Skip to Content
Product Information

Field Masking – Context based masking scenario in CS03

Introduction

In this blog post, we will learn how to mask “Component”, “Component Description“, and “Quantity” fields of Bill of Materials (BoM) based on “Material Group” information in transaction CS03.

A PFCG Role will be used for the authorization check which will allow users with the specified role to view the field value. If a user does not have this role, it means the user is not authorized and data will be protected either through masking, clearing, or disabling the field.

The end result for unauthorized users will look like below:

What is Context based Masking?

Attributes that deal with time, location or dynamic aspects is called Context (environment) attribute. Masking a field based on context attribute is called Context based-masking.

e.g. – Masking the salary of employees who belong to Germany.

Prerequisite

Field Masking for SAP GUI” is a solution to protect sensitive data on SAP GUI screens at field level.Product “Field Masking for SAP GUI” is delivered to customer as add-on (UIM 100). To achieve Role based masking, Add-on UIM 100 must be installed in customer system.

Requirement

Context-based masking is required for transaction CS03, “Component”, “Component Description“, and “Quantity” fields of Bill of Materials (BoM) in transaction CS03 need to be masked whose “Material Group” is “00107”.

Maintain Masking configuration

Configure Technical Information (Table Name-Field Name) of field in masking configuration.

You can get the Technical Address of a GUI field by pressing “F1” on the field.

Follow the given path:

SPRO -> SAP NetWeaver -> Field Masking for SAP GUI -> Masking Configuration->Maintain Masking Configuration

Follow below mentioned steps:
  • Click on “New Entries” button
  • Enter “Table Name” as “RC29P
  • Enter “Field Name” as “IDNRK
  • Enter “PFCG Role Name” as “ZTEST“. In this example, we have used a blank role “ZTEST”. Customers can use any role as per their requirement.
  • Check “Masking Control” checkbox”
  • Click on “Save” button

  • Click on “New Entries” button
  • Enter “Table Name” as “RC29P
  • Enter “Field Name” as “KTEXT
  • Enter “PFCG Role Name” as “ZTEST“. In this example, we have used a blank role “ZTEST”. Customers can use any role as per their requirement.
  • Check “Masking Control” checkbox”
  • Click on “Save” button

  • Click on “New Entries” button
  • Enter “Table Name” as “RC29P
  • Enter “Field Name” as “MENGE
  • Enter “PFCG Role Name” as “ZTEST“. In this example, we have used a blank role “ZTEST”. Customers can use any role as per their requirement.
  • Check “Masking Control” checkbox”
  • Click on “Save” button

  • Click on “New Entries” button
  • Enter “Table Name” as “RC29P
  • Enter “Field Name” as “BOMOB
  • Enter “PFCG Role Name” as “ZTEST“. In this example, we have used a blank role “ZTEST”. Customers can use any role as per their requirement.
  • Check “Masking Control” checkbox”
  • Click on “Save” button

  • Click on “New Entries” button
  • Enter “Table Name” as “RMMG1
  • Enter “Field Name” as “MATNR
  • Enter “PFCG Role Name” as “ZTEST“. In this example, we have used a blank role “ZTEST”. Customers can use any role as per their requirement.
  • Check “Masking Control” checkbox”
  • Click on “Save” button

  • Click on “New Entries” button
  • Enter “Table Name” as “MAKT”
  • Enter “Field Name” as “MAKTX
  • Enter “PFCG Role Name” as “ZTEST“. In this example, we have used a blank role “ZTEST”. Customers can use any role as per their requirement.
  • Check “Masking Control” checkbox”
  • Click on “Save” button

Mass Configuration

For the above entries, “Mass Configuration” report should be executed which is required to generate technical addresses.

Follow below mentioned steps:
  • Select the entry
  • Click on “Mass Configuration” button
  • Click on “Select All” button
  • Click on “Generate Customizing” button
  • Save the information

BAdI Implementation

Context-based masking can be achieved by implementing Masking BAdI /UIM/BD_MASKING.

Create BAdI implementation for method PREPARE_MASK_DATA

Sample code is given below –

METHOD /uim/if_uisecurity~prepare_mask_data.
    DATA : lv_matnr    TYPE matnr,
           lv_progname TYPE dbglprog,
           lv_struct   TYPE string.

IF cs_mask_data-tabname = 'RC29P'.
  IF cs_mask_data-fldname = 'KTEXT' OR cs_mask_data-fldname = 'IDNRK' 
  OR cs_mask_data-fldname = 'MENGE' OR cs_mask_data-fldname = 'BOMOB'.
        lv_progname = 'SAPLCSDI'.
        lv_struct = 'RC29P-IDNRK'.
        CONCATENATE '(' lv_progname ')' lv_struct INTO DATA(lv_expr).
        ASSIGN (lv_expr) TO FIELD-SYMBOL(<fv_matnr>).
        IF <fv_matnr> IS ASSIGNED.
          lv_matnr = <fv_matnr>.
        ENDIF.
   ENDIF.

    ELSEIF  cs_mask_data-tabname = 'RMMG1' OR cs_mask_data-tabname = 'MAKT'.

  IF cs_mask_data-fldname = 'MAKTX' OR cs_mask_data-fldname = 'MATNR' 
     OR cs_mask_data-fldname = 'MENGE' .
        lv_progname = 'SAPLMGD1'.
        lv_struct = 'RMMG1-MATNR'.
        CONCATENATE '(' lv_progname ')' lv_struct INTO lv_expr.
        ASSIGN (lv_expr) TO <fv_matnr>.
        IF <fv_matnr> IS ASSIGNED.
          lv_matnr = <fv_matnr>.
        ENDIF.
    ENDIF.
  ENDIF.

    IF lv_matnr IS NOT INITIAL.
      SELECT SINGLE matnr, matkl FROM mara INTO @DATA(ls_mara) 
      WHERE matnr = @lv_matnr AND matkl = '00706'.
      IF sy-subrc = 0 .
        cs_mask_data-auth_flag = abap_true.
      ENDIF.
    ENDIF.
ENDMETHOD.

Conclusion

In this blog post, we have learnt how Role-based masking is achieved for “Component”, “Component Description“, and “Quantity” fields of Bill of Materials (BoM) based on “Material Group” information in transaction CS03.

Note:

For information of masking in transaction MIGO, please refer the blog post Field Masking – Mask Vendor, Material, and Quantity related information in MIGO

Be the first to leave a comment
You must be Logged on to comment or reply to a post.