Many HR systems, such as Visma Enterprise and Unit4 ERP (Agresso), support bulk data import, whereby the access management system receives a complete dump of all information for all active employees. This can pose a security risk, as the data set may contain sensitive information such as salary details, union membership, or information about dependents.
Based on customer feedback, the system now includes functionality to filter and transform data sets from HR source systems. It is now possible to filter out specific data elements before the import file is transferred to the access management system and made available in the user interface. This ensures that only relevant data is processed, which improves data security and reduces the risk of data leaks.
How It Works: Using XSLT
The filtering and transformation process uses XSLT (Extensible Stylesheet Language Transformations). This is a standard language for transforming XML documents. By applying an XSLT stylesheet to the incoming HR data file, you can precisely control which data is retained, removed, or modified.
The XSLT file is added to the XSLT HR Transform field in the Import HR configuration in eADM. Please note that the customer must be running the new version of the eADM client for this to work.
Example: Filtering Sensitive Information
The following XSLT example demonstrates how to remove common sensitive data elements from an import file. The script first sets up an "identity template" that copies all data by default, and then adds specific empty templates to match and effectively remove unwanted elements such as salary and dependent information.
XML
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="basicSalary"/>
<xsl:template match="yearlySalary"/>
<xsl:template match="fixedTransactions"/>
<xsl:template match="taxDetails"/>
<xsl:template match="bankDetails"/>
<xsl:template match="pension"/>
<xsl:template match="dependents"/>
</xsl:stylesheet>
Advanced Use: Transforming Data
Note: Using a custom XSLT during the import process not only removes unwanted elements but also allows for comprehensive transformations of the data itself.
This provides the flexibility to modify the data structure within the files and adapt them to specific customer needs and requirements. Whether you need to change field values, reformat data, or aggregate information in new ways, XSLT provides the tools to do so.
Example: Restructuring Data Fields
You can use transformation logic to clean up or restructure data. For example, you could implement logic that:
-
Moves a phone number from the "Work Mobile" field to the "Private Mobile" field if the "Private Mobile" field is empty.
-
Replaces an employee's home address with the address of their assigned department.
Summary of Benefits
This upgrade significantly improves how source data is handled. Filtering and transforming data before it is imported into the IAM system offers the following benefits:
-
Increased Efficiency: The system processes only the necessary data.
-
Enhanced Security: It eliminates the transfer and storage of unnecessary and potentially sensitive data.
-
Reduced Risk: It minimizes the risk of errors and data leaks.
-
Tailored Data Handling: It enables a more customized data setup that supports the organization's specific needs and local system configurations.