Skip to Content
Event Information
Author's profile photo Amit Kumar Singh
Amit Kumar Singh
September 24, 2019 5 minute read

UI Data Protection – Role based masking scenario in Product application of CRM WebClient UI

Introduction

In this blog post, we will learn how to mask “Product ID”, “Product Name“, “Price“, “Currency“, “Business Partner ID“, and “Company” fields of Product application in CRM WebClient UI.

PFCG Role will be used for the authorization check which will allow users with the specified role to view the field value. If a user does not have this role, it means the user is not authorized and data will be protected either through masking, clearing, or disabling the field.

The end result for unauthorized users will look like below:

Prerequisite

Product “UI data protection masking for SAP S/4HANA” is used in this scenario to protect sensitive data at field level and must be installed in the S/4HANA system.

The product is a cross-application product which can be used to mask/protect any field in SAP GUISAPUI5/SAP FioriCRM WebClient UI, and Web Dynpro ABAP.

Let’s begin

Configuration to achieve masking

Logical Attribute is a functional modelling of how any attribute such as Social Security NumberBank Account NumberAmountsPricing informationQuantity etc. should behave with masking.

Configure Logical Attribute – Follow the given path:

SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Maintain Metadata Configuration -> Maintain Logical Attributes

Maintain Field Level Security and Masking Configuration

Here, we will define how masking will behave with the logical attribute that we created in above step.

Follow the given path:

SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Data Protection Configuration -> Maintain Field Level Security and Masking Configuration

Follow below mentioned steps:
  • Click on “New Entries” button
  • Enter “Sensitive Entity” as “LA_BPID” and press “Enter” key. “Description” and “Application Module” will get populated in corresponding fields
  • Check “Enable Configuration” check-box
  • Select “Role Based Authorization” option
  • Enter “PFCG Role” as “/UISM/PFCG_ROLE”. In this example, we have used a blank role “/UISM/PFCG_ROLE”. Customers can use any role as per their requirement.
  • Enter “Field Level Action” as “MASK_ALL
  • Click on “Save” button

  • Click on “New Entries” button
  • Enter “Sensitive Entity” as “LA_COMPANY” and press “Enter” key. “Description” and “Application Module” will get populated in corresponding fields
  • Check “Enable Configuration” check-box
  • Select “Role Based Authorization” option
  • Enter “PFCG Role” as “/UISM/PFCG_ROLE”. In this example, we have used a blank role “/UISM/PFCG_ROLE”. Customers can use any role as per their requirement.
  • Enter “Field Level Action” as “MASK_ALL
  • Click on “Save” button

  • Click on “New Entries” button
  • Enter “Sensitive Entity” as “LA_CURCODE” and press “Enter” key. “Description” and “Application Module” will get populated in corresponding fields
  • Check “Enable Configuration” check-box
  • Select “Role Based Authorization” option
  • Enter “PFCG Role” as “/UISM/PFCG_ROLE”. In this example, we have used a blank role “/UISM/PFCG_ROLE”. Customers can use any role as per their requirement.
  • Enter “Field Level Action” as “MASK_ALL
  • Click on “Save” button

  • Click on “New Entries” button
  • Enter “Sensitive Entity” as “LA_PRODID” and press “Enter” key. “Description” and “Application Module” will get populated in corresponding fields
  • Check “Enable Configuration” check-box
  • Select “Role Based Authorization” option
  • Enter “PFCG Role” as “/UISM/PFCG_ROLE”. In this example, we have used a blank role “/UISM/PFCG_ROLE”. Customers can use any role as per their requirement.
  • Enter “Field Level Action” as “MASK_ALL
  • Click on “Save” button

  • Click on “New Entries” button
  • Enter “Sensitive Entity” as “LA_PRODNAME” and press “Enter” key. “Description” and “Application Module” will get populated in corresponding fields
  • Check “Enable Configuration” check-box
  • Select “Role Based Authorization” option
  • Enter “PFCG Role” as “/UISM/PFCG_ROLE”. In this example, we have used a blank role “/UISM/PFCG_ROLE”. Customers can use any role as per their requirement.
  • Enter “Field Level Action” as “MASK_ALL
  • Click on “Save” button

