Social Security Number Masking

Security settings configured on the Data Display Access window by the System Administrator control rights for groups to view student Social Security Numbers (SSN). All windows and reports except Additional Reports use this SSN functionality.

You can display SSNs in three formats.  The * is the masking character.

All groups must be defined with a particular SSN mask to view the SSN. If you log in and none of the groups of which you are a member has a SSN mask assigned, the SSN will be completely masked.  

Due to the need for producing electronic files, primarily in the J1 Desktop Human Resources module, the SSN security check allows users who can see the entire SSN on the window (i.e., the SSN is not masked for the user) AND have permissions to the Save Rows As function can save the SSN to a file. For any users where the SSN is masked in some way or who do not have permissions to the Save Rows As function, the SSN will not be saved to the file.

A priority is also assigned to each defined group. Groups with less stringent SSN access should be at the top of the list, and groups with the most stringent access should be at the bottom of the list. Assigning priorities allow users who are members of more than one group to view the SSN based on the mask of the highest priority group (i.e., top of list).

In addition to masking SSN in columns, you should also add group security to columns where a SSN search can take place. Jenzabar recommends that you add security restrictions in the following three situations:

·       ID Number column in all windows: If a user has any restricted permissions and enters a SSN without dashes, do not automatically retrieve the record with the matching SSN.

·       ID Number column in all windows: If a user has any restricted permissions and enters a SSN with dashes, do not display the search drop-down list populated with records matching the SSN; instead, display a message telling the user they do not have permissions.

·       SSN column, Advanced Name Search window: If a user has any restricted permissions, disable the SSN column so that they cannot search on SSN and display the SSN with the mask after finding matching records.

Additional Notes

·       Users with limited SSN viewing should also be prevented from using the Customize button and the Customize Form menu option. This button and menu option takes the user directly to InfoMaker where they can run their own queries.

·       Changes to the mask do not affect users who are already logged in. The change takes effect the next time the user logs in to the module.

·       If there are no asterisks (*) in the mask (Security Value), the formatting is ignored and the SSN displays as usual. In other words, missing or extra dashes in the mask are ignored.

·       If a user is a member of a group that is listed in the EX_DATA_DISPLAY_ACCESS table with restricted permissions AND a group that is not included in the table (which by default does not restrict permissions), the permissions defined in the table are used. The default permissions for the non-listed group are ignored.

·       Some printed forms and reports that display the SSN will never display the mask. If a user with restricted access to the SSN attempts to print one of these forms or reports, the following message is displayed: "You do not have the appropriate SSN security access to print this form/report. Please see an administrator to update the permissions for your group or ask a user with full access to the SSN to print this form/report." The printed forms/reports that never display the mask include the following: