance Number | %Demployee.ni-no |
d-o-b | Date of Birth | %Demployee.d-o-b |
emp_taxid | Tax ID | %Demployee.emp_taxid |
bank-ac | Bank Account | %Demployee.bank-ac |
emp_IBAN | IBAN | %Demployee.emp_IBAN |
emp_payslip_pwd | Password for Payslips | %Demployee.emp_payslip_pwd |
emp_spousedob | Spouse Date of Birth | %Demployee.emp_spousedob |
emp_passport | Passport | %Demployee.emp_passport |
soc-ac | Society Account Number | %Demployee.soc-ac |
emp_taxfilenum | Tax File Number | %Demployee.emp_taxfilenum |
bank-sort | Bank Account Sort Code | %Demployee.bank-sort |
emp_swift | SWIFT Bank Identifier Code | %Demployee.emp_swift |
Access to the Add (-A) and Update (-U) versions of any of the following functions gives the user permission to see the real value stored in the fields; access to these should be restricted.
Function | Description |
%WP69200BEMP | Employee Maintenance |
%WPR9200SEMP | Employee Maintenance |
%WPR0200BEMP | Weekly Employee Maintenance |
%WPR0200SEMP | Weekly Employee Maintenance |
%WPR1200BEMP | Monthly Employee Maintenance |
%WPR1200SEMP | Monthly Employee Maintenance |
%WPR2200BEMP | 2-Weekly Employee Maintenance |
%WPR2200SEMP | 2-Weekly Employee Maintenance |
%WPR3200BEMP | 4-Weekly Employee Maintenance |
%WPR3200SEMP | 4-Weekly Employee Maintenance |
Personnel Fields
The following fields can be redacted by restricting access to the corresponding control function.
Field Name | Description | Control Function |
ppo_ni_no | National Insurance Number | %Dpp_organisation.ppo_ni_no |
ppo_dob | Date of Birth | %Dpp_organisation.ppo_dob |
por_UAE_ID | Emirates ID (UAE) | %Dpp_organisation.por_UAE_ID |
ppo_drv_licence | driving licence No | %Dpp_organisation.ppo_drv_licence |
por_drv2_licence_st | Licence State of Second Driver | %Dpp_organisation.ppo_drv2_licence |
por_passport_num | Passport Number | %Dpp_organisation.por_passport_num |
por_res_VISA_num | Residency Visa Number | %Dpp_organisation.por_res_VISA_num |
por_VISA_num | Visa number | %Dpp_organisation.por_VISA_num |
ppo_accno | Account Number | %Dpp_organisation.ppo_accno |
ppo_branch | Branch Name | %Dpp_organisation.ppo_branch |
Access to the Add (-A) and Update (-U) versions of any of the following functions gives the user permission to see the real value stored in the fields; access to these should be restricted.
Function | Description |
%WHR2100BPOR | Personnel Workbench |
%WHR2100SPOR | Personnel Summary |
%WHR2180BPOR | Personnel |
%WHR2181BPOR | By Job Title |
%WHR2183SPOR | Personnel Detail |
SMP Employee Fields
The following field can be redacted by restricting access to the corresponding control function.
Field Name | Description | Control Function |
qry_partner_nino | National Insurance Number | %DSMPEmployee.qry_partner_nino |
Access to the Add (-A) and Update (-U) versions of the following function gives the user permission to see the real value stored in the fields; access to it should be restricted.
Function | Description |
%WPR209SQRY | Parental Pay Input - Summary |
PR Extra Pay Fields
The following field can be redacted by restricting access to the corresponding control function.
Field Name | Description | Control Function |
pxp_acct | Account Number | %Dpr_xpay.pxp_acct |
Access to the Add (-A) and Update (-U) versions of any of the following functions gives the user permission to see the real value stored in the fields; access to these should be restricted.
Function | Description |
%WES2000BPXP | Extra Account Details |
%WMES2000BPXP | Extra Account Details |
%WMES2000SPXP | Extra Account |
%WPR200BPXP | Extra Account Details |
Job Applicant Fields
The following fields can be redacted by restricting access to the corresponding control function.
Field Name | Description | Control Function |
ppt_dob | Date of Birth | %Dpp_applicants.ppt_dob |
seq_passid | Passport ID | %Dpp_applicants.seq_passid |
seq_passedate | Passport Expiry Date | %Dpp_applicants.seq_passedate |
seq_passidate | Passport Issue Date | %Dpp_applicants.seq_passidate |
Access to the Add (-A) and Update (-U) versions of any of the following functions gives the user permission to see the real value stored in the fields; access to these should be restricted.
