In this article, we will look into how the mask the email address in non-production environments. This will avoid any workflow emails being sent over from a Non-production instance.
With every P2T or P2D refresh, the actual work emails will get loaded into the Dev/Test instance unless you are using Oracle’s Data Masking subscription (Doc ID 2092389.1) which does the email masking along with masking other business objects.
Table of Contents
What is covered and what is not in Oracle Data Masking Subscription?
Masking objects:
- Person Name
- DOB
- Address
- NID – will be removed completely
- Phone #
- Contacts details
- DOR
- Ethnicity
Masking Objects Not Applied with Oracle service:
- Person’s Gender
- Highest Education Level
- Marital Status.
- Assignment details
- Salary details
- Individual Compensation details
- Compensation Change Statements
- All element entries
- Performance Documents
- Goals details
For the ones which are not masked, we can create our own HDL scripts to mask. Refer Doc ID 2216828.1
Suppress the Notifications from POD:
To suppress emails (Approval Notifications):
BPM Worklist-> “Application preferences”
Set Notification Mode to None – that way, no employees will get notifications if you are testing workflow.
Also, Under Tools -> Security Console -> Administration
Notification Preferences – Uncheck enable notifications (these are notifications for when passwords are reset and other similar activities)
Sometimes, for testing the under-development items (Approvals, Checklists, Candidate Hiring, etc) we will have to enable the notifications and unless the work emails are updated for employees we don’t have any other way to stop the notifications from being sent over to employees.
Data Masking of Work Email Addresses
Masking the Work Email Addresses of employees is the best way to suppress any notifications to be sent over to employees. We need to do this activity immediately post P2T/P2D refresh.
We can use the HCM Data Loader (HDL) to update the work email for all employees. We cannot modify the Work email for an employee from the Person Management screen. We can do it from Security Console and a scheduled process will sync it up with the Person Management screen.
SQL Query to get the HDL file to update Work Email
WITH data_query AS (
SELECT
email_address_id,
person_id,
EMAIL_ADDRESS
FROM
per_email_addresses
WHERE email_type = 'W1'
and sysdate between date_from and NVL(date_to,sysdate)
--AND person_id in (select person_id from per_all_people_f where person_number in ('<Person List>')
) SELECT
'METADATA|PersonEmail|EmailAddressId|PersonId|EmailAddress'
FROM
dual
UNION ALL
SELECT
'MERGE|PersonEmail|'
|| email_address_id
|| '|'
|| person_id
|| '|'
|| substr(EMAIL_ADDRESS, 1, instr(EMAIL_ADDRESS,'@',1)-1 ) || '@invalid.com'
--|| '[email protected]'
FROM
data_queryThe above query will fetch all employees work email and replace any company email with invalid.com
Ex: Sric[email protected] to [email protected]
Sample Output:
METADATA|PersonEmail|EmailAddressId|PersonId|EmailAddress
MERGE|PersonEmail|300000008564452|100000000482509|[email protected]
MERGE|PersonEmail|300000008564488|100000000482510|[email protected]
MERGE|PersonEmail|300000008564662|100000000482516|[email protected]Save the output as Worker.dat and zip this file and upload the file on the Import and Load Data Screen under My Client Groups > Data Exchange.
Post Processing:
Once the HDL load is complete, we need to run the scheduled process/ESS Job “Send Personal Data for Multiple Users to LDAP” from Tools > Scheduled Processes navigation.
After the process runs to success, the work email on Person Management and Security Console should be in sync. And any notifications triggered to work email will be suppressed as the work email is invalid.
Hope this helps.
If you like the content, please follow us on LinkedIn, Facebook, and Twitter to get updated with the latest content.
