Confidential Records
You can mark sensitive GRC records as confidential by setting the confidential option for a record. By doing this action, you can ensure that only certain users or users from specific user groups can access these confidential records.
Property to be Enabled :
A new option Enable record level confidentiality is available under GRC properties at the record level to enable confidentiality. The Enable record level confidentiality property is turned off by default. When it is enabled, it can't be turned off again.
How?
Application Scope : GRC: Profiles
Navigate to sys_properties.LIST >sn_grc.enable_record_confidentiality > Edit the "Value" to "true":
Roles Required
sn_grc.confidential_user
Users with the GRC confidential user (sn_grc.confidential_user) role can access the confidential records. This role is for the users who are not GRC users but who want to access the GRC confidential records.
Users who have access and who are named in the record continue to have access to the record with the existing GRC role.
Testing If Confidentiality tab is visible or not for a record:
Let's take an example of a Issue, Navigate to Policy and Compliance > Issues > All Issues> Open any Record> You can see a additional Confidentiality tab :
Once you Check on confidentiality Checkbox, you can find 2 other options populates, which are Allowed users and Allowed Groups:
What are these Options?
Allowed users list: When a record is marked as confidential, only the users in the Allowed users list have access to the record. A user who is listed in the Allowed users list should either have read access to the record or have the sn_grc.confidential_user role to access the confidential records.
The logged-in user who enables the Confidential option gets auto-populated in the Allowed users list. The user who enables the Confidential option on the tab is auto-appended to the Allowed users list by default. Those users with write access to the record can unlock and update the Allowed users list.
Allowed groups list: When a record is marked as confidential, only the users that are listed in the Allowed groups list have access to the record. Those users with write access to the record can unlock and update the Allowed groups list.
Users who don't have the GRC user role but are listed in the Allowed users list or Allowed groups list can be assigned with the sn_grc.confidential_user role to access the confidential records.
Confidentiality is supported on the following tables.
What's Latest with Tokyo Release?
Now with Tokyo Release you can create a confidentiality configuration record in your GRC tables.
Before you begin the confidentiality configuration on your table, you must create three new columns in the table that you want to enable confidentiality in.
| Type | Comments | Example column name | Description |
|---|---|---|---|
| Boolean | Confidential | u_confidential | Flag that marks or unmarks whether a field is confidential. |
| List, Reference to sys_user table | Allowed users | u_allowed_users | Field that contains the list of users who can access the confidential record. |
| List, Reference to sys_user_group table | Allowed groups | u_allowed_groups | Field that contains the list of user groups who can access the confidential record. |
Who can create ?
User having sn_grc.admin role can.
How?
Navigate to and click New:
Once you click on New , You will see the below Form :
NOTE : Please remember and don't forget to create three new columns for Confidential, Allowed users and Allowed Groups, else you won't be able to Select anything on the above form.
Once you Check on "Auto Populate " , Two more Fields starts displaying , namely Populate allowed users from and Populate allowed groups from, see below :
What are these Fields does or means ?
Refer to this DOC : Confidentiality configuration form
If you have found this Blog Helpful anyway and you could add something to your knowledge today, Please Mark it Helpful and Let me know what you liked or need to improve by a comment .
Thanks,
Sandeep
19 Comments
