Report to audit which roles are granted full SSN access across modules

• Permission to view SSN appears to be role access only. Is there an easy way to audit which roles are granted full SSN access without drilling in to each one?
• We would like information on how to mask social security numbers for all of the modules that grant the permissions.

• Permission
• System access audit
• RBAC 

Informational

• The ability to restrict SSN access is managed at the Role permissions access level. A built in report is not available that provides list of all roles, that grants a given permission in Munis
• For users in System Admin, using the reporting views will provide a report for a group of desired permissions. The script below is specific for reporting SSN access for Payroll, General Billing and Accounts Payable modules:

--SELECT DISTINCT
--a_role_key,
--a_top_mod_code,
--mt_top_module_desc,
--a_permission_key,
--pd_permission,
--rp_value
--FROM sp_role_permission
--WHERE pd_permission in ('View SSNs','Access to customer SSNs','Partial SSN', 'View SSN on reports')
--order by a_role_key

• A pdf report can also be run in the Roles program by following the instructions provided here: 
  • Report for all users, their assigned roles and permissions as a PDF
  • RBAC - Roles report

See also: List of all Roles that grant a permission in Munis