One of the key functionalities of SAP Dynamic Authorization management, is to provide finer-grained access control. When we talk about finer-grained access control, we are talking about the functionality to make access controls decisions, one level deeper than what standard roles can reach.
- TransactionalData access controls
- Tab/View Level access controls
- Field level Data access controls
For the purpose of this discussion, let’s see why we need field level access controls.
When we speak to our prospect, we hear over and over that the reason why they are denying users for access to certain transactions is that there is a sensitive piece of information in one of the fields. SAP standard rolesdo not control data at the field level and customization is not the route the prospect want to take.
SAP Dynamic Authorization management Field Level controls helps control the data at the domain level, so irrespective of where the field is pulled from the data is scrambled or Masked and can only be viewed by users with the right attributes( Applying ABAC principles) and it is independent of the UI the data is pulled from.
Sample SAP DAM ABAC policy for securing Netvalue in Sales Order:
With SAP Dynamic Authorization Management, we can take into consideration limitless conditions to make access control decisions even at field level. So next time if there is a complex security requirement, you know that there is a GRC product SAP DAM that would easily be able to handle the requirement.
How it works, Please refer to the link below for SAP DAM solution brief