...
Data Class → | Generally Available (Green) | Confidential (Yellow) | Restricted (Red) |
|---|---|---|---|
Audience | All data access roles (not public) | Dean/Division Leader Role | Reporting and Compliance Roles (University-wide access as needed) Others must provide justification for use |
Identified data | Reporting and Compliance Roles (University-wide access) | ||
Types of Data | •Name •Title (fac/staff) / Level (students) •HR Title (fac/staff) •Department / Program •Supervisor •Campus •Pronouns (user provided) •Email address •Affiliations (faculty/staff/student/...) •Classification (temp, post doc, RA, staff/grade, faculty) | •Compensation •Course registrations •Age range (..., 25-35, 36-45, …) •Financial transaction data •Leave/return dates •Service dates •Space assignments •Grant proposals and awards •Enrollment status •Home address •Local address •Alum/donor name/contact info •Citizenship | •Race/ethnicity •Gender identity •Religion •PHI •Marital status •Date of birth •Benefit selections •Admissions decisions (before release) •Grades •Alum/donor gift history •Social security number •Driver’s license number •Passport number •Visa/Citizenship info |
Tags, policies and roles have been added for Confidential and Restricted in the dev environment for testing. Ultimately, roles will exist in Grouper where their membership can be managed.
...
| Code Block |
|---|
select
*
from test.security_test
context('impersonate_roles'='rls_data_strategy,rlscls_iam,restricted_dob'); |
...
Multiple department roles, restricted and implied confidential access
...