Field Masking – Context based masking scenario in Business Partner application of CRM WebClient UI

Introduction

In this blog post, we will learn how to mask “Email Address” field based on “Business Partner ID” field information of Business Partner application in CRM WebClient UI.

A PFCG Role will be used for the authorization check which will allow users with the specified role to view the field value. If a user does not have this role, it means the user is not authorized and data will be protected either through masking, clearing, or disabling the field.

For unauthorized users, “Email Address” field for Business Partner ID “100000025” will look like below:

Where as “Email Address” field for other Business Partner IDs will look like below:

What is Context based Masking?

Attributes that deal with time, location or dynamic aspects is called Context (environment) attribute. Masking a field based on context attribute is called Context based-masking.

e.g. – Masking the salary of employees who belong to Germany.

Prerequisite

“Field Masking for Web Client UI” is a solution to protect sensitive data on CRM WebClient UI screens at field level.Product “Field Masking for Web Client UI” is delivered to customer as add-on (UIM 100). To achieve Role based masking, Add-on UIM 100 must be installed in customer system.

Requirement

Context-based masking is required for Business Partner application of CRM Web Client UI, “Email Address” field need to be masked based on “Business Partner ID” information where Business Partner ID is “100000025”.

Maintain Masking configuration

n this step, we will configure the Technical Address of the fields to be masked.

You can get the Technical Address of a CRM WebClient UI field by pressing “F2” on the field.

Follow the given path:

SPRO -> SAP NetWeaver -> Field Masking for Web Client UI -> Masking Configuration -> Maintain Masking Configuration

BAdI Implementation

Context-based masking can be achieved by implementing Masking BAdI –

/UIMWUI/BD_MASK_AUTHORIZATION

Create BAdI implementation for method EXECUTE_AUTHORIZATION

Sample code is given below –

METHOD /uimwui/if_mask_authorization~execute_authorization.
  DATA: lv_attr TYPE NAME_KOMP VALUE 'BP_ID',
        lv_bp TYPE CRMT_BP_ID.
  IF IV_COMPONENT_NAME = 'EPM_DEMO_BP' AND IV_VIEW_NAME = 'PARTNERDETAILS' AND IV_CONTEXT_NODE = 'PARTNER'.
    IR_ENTITY->GET_PROPERTY_AS_VALUE(
      exporting
        IV_ATTR_NAME = lv_attr
      importing
        EV_RESULT    = lv_bp
    ).
    IF lv_bp = '0100000025'.
      CV_AUTH_INDICATOR = 'N'.
    ELSE.
      CV_AUTH_INDICATOR = 'Y'.
    ENDIF.
  ENDIF.
  ENDMETHOD.

Conclusion

In this blog post, we have learnt how Role-based masking is achieved in Business Partner application of CRM WebClient UI for masking “Email Address” field based on “Business Partner ID” field information.