Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UI Data Protection - How to configure masking in CS03 transaction using Manage Sensitive Attribute app based on RBAC Concept

AmitKrSingh
Advisor
Advisor
‎12-28-2020 5:40 PM

Introduction


In this blog post, we will learn how to configure masking through Manage Sensitive Attributes app provided by UI Data Protection Masking for SAP S/4HANA 2011 solution based on Role Based Authorization Control(RBAC) concept.

Manage Sensitive Attributes app


The Manage Sensitive Attributes application allows you to maintain configuration for UI data protection in a SAP Fiori-based UI.


This application brings together several individual transactions, simplifying the maintenance of masking configuration and presenting a holistic picture to the end user. With this app, you can:


  • Create, update and delete sensitive attributes




  • Define masking and blocking configurations




  • Manage technical attribute mappings




  • Create and assign context attributes




  • Create and assign derived attributes and lists of values





You can use the app on your desktop, tablet or smartphone.



Prerequisite


UI data protection masking for SAP S/4HANA is a solution for selective masking of sensitive data on SAP S/4HANA user interfaces – SAP GUI, SAPUI5/SAP Fiori, Web Dynpro for ABAP, and Web Client UI. Data can be protected at field level, either by masking the content (replacing original characters with generic characters, such as asterisks) or by clearing or disabling the field.

The solution uses both role-based and attribute-based authorizations, affording customers a high degree of control.

Requirement


Role-based masking is required for CS03 transaction. Some of the fields need to be masked on this transaction. Product “UI data protection masking for SAP S/4HANA 2011” is used in this scenario to protect sensitive data at field level and must be installed in the S/4HANA system.

Let’s begin


Configuration to achieve masking in CS03 transaction


Login to Fiori Launchpad and click on "Manage Sensitive Attributes" app available under "UI data protection masking" catalog.




Maintain Sensitive Attributes


A Sensitive Attribute is a type of logical attribute that define a field which needs to be configured for UI data protection.

  • Click on Add icon





  • Enter “LA_BOM” in Sensitive Attribute field

  • Enter “Bill of Material Fields” in Description field

  • Click on “Create” button





  • Sensitive Attribute with specified details will be created.



Maintain Mapping to Technical Addresses

In the Manage Sensitive Attributes application, you can link technical addresses of fields to sensitive attributes. A technical address describes the exact technical path or technical information which is used by the solution to process the field for UI data protection masking.

To find the technical addresses for SAP GUI screens, navigate to the field and choose F1, then the Technical Information icon. The system displays the relevant information.


  • Under Technical Mapping > SAP GUI, choose the Add icon.




  • Use the the value help to select the table name and the field name. You can also enter the referenced transaction codes as a comment to describe the mapping.














Mass Configuration


For mass configuration, select the Mass Configuration icon. The system generates additional customizing for SAP GUI and data element entries. Once the application will be refreshed, entries will get listed under Module Pool.

  • Select all the records and click on “Mass Configuration” button







Masking Configuration


In the Manage Sensitive Attributes application, you can configure masking for a sensitive attribute to define in detail how it is to be protected in the system. Masking configuration defines which fields are to be masked for unauthorized users and in which contexts.

To configure masking for a sensitive attribute, under Configuration > Masking Configuration, choose Edit.

  • Enable masking.

  • Select Role-Based authorization concept. For role-based authorization, use the value help to select a PFCG role

  • Select a field-level action to determine what should be visible to unauthorized users. Users with this PFCG role will have access to the original values.

  • Save the configuration.





Masking in CS03 transaction



  • Enter T-Code as “CS03” and press “Enter” key





  • Enter “M-01” in “Material” field

  • Enter “Plant” as “1000

  • Enter “BOM Usage” as “1

  • Enter “Alternative BOM” as “1

  • Click on “Item” button





  • Component”, “Component Description”, and “Quantity” fields on Material tab will appear as masked





  • Component Description” and “Quantity” fields on Document tab will appear as masked





  • Component”, "Component Description”, and “Quantity” fields on General tab will appear as masked





  • Select an item and click on “Item” button to open BoM Item Details





  • Component”, “Component Description”, and “Quantity” fields on Basic Data tab will appear as masked





  • Component” and “Component Description” fields on Status/Long Text tab will appear as masked





  • Component” and “Component Description” fields on Administration tab will appear as masked





  • Component” and “Component Description” fields on Document Assignment tab will appear as masked




Conclusion


In this blog post, we have learnt how Masking is achieved in CS03 transaction through Manage Sensitive Attributes app provided by UI Data Protection Masking for SAP S/4HANA 2011 solution.
Labels:
Labels in this area
Popular Blog Posts