Data Assurance Module - Identifying and preventing the accidental deletion of data (TMS versions 8.33.0.0 and below)

Data Assurance Module - Identifying and preventing the accidental deletion of data (TMS versions 8.33.0.0 and below)

DA Module – Background information


The TMS 8 Data assurance module is an optional module that allows you to ensure that your data is kept GDPR-compliant and Employees are deleted in a timely manner following an elapsed period of time in accordance with your company's data policy. Using the Data assurance module, each Leaver is given a date on which to be deleted. This value is held in a field, by default labelled "TMSEMP.DADELETIONDATE" (referred to as Deletion date henceforth). The Auto deletion date field name within WinTMS is used to specify this field name. You can find it on the Data assurance tab of the System preferences:






In the above example, once an Employee is made a leaver, their Deletion date field would be given a date 8 years from the time of leaving (as specified by the two following preferences).


Generally, the Data assurance module is configured by the system administrator, and most users of TMS 8 would be unable to access, view or edit the Deletion date. To access it, a User profile would require access to the Maintain system preferences (normally reserved for the MASTER user), and in turn the DADELETIONDATE field.


Normally, the TMS 8 Processor will do a daily check to see if any users have reached their Deletion date, and delete those that have. Prior to version 8.34.0.0, this was an automatic process unless a daily Job was manually queued on the Processor


Potential issue with Deletion dates


A potential issue has been discovered in TMS 8 that may affect a small number of users. The end result of this issue is an erroneous change of the Deletion date field name to a different field, usually the date of birth (TMSEMP.DOB). This would result in Employees being deleted during the daily Processor jobs, as the date is (hopefully!) past their date of birth.



Cause of the issue


This issue does not affect all users of the Data Assurance module. This will only affect users who have enabled the Data assurance module, make use of the Automatic employee deletion feature, or have a regular repeating job, and have a User with the following permissions in the Maintain user access rights menu:


  1. The user needs to have the Maintain system preferences User access right enabled
  2. The user needs to have restricted access to the DADELETIONDATE Field (i.e. have it disabled in the Field access menu).


With the above settings, if a User opens the System preferences menu of WinTMS, they do not have the Deletion date field available to them. WinTMS would then replace the Deletion date field with a field they do have access to – generally the next alphabetical one (usually TMSEMP.DOB, a field containing an Employee's date of birth).


Once a User clicked OK to exit the System preferences, this new Field would then get saved as the field for the Auto deletion date field name preference. As a result, all new and existing Leavers would then receive their date of birth (or whatever field was next alphabetically) as their Deletion date, causing all leavers to be deleted during the next Processor job that deleted Employees who had reached their Deletion date.


Preventing the issue


This issue is very easy to avoid, and unlikely to affect your system. To ensure it doesn't happen, complete one of the following two solutions:


  1. Upgrade your TMS 8 system to version 8.34.0.0 or later
    TMS 8 version 8.34.0.0 has rectified this issue by preventing TMS 8 from hiding date fields from Users that have reached an area where they cannot see them.
  2. Ensure that any Users with System Preferences rights have access to the DADELETIONDATE field
    If you do not wish to upgrade to version 8.34.0.0, then follow the instructions below to ensure you do not have a User that has the capability of erroneously changing the Deletion date field in TMS 8.



Ensuring your users cannot change the Deletion date field


You will need to check every User profile in WinTMS to ensure that any that have Access rights to the Maintain system preferences also have Field access to your Deletion date field.


Checking if a User profile can access the System preferences


To do this, open the System menu on the WinTMS toolbar and click Maintain users. This will open the Maintain user details window. Click on Profiles in the toolbar:





This will open the Edit profile window. For each User profile on your system, click Modify, then open the Menu rights window:








Look to see if they have the Maintain system preferences Access right enabled (ticked and green). You can find the Maintain system preferences Access right under the TMS tree, then under System:





















Make a note of any User profiles with this enabled.


Enabling the Deletion date Field access


For each User profile with the Maintain system preferences Access right enabled, return to the Edit profile window and click Field rights:




This will open the Field rights menu. Locate your Deletion date field (you can find this in the aforementioned Data assurance tab of the System preferences in WinTMS), and make sure it is enabled for this user. 

Once all users with the User access rights for Maintain system preferences have been given access to the Deletion date field, you will not experience this issue.


Using SQL to identify Users with Access rights


It is also possible to identify User profiles that can cause this issue with a number of SQL queries, which your System administrator may find easier if you have a large number of User profiles


Query 1: Identify the Deletion date field name.


select * from itmsglob where sectionid='HISTORY' and ident='DADELETIONDATEFIELD'


This query will give you the field name for the Deletion date set in your Data assurance module settings. If this quest does not return a value, then the value will be 'TMSEMP.DADELETIONDATE'.


Query 2: Identify User profiles that do not have access to the Deletion date field.


select profile, fieldname, profiletype from userprfr where fieldname='TMSEMP.DADELETIONDATE' and profiletype = 'O'


This query will give you the User profiles that do not have access to view the Deletion date field. When using it, replace 'TMSEMP.DADELETIONDATE' with the correct field name, if your system does not use the default field name.


Query 3: Identified User profiles that have the Maintain system preferences Access right. 


Note: this query will return User profiles that have any System preferences across all of your TMS 8 applications. The issue only occurs for those with access to the WinTMS application. However, this will narrow down the list of User profiles that need to be amended.


select profile, progname, menuitem, profiletype from userprmr where menuitem='ACSYSTEMPREFERENCES' and profiletype='I'



    • Related Articles

    • Data Assurance Module videos

      Activating the Data Assurance Module Custom Data Retention Periods and Applying Them to Employees Delete Sensitive Data Delete Old Data Access Permissions Exports Maintenance Change Employee Data Field
    • Removal of automatic deletion of Employees for the DA module

      Prior to version 8.34.0.0, the Data Assurance module automatically ran a job on the Processor on a daily basis to delete Employees that had reached their Deletion date (the time period specified in the System preferences for WinTMS to remove the data ...
    • TMS 8 Data Assurance Module videos

    • TMS 8 8.32.0.2 General Release Report

      We are pleased to announce the latest general release of TMS 8: version 8.32.0.2!  Please refer to the table below to view a list of the key features introduced for TMS 8. More information about the features can be found in this PDF, plus details on ...
    • TMS 8 8.34.0.1 Release Report

      Note: TMS 8.34.0.0 has been withdrawn, and instead has been replaced by version 8.34.0.1. This version of TMS 8 introduces the following new features: Changes to automated Jobs in the Data Assurance module The Data Assurance module no longer ...