Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UI Data Protection - Role based masking scenario in BP

AmitKrSingh
Advisor
Advisor
‎09-09-2019 10:31 AM

Introduction


In this blog post, we will learn how to mask “Account Number” of Business Partners in transaction BP.

A PFCG Role will be used for the authorization check which will allow users with the specified role to view the field value. If a user does not have this role, it means the user is not authorized and data will be protected either through masking, clearing, or disabling the field.

The end result for unauthorized users will look like below:


Prerequisite


Product “UI data protection masking for SAP S/4HANA” is used in this scenario to protect sensitive data at field level and must be installed in the S/4HANA system.

The product is a cross-application product which can be used to mask/protect any field in SAP GUI, SAPUI5/SAP Fiori, CRM Web Client UI, and Web Dynpro ABAP.

Let's begin


Configuration to achieve masking


Logical Attribute is a functional modelling of how any attribute such as Social Security NumberBank Account NumberAmountsPricing informationQuantity etc. should behave with masking.

Configure Logical Attribute – Follow the given path:


SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Maintain Metadata Configuration -> Maintain Logical Attributes

Bank Account Number



Maintain Field Level Security and Masking Configuration


Here, we will define how masking will behave with the logical attribute that we created in above step.
Follow the given path:

SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Data Protection Configuration -> Maintain Field Level Security and Masking Configuration
Follow below mentioned steps:


  • Click on “New Entries” button

  • Enter “Sensitive Entity” as “LA_BANKACCT” and press “Enter” key. “Description” and “Application Module” will get populated in corresponding fields

  • Check “Enable Configuration” check-box

  • Select “Role Based Authorization” option

  • Enter “PFCG Role” as “ZTEST”. In this example, we have used a blank role “ZTEST”. Customers can use any role as per their requirement.

  • Enter “Field Level Action” as “MASK_FIELD

  • Click on “Save” button



Maintain Technical Address


In this step, we will associate the Technical Address of the fields to be masked with the Logical Attributes.

You can get the Technical Address of a GUI field by pressing “F1” on the field.


Follow the given path:

SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Maintain Metadata Configuration -> Maintain Technical Address
Follow below mentioned steps:

Under “GUI Table Field Mapping”, maintain technical address for following fields.

  • Click on “New Entries” button

  • Enter “Table Name” as “BUSBANKCHECK

  • Enter “Field Number” as “BANKN

  • Enter “Logical Attribute” as “LA_BANKACCT

  • Enter “Description” as “Bank Account

  • Click on “Save” button

  • Click on “Mass Configuration” button which is required to generate technical addresses for Module Pool Programs



Conclusion


In this blog post, we have learnt how Role-based masking is achieved for “Bank Account Number” field in transaction BP.
Labels:
4 Comments
Labels in this area
Popular Blog Posts