UI Data Protection – How to use Manage Sensitive Attributes app to configure Logical Attributes

Introduction

In this blog post, we will learn how to configure Sensitive and Context Attributes using “Manage Sensitive Attribute” app which is available with UI Data Protection Masking for SAP S/4HANA solution.

Prerequisite

UI Data Protection Masking for SAP S/4HANA is a solution that allows you to protect restricted and sensitive data values at field level by masking, clearing, or disabling fields for those users who are not authorized to view or edit this data.

Product “UI data protection masking for SAP S/4HANA” is used in this scenario to protect sensitive data at field level and must be installed in the S/4HANA system.

The product is a cross-application product which can be used to mask/protect any field in SAP GUI, SAPUI5/SAP Fiori, CRM Web Client UI, and Web Dynpro ABAP.

Requirement

Here, we want to configure masking and blocking for Sensitive Business Partners Identification Number in BUT0ID table in SE16 transaction based on logged-in users IP Address information. Also, some sensitive business partner records will be blocked for unauthorized users.

Let’s begin

Configure Logical Attributes

Login to Fiori Launchpad and click on “Manage Sensitive Attributes” app available under “UI data protection masking” catalog.

Maintain Sensitive Attributes

A Sensitive Attribute is a type of logical attribute that define a field which needs to be configured for UI data protection.

Click on Add icon

Enter “LA_BP_SSN” in Sensitive Attribute field
Enter “BP Social Security Number” in Description field
Click on “Create” button

Sensitive Attribute with specified details will be created.

Maintain Mapping to Technical Addresses

In the Manage