Field Masking – Role based masking scenario in Shop app of SAPUI5

Introduction

In this blog post, we will learn how to mask “Name“, “Description“, “Price” and “Currency Code” fields of Products in Shop application of SAPUI5.

A PFCG Role will be used for the authorization check which will allow users with the specified role to view the field value. If a user does not have this role, it means the user is not authorized and data will be protected either through masking, clearing, or disabling the field.

The end result for unauthorized users will look like below:

Prerequisite

“Field Masking for SAPUI5 and SAP Fiori” is a solution to protect sensitive data on SAPUI5 and SAP Fiori screens at field level. Product “Field Masking for SAPUI5 and SAP Fiori” is delivered to customer as add-on (UIMGW 100 and UIMUI5 100). To achieve Role-based masking, Add-on UIMGW 100 and UIMUI5 100 must be installed in customer system.

In case of Hub landscape, Add-on UIMGW 100 needs to be installed in ECC/S4 HANA system and Add-on UIMUI5 100 needs to be installed in Fiori Front-end system.

Requirement

Role-based masking is required to mask “Name“, “Description“, “Price” and “Currency Code” fields of Products in Shop application of SAPUI5.

Maintain Masking configuration

Configure Technical Information (Service Name-Entity) of field in masking configuration.

Follow the given path:

SPRO -> SAP NetWeaver -> Field Masking for SAPUI5 and SAP Fiori -> Masking Configuration->Maintain Masking Configuration

Follow below mentioned steps:

• Click on “New Entries” button
• Enter “Service Name” as “SEPMRA_SHOP”
• Enter “Entity” as “Product”
• Check “Masking Control” checkbox”
• Enter “Description” as “Product”
• Click on “Save” button

Maintain Property Details

1. Select the row
2. Double-Click on “Maintain Property Details” option
3. Click on “New Entries” button
4. Press “F4” button on “Property” field and select “Name” property
5. Check “Masking Control” checkbox
6. Enter “PFCG Role Name” as “/UIMGW/PFCG_ROLE“. In this example, we have used a blank role “/UIMGW/PFCG_ROLE”. Customers can use any role as per their requirement.
7. Click on “Save” button

For OData services based on CDS views, F4 Search Help will not available on Entity and Property fields. Entity and Property information can be found using transaction SEGW or by analyzing the Fiori App itself.

• Repeat the steps 3 to 7 to configure masking for other properties (Description, Price, and CurrencyCode)

Conclusion

In this blog post, we have learnt how Role-based masking is achieved in Shop application of SAPUI5 for masking “Name“, “Description“, “Price” and “Currency Code” fields of Products.

Note:

For information on Masking in UI Data Protection in SAPUI5/Fiori application, please refer blog post Attribute Based Access Control (ABAC) – Field Masking scenario in Shop app of SAPUI5.