Product Information
UI Data Protection – How to use Manage Sensitive Attributes app to configure Logical Attributes
Introduction
In this blog post, we will learn how to configure Sensitive and Context Attributes using “Manage Sensitive Attribute” app which is available with UI Data Protection Masking for SAP S/4HANA solution.
Prerequisite
UI Data Protection Masking for SAP S/4HANA is a solution that allows you to protect restricted and sensitive data values at field level by masking, clearing, or disabling fields for those users who are not authorized to view or edit this data.
Product “UI data protection masking for SAP S/4HANA” is used in this scenario to protect sensitive data at field level and must be installed in the S/4HANA system.
The product is a cross-application product which can be used to mask/protect any field in SAP GUI, SAPUI5/SAP Fiori, CRM Web Client UI, and Web Dynpro ABAP.
Requirement
Here, we want to configure masking and blocking for Sensitive Business Partners Identification Number in BUT0ID table in SE16 transaction based on logged-in users IP Address information. Also, some sensitive business partner records will be blocked for unauthorized users.
Let’s begin
Configure Logical Attributes
Login to Fiori Launchpad and click on “Manage Sensitive Attributes” app available under “UI data protection masking” catalog.
Maintain Sensitive Attributes
A Sensitive Attribute is a type of logical attribute that define a field which needs to be configured for UI data protection.
- Click on Add icon
- Enter “LA_BP_SSN” in Sensitive Attribute field
- Enter “BP Social Security Number” in Description field
- Click on “Create” button
- Sensitive Attribute with specified details will be created.
Maintain Mapping to Technical Addresses
In the Manage Sensitive Attributes application, you can link technical addresses of fields to sensitive attributes. A technical address describes the exact technical path or technical information which is used by the solution to process the field for UI data protection masking.
To find the technical addresses for SAP GUI screens, navigate to the field and choose F1, then the Technical Information icon. The system displays the relevant information.
-
Under Add icon.
, choose the -
Use the the value help to select the table name and the field name. You can also enter the referenced transaction codes as a comment to describe the mapping.
Mass Configuration
For mass configuration, select the Mass Configuration icon. The system generates additional customizing for SAP GUI and data element entries. Once the application will be refreshed, entries will get listed under Module Pool.
- Select the record and click on “Mass Configuration” button
Maintain Context Attributes
In the Manage Sensitive Attributes application, you can create and update context attributes, and map them to sensitive attributes.
A context attribute is a type of logical attribute which is used to define the context within which a sensitive attribute is to be protected.
- To assign a context attribute to a sensitive attribute, under Context Attributes, choose the Add icon.
- To create a new context attribute, select Create New, enter the name of the context attribute beginning with LA_ and a description.
- Open a context attribute by tapping the arrow next to it and under Technical Mapping, you can map technical addresses to the context attribute in the same way we did for sensitive attribute
Conclusion
In this blog post, we have learnt how to configure Sensitive and Context Attributes using Manage Sensitive Attributes app.
Hi,
We have followed this blog, but do not see Reveal option in Fiori.
Also we cannot find Manage sensitive attributes app in Fiori apps library, not able to find the services which need to be activated.
Same configuration has been done via SPRO.
Hi Meenakshi,
As a part of UI data protection masking team, we are always there to help in any way possible.
We would request you to raise an incident in BCP/SNOW (be it internal / customer) with your detailed query on the component GRC-UDS-DO.
As part of the incident, you can also request a call and based on the context shared as part of the incident, we would come prepared and be able to support you in a short call.
Regards,
Amit Kumar Singh