Function | Description |
%WHR2240BSEQ | Application Collection Workbench |
%WHR2240SSEQ | Application Collection Workbench |
Expenses Employee Fields
The following fields can be redacted by restricting access to the corresponding control function.
Field Name | Description | Control Function |
exp_ni-no | National Insurance Number | %Dex_employee.exp_ni-no |
eee_iban | IBAN | %Dex_employee.eee_iban |
exp_bank-ac | Bank Account | %Dex_employee.exp_bank-ac |
exp_soc-ac | Society Account Number | %Dex_employee.exp_soc-ac |
bank-sort | Bank Account Sort Code | %Dex_employee.bank-sort |
eee_swift | SWIFT Bank Identifier Code | %Dex_employee.eee_swift |
Access to the Add (-A) and Update (-U) versions of the following function gives the user permission to see the real value stored in the fields; access to it should be restricted.
Function | Description |
%WEX2000BEEE | Expenses Employees |
Contacts Fields
The following fields can be redacted by restricting access to the corresponding control function.
Field Name | Description | Control Function |
pqy_NINO | National Insurance Number | %Dpp_orgtypes.pqy_NINO |
ppt_dob | Date of Birth | %Dpp_orgtypes.ppt_dob |
pqy_dlno | driving licence Number | %Dpp_orgtypes.pqy_dlno |
pqy_visano | Visa Number | %Dpp_orgtypes.pqy_visano |
pqy_ppno | Passport Number | %Dpp_orgtypes.pqy_ppno |
Access to the Add (-A) and Update (-U) versions of any of the following functions gives the user permission to see the real value stored in the fields; access to these should be restricted.
Function | Description |
%WHRBPPZ1 | Accident Witnesses |
%WHRBPQY | Contacts |
%WHRBPQY2 | Correspondence |
%WHRBPQY3 | Emergency Contacts |
%WMES2000BPQY | Emergency Contacts |
%WMES2000SPQY | Emergency Contacts |
%WMES2001BPQY | Emergency Contacts |
%WMES2001SPQY | Emergency Contacts Aus |
%WMES2010BPQY | Spouse/dependant |
%WMES2010SPQY | Spouse dependant |
%WPR1010BPQY | dependant/Spouse |
User Fields
The following field can be redacted by restricting access to the corresponding control function.
Field Name | Description | Control Function |
sur_mobile | Mobile phone number from user record | %Dsysuser.sur_mobile |
Enrolments Fields
The following field can be redacted by restricting access to the corresponding control function.
Field Name | Description | Control Function |
hen_dob | Date of Birth | %DPP_PLANENROLL.hen_dob |
Access to the Add (-A) and Update (-U) versions of any of the following functions gives the user permission to see the real value stored in the fields; access to these should be restricted.
Function | Description |
%WHR2160BHEN | Benefits |
%WHR2400BHEN | Contact Enrolments |
%WPR0205BHEN | Holiday Plans |
ACA 1095-C Fields
The following field can be redacted by restricting access to the corresponding control function.
Field Name | Description | Control Function |
ahd_ssn | National Insurance Number | %dpr_1095c.ahd_ssn |
Access to the Add (-A) and Update (-U) versions of the following function gives the user permission to see the real value stored in the fields; access to it should be restricted.
Function | Description |
%WPR1060BAHD | Non-employee COBRA Covered Individuals |
ACA Covered Individuals Fields
The following fields can be redacted by restricting access to the corresponding control function.
Field Name | Description | Control Function |
acv_ssn | National Insurance Number | %dpr_acacovered.acv_ssn |
acv_dob | Date of Birth | %dpr_acacovered.acv_dob |
Employment Verification Fields
The following fields can be redacted by restricting access to the corresponding control function.
Field Name | Description | Control Function |
pev_docIDnum | Document ID Number | %Dpp_employver.pev_docIDnum |
pev_licenseNumber | driving licence | %Dpp_employver.pev_licenseNumber |
Access to the Add (-A) and Update (-U) versions of the following function gives the user permission to see the real value stored in the fields; access to it should be restricted.
Function | Description |
%WHR205BPEV | Employment Verifications |
W-2 Fields
The following field can be redacted by restricting access to the corresponding control function.
Field Name | Description | Control Function |
pw2_ssn | National Insurance Number | %dpr_w2file.pw2_ssn |
Access to the Add (-A) and Update (-U) versions of the following function gives the user permission to see the real value stored in the fields; access to it should be restricted.
Function | Description |
%WPR4001BPW2 | W-2 File Maintenance |