Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Attribute Based Access Control (ABAC) - Field Masking scenario in Shop app of SAPUI5

AmitKrSingh
Advisor
Advisor
‎11-14-2019 6:35 AM

Introduction


In this blog post, we will learn how to mask “Name“, “Description“, and “Price” fields of Products of category "Software" in Shop application of SAPUI5.

Attribute based authorizations are dynamic determination mechanism which determines whether a user is authorized to access specific data sets which can be based on the context attributes of the user and data (for example, price of certain sensitive materials are masked).

The end result will appear as:




Prerequisite


UI Data Protection Masking for SAP S/4HANA is a solution that allows you to protect restricted and sensitive data values at field level by masking, clearing, or disabling fields for those users who are not authorized to view or edit this data.

Product “UI data protection masking for SAP S/4HANA” is used in this scenario to protect sensitive data at field level and must be installed in the S/4HANA system.

The product is a cross-application product which can be used to mask/protect any field in SAP GUISAPUI5/SAP FioriCRM Web Client UI, and Web Dynpro ABAP.

Let’s begin


Configuration to achieve masking


Logical Attribute is a functional modelling of how any attribute such as Social Security NumberBank Account NumberAmountsPricing informationQuantity etc. should behave with masking.

Configure Logical Attribute – Follow the given path:


SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Maintain Metadata Configuration -> Maintain Logical Attributes

Item Category



Item Name



Item Description



Item Price



Maintain Technical Address


In this step, we will associate the Technical Address of the fields to be masked with the Logical Attributes.

To get the Technical Address of a SAPUI5/SAP Fiori field, refer Technical Trace blog post.
Follow the given path:

SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Maintain Metadata Configuration -> Maintain Technical Address
Follow below mentioned steps:

Under “UI5/Fiori NetWeaver Gateway Field Mapping”, maintain technical address for following fields.


Policy Configuration


Policy is a combination of rules and actions which are defined in one or more blocks. The actions are executed on a sensitive entity (field to be protected) which has to be assigned to a Policy. The conditions are based on contextual attributes which help derive the context.

Context Attributes are logical attributes which are used in designing the rules of a policy. They are mapped to fields which are used to derive the context under which an action is to be executed on a sensitive entity.

Sensitive Entities are logical attributes which are sensitive and need to be protected from unauthorized access.
Follow the given path:

SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Data Protection Configuration -> Maintain Policy Details for Attribute based Authorizations – Follow below mentioned steps:

  • Click on “New Entries” button

  • Enter “Policy Name” as “POL_MASK_SHOP

  • Select “Type” as “Field Level Masking

  • Select “Application Module” as “M Materials Management

  • Enter “Description” as “Mask fields in Shop app

  • Click on “Save” button



Write following logic into Policy


Maintain Field Level Security and Masking Configuration


Here, we will define how masking will behave with the logical attribute that we created in above step.
Follow the given path:

SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Data Protection Configuration -> Maintain Field Level Security and Masking Configuration
Follow below mentioned steps:


  • Click on “New Entries” button

  • Enter “Sensitive Entity” as “LA_ITEM_NAME” and press “Enter” key. “Description” and “Application Module” will get populated in corresponding fields

  • Check “Enable Configuration” check-box

  • Select “Attribute Based Authorization” option

  • Enter “Policy Name” as “POL_MASK_SHOP

  • Click on “Save” button




  • Click on “New Entries” button

  • Enter “Sensitive Entity” as “LA_ITEM_DESCRIPTION” and press “Enter” key. “Description” and “Application Module” will get populated in corresponding fields

  • Check “Enable Configuration” check-box

  • Select “Attribute Based Authorization” option

  • Enter “Policy Name” as “POL_MASK_SHOP

  • Click on “Save” button




  • Click on “New Entries” button

  • Enter “Sensitive Entity” as “LA_ITEM_PRICE” and press “Enter” key. “Description” and “Application Module” will get populated in corresponding fields

  • Check “Enable Configuration” check-box

  • Select “Attribute Based Authorization” option

  • Enter “Policy Name” as “POL_MASK_SHOP

  • Click on “Save” button



Conclusion


In this blog post, we have learnt how Attribute-based masking is achieved in Shop application of SAPUI5 for masking “Name“, “Description“, and “Price” fields of Products of category "Software".

Note:


For information on Masking in UIM in SAPUI5/Fiori application, please refer blog post Field Masking – Role based masking scenario in Shop app of SAPUI5.
Labels:
Labels in this area
Popular Blog Posts