In this blog post, we will learn how to mask fields of ALV Grid program in SAP GUI.
A PFCG Role will be used for the authorization check which will allow users with the specified role to view the field value. If a user does not have this role, it means the user is not authorized and data will be protected either through masking, clearing, or disabling the field.
The end result for unauthorized users will look like below:
“Field Masking for SAP GUI” is a solution to protect sensitive data on SAP GUI screens at field level.Product “Field Masking for SAP GUI” is delivered to customer as add-on (UIM 100). To achieve Role-based masking, Add-on UIM 100 must be installed in customer system.
Role-based masking is required for “ALV Grid” program. Some of the fields need to be masked on this ALV Grid.
Recording Tool for Technical Address
In order to mask the fields on SAP GUI, Technical Information (Table Name-Field Name) is required which users can get by pressing “F1” on the field. There are some instances where “F1” is not working for some or all of the fields of ALV Grid in SAP GUI. In our scenario, “Technical Information (Table Name-Field Name)” is not available for any of the fields of custom ALV Grid program by pressing “F1” key.
In this scenario “Recording Tool for Technical Address” will help user to find technical address for UI Masking. This report logs/records User Trace, Table Name-Field Name, Field Value and other metadata information that helps users to find Technical Address for masking.
Even after running the Recording Tool, if you do not see the Table Name-Field Name information of the field that you want to mask in the report then it is not possible to mask that field technically because of technical limitation.
How to use Recording Tool for Technical Address?
User should be activated for recording then he needs to run the actual transaction for which masking is required. Then, after successful execution of transaction user can view Table Name-Field Name and other metadata information.
- Execute T-Code “/N/UIM/RECORDING_TOOL”. “Recording Tool for Technical Address”screen will be displayed.
- Enable Recording – Click on “Enable” button in order to activate recording at Global Level.
- Activate User – Click on “Activate User” button in order to activate recording for the user. Provide the “User Name”, “Timeout Period in minutes” and check “Value to be stored?” check-box and click on “OK” button.
- User: User for which store the technical address for UI fields entries.
- Timeout (in Mins): User activation timeout period in minutes.
- Value to be stored: Need to store the value or not.
- Recording will get activated for the user and “Active” flag will change to “YES”.
- Execute TCode “SE38“
- Enter “Program” as “ZDEMO_ALV“
- Click on “Execute” button
- ALV Grid program details will be displayed.
- View Recording Data – Select the user for which you want to view the Recording Data and click on “View” button on View Recording screen.
- Provide the Selection Parameters in order to view the Recording Data and click on “Execute” button.
- Based on the selection parameters, the system displays a list of entries which contains Table Name-Field Name information using which user can configure masking on the fields.
- Delete Recording Data – Since this Recording Tool stores data in a temporary table, you can choose to delete the entries for a user by clicking on the “Delete” button. Note: Records older than 7 days are automatically deleted.
- Deactivate User – Click on “Deactivate User” button in case you want to deactivate the recording for the selected user.
Maintain Masking configuration
Configure Technical Information (Table Name-Field Name) of field in masking configuration.
Follow the given path and maintain following entries:
SPRO -> SAP NetWeaver -> Field Masking for SAP GUI -> Masking Configuration->Maintain Masking Configuration
In this blog post, we have learnt how Role-based masking is achieved for mask fields of ALV Grid program in SAP GUI.