Introduction
In this blog post, we will learn how to configure Data Block in Supplier app of SAPUI5 to block access of certain Supplier's information from the users who do not have a specific PFCG Role.
Attribute based authorizations are dynamic determination mechanism which determines whether a user is authorized to access specific data sets which can be based on the context attributes of the user and data (for example, price of certain sensitive materials are masked).
The end result for authorized users will appear as:
Records of Suppliers (5), (10), and (15) is displayed in Overview section for authorized users. Also, authorized users can navigate to Supplier details screen.
The end result for unauthorized users will appear as:
Records of Suppliers (5), (10), and (15) is not displayed in Overview section for unauthorized users as they are blocked. Also, unauthorized users cannot navigate to Supplier details screen even if they try to navigate using the URL.
Prerequisite
UI Data Protection Masking for SAP S/4HANA is a solution that allows you to protect restricted and sensitive data values at field level by masking, clearing, or disabling fields for those users who are not authorized to view or edit this data.
Product “UI data protection masking for SAP S/4HANA” is used in this scenario to protect sensitive data at field level and must be installed in the S/4HANA system.
The product is a cross-application product which can be used to mask/protect any field in SAP GUI, SAPUI5/SAP Fiori, CRM Web Client UI, and Web Dynpro ABAP.
Let’s begin
Configuration to achieve data block
Logical Attribute is a functional modelling of how any attribute such as Social Security Number, Bank Account Number, Amounts, Pricing information, Quantity etc. should behave with masking.
Configure Logical Attribute – Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Maintain Metadata Configuration -> Maintain Logical Attributes
Supplier Number
Configure Value Range
Value Ranges are a set of pre-populated values which can be used to derive the context under which an action should be executed.
Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Maintain Metadata Configuration -> Maintain Attributes and Ranges for Policy – Follow below mentioned steps:
Sensitive Supplier List
- Click on “New Entries” button
- Enter “Value Range” as “VR_SENSITIVE_SUPPLIERS_LIST”
- Select “Application Module” as “M Materials Management”
- Enter “Description” as “Sensitive Supplier List”
- Click on “Save” button
Enter entries in “VR_SENSITIVE_EMPLOYEES” Value Range
- Execute Transaction Code “/UISM/V_RANGE”
- Click on “VR_SENSITIVE_SUPPLIERS_LIST” Value Range
- Click on “Display<- -> Change” button
- Click on “Add New Entry” button
- Add following entries under “Include Value” tab and click on “Save” button
Value Description
5 Dupont
10 Tiedemeier
15 Safety Clean
Maintain Technical Address
In this step, we will associate the Technical Address of the fields to be masked with the Logical Attributes.
To get the Technical Address of a SAPUI5/SAP Fiori field, refer Technical Trace blog post.
Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Maintain Metadata Configuration -> Maintain Technical Address
Follow below mentioned steps:
Under “UI5/Fiori NetWeaver Gateway Field Mapping”, maintain technical address for following fields.
Supplier Number
- Click on “New Entries” button
- Enter “Service Name” as “C_SUPPLIER_FS_SRV”
- Enter “Entity” as “C_SupplierFsType”
- Enter "Property" as "Supplier"
- Enter “Logical Attribute” as “LA_SUPPLIER_NUMBER”
- Enter “Description” as “Supplier Number”
- Click on “Save” button
Policy Configuration
A Policy is a combination of rules and actions which are defined in one or more blocks. The actions are executed on a sensitive entity (field to be protected) which has to be assigned to a Policy. The conditions are based on contextual attributes which help derive the context.
Context Attributes are logical attributes which are used in designing the rules of a policy. They are mapped to fields which are used to derive the context under which an action is to be executed on a sensitive entity.
Sensitive Entities are logical attributes which are sensitive and need to be protected from unauthorized access.
Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Data Protection Configuration -> Maintain Policy Details for Attribute based Authorizations – Follow below mentioned steps:
- Click on “New Entries” button
- Enter “Policy Name” as “POL_BLOCK_SUPPLIERS”
- Select “Type” as “Data Blocking”
- Select “Application Module” as “M Materials Management”
- Enter “Description” as “Block Details of Sensitive Supplier”
- Click on “Save” button
Write following logic into Policy
Maintain Data Blocking Configuration
Here, we will define how masking will behave with the logical attribute that we created in above step.
Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Data Protection Configuration -> Maintain Data Blocking Configuration
Follow below mentioned steps:
- Click on “New Entries” button
- Enter “Sensitive Entity” as “LA_SUPPLIER_NUMBER" and press “Enter” key. “Description” and “Application Module” will get populated in corresponding fields
- Check “Enable Configuration” check-box
- Select “Attribute Based Authorization” option
- Enter “Policy Name” as “POL_BLOCK_SUPPLIERS”
- Enter “Message Class” as “/UISM/UI“
- Enter “Message Number” as “901“
- Click on “Save” button
Conclusion
In this blog post, we have learnt how Data Blocking is achieved in Supplier app of SAPUI5 for blocking access of certain Supplier's information from the users who do not have a specific PFCG Role.
- SAP Managed Tags:
| User | Count |
|---|---|
| 34 | |
| 17 | |
| 16 | |
| 15 | |
| 11 | |
| 9 | |
| 8 | |
| 8 | |
| 8 | |
| 7 |
