Skip to Content
Product Information

Field Masking for SAP GUI – Context based masking scenario in SE16 (ALV Grid Display, ALV List, and SE16 Standard List)

Introduction

In this blog post, we will learn how to mask “Telephone Number” and “Fax Number” fields based on “Region Code” information of table KNA1 in transaction SE16.

A PFCG Role will be used for the authorization check which will allow users with the specified role to view the field value. If a user does not have this role, it means the user is not authorized and data will be protected either through masking, clearing, or disabling the field.

The end result for unauthorized users will look like below:

ALV Grid Display

ALV List

Standard SE16 List

What is Context based Masking?

Attributes that deal with time, location or dynamic aspects is called Context (environment) attribute. Masking a field based on context attribute is called Context based-masking.

e.g. – Masking the salary of employees who belong to Germany.

Prerequisite

Field Masking for SAP GUI” is a solution to protect sensitive data on SAP GUI screens at field level.Product “Field Masking for SAP GUI” is delivered to customer as add-on (UIM 100). To achieve Role based masking, Add-on UIM 100 must be installed in customer system.

Requirement

Context-based masking is required for transaction SE16, “Telephone Number” and “Fax Number” fields of table KNA1 in transaction SE16 need to be masked whose “Region Code” is “CO”.

Maintain Masking configuration

Configure Technical Information (Table Name-Field Name) of field in masking configuration.

You can get the Technical Address of a GUI field by pressing “F1” on the field.

Follow the given path:

SPRO -> SAP NetWeaver -> Field Masking for SAP GUI -> Masking Configuration->Maintain Masking Configuration

Telephone Number
Follow below mentioned steps:
  • Click on “New Entries” button
  • Enter “Table Name” as “KNA1
  • Enter “Field Name” as “TELF1
  • Enter “PFCG Role Name” as “/UIM/PFCG_ROLE“. In this example, we have used a blank role “/UIM/PFCG_ROLE”. Customers can use any role as per their requirement.
  • Check “Masking Control” checkbox”
  • Click on “Save” button

Fax Number
Follow below mentioned steps:
  • Click on “New Entries” button
  • Enter “Table Name” as “KNA1
  • Enter “Field Name” as “TELFX
  • Enter “PFCG Role Name” as “/UIM/PFCG_ROLE“. In this example, we have used a blank role “/UIM/PFCG_ROLE”. Customers can use any role as per their requirement.
  • Check “Masking Control” checkbox”
  • Click on “Save” button

BAdI Implementation

Context-based masking can be achieved by implementing Masking BAdI /UIM/BD_MASKING.

Create BAdI implementation for method PREPARE_MASK_DATA

Sample code is given below –

* Sample Implementation for Context based masking in ALV Grid

* Following Global Parameters are available for context based masking in ALV. These can be used in
  UI Masking BAdI to achieve the context based masking in ALV Grid:

  1) /uim/cl_msk_alv=>ss_data    : This contains the complete data reference of ALV Grid being                displayed

  2) /uim/cl_msk_alv=>sv_row_id  : This global variable contain the current row number being                  processed

  3) /uim/cl_msk_alv=>st_fcat    : This table contains the FieldCat of current ALV being processed

* Scenario: Mask Field – “Telephone Number” and “Fax Number” in KNA1 table if Customer’s                Region  Code = ‘CO’

* Configuration: The “Telephone Number” and “Fax Number” have been maintained in Masking            configuration that means “Telephone Number” and “Fax Number” column’s data field will be                masked for unauthorized users.

* BAdI Handling: Under this BAdI, we unmask the above two fields if Customer’s Region code is          other than ‘CO’

DATA ls_row_data TYPE REF TO data.
FIELD-SYMBOLS <fs_data>     TYPE STANDARD TABLE,
<fs_row_data> TYPE any,
<fs_regio>    TYPE kna1regio.

*– Get ALV Data
ASSIGN /uim/cl_msk_alv=>ss_data->TO <fs_data>.
IF <fs_data> IS ASSIGNED.

*– Get Current Row
READ TABLE <fs_data> ASSIGNING <fs_row_data> INDEX /uim/cl_msk_alv=>sv_row_id.
IF sysubrc EQ 0.

*– Get Value of field REGIO ( Region )
ASSIGN COMPONENT ‘REGIO’ OF STRUCTURE <fs_row_data> TO <fs_regio>.
IF sysubrc EQ 0.

*– Masking Condition – Unmask if REGION is other than CO
IF <fs_regio> NE ‘CO’.
cs_mask_datamasked_val cs_mask_dataoriginal_val.
cs_mask_dataauth_flag abap_true.
ENDIF.
ENDIF.
ENDIF.
ENDIF.

Conclusion

In this blog post, we have learnt how Role-based masking is achieved for “Telephone Number” and “Fax Number” fields based on “Region Code” information of table KNA1 in transaction SE16.

Be the first to leave a comment
You must be Logged on to comment or reply to a post.