  • Click on “New Entries” button
  • Enter “Sensitive Entity” as “LA_PRODPRICE” and press “Enter” key. “Description” and “Application Module” will get populated in corresponding fields
  • Check “Enable Configuration” check-box
  • Select “Role Based Authorization” option
  • Enter “PFCG Role” as “/UISM/PFCG_ROLE”. In this example, we have used a blank role “/UISM/PFCG_ROLE”. Customers can use any role as per their requirement.
  • Enter “Field Level Action” as “MASK_ALL
  • Click on “Save” button

Maintain Technical Address

In this step, we will associate the Technical Address of the fields to be masked with the Logical Attributes.

You can get the Technical Address of a CRMWeb Client UI field by pressing “F2” on the field.

Follow the given path:

SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Maintain Metadata Configuration -> Maintain Technical Address

Follow below mentioned steps:

Under “Web Client UI Field Mapping”, maintain technical address for following fields.

  • Click on “New Entries” button
  • Enter “Component Name” as “EPM_DEMO_PROD
  • Enter “View” as “PRODUCTDETAILS
  • Enter “Context Node” as “PRODUCT
  • Enter “Attribute of Context Node” as “SUPPLIER_ID”
  • Enter “Logical Attribute” as “LA_BPID
  • Enter “Description of Web Client UI Mapping” as “Business Partner ID
  • Click on “Save” button
  • Click on “New Entries” button
  • Enter “Component Name” as “EPM_DEMO_PROD
  • Enter “View” as “PRODUCTDETAILS
  • Enter “Context Node” as “PRODUCTNAME
  • Enter “Attribute of Context Node” as “TEXT
  • Enter “Logical Attribute” as “LA_PRODNAME
  • Enter “Description of Web Client UI Mapping” as “Product Name
  • Click on “Save” button
  • Click on “New Entries” button
  • Enter “Component Name” as “EPM_DEMO_PROD
  • Enter “View” as “PRODUCTDETAILS
  • Enter “Context Node” as “SUPPLIER
  • Enter “Attribute of Context Node” as “COMPANY_NAME
  • Enter “Logical Attribute” as “LA_COMPANY
  • Enter “Description of Web Client UI Mapping” as “Company Name
  • Click on “Save” button
  • Click on “New Entries” button
  • Enter “Component Name” as “EPM_DEMO_PROD
  • Enter “View” as “SEARCHRESULTVIEW
  • Enter “Context Node” as “SEARCHRESULTNODE
  • Enter “Attribute of Context Node” as “CURRENCY_CODE”
  • Enter “Logical Attribute” as “LA_CURCODE
  • Enter “Description of Web Client UI Mapping” as “Currency Code
  • Click on “Save” button
  • Click on “New Entries” button
  • Enter “Component Name” as “EPM_DEMO_PROD
  • Enter “View” as “SEARCHRESULTVIEW
  • Enter “Context Node” as “SEARCHRESULTNODE
  • Enter “Attribute of Context Node” as “PRODUCT_ID
  • Enter “Logical Attribute” as “LA_PRODID
  • Enter “Description of Web Client UI Mapping” as “Product ID”
  • Click on “Save” button
  • Click on “New Entries” button
  • Enter “Component Name” as “EPM_DEMO_PROD
  • Enter “View” as “SEARCHRESULTVIEW
  • Enter “Context Node” as “SEARCHRESULTNODE
  • Enter “Attribute of Context Node” as “PRICE
  • Enter “Logical Attribute” as “LA_PRODPRICE
  • Enter “Description of Web Client UI Mapping” as “Product Price
  • Click on “Save” button

Conclusion

In this blog post, we have learnt how Role-based masking is achieved in Product application of CRM WebClient UI for masking “Product ID”, “Product Name“, “Price“, “Currency“, “Business Partner ID“, and “Company” fields.

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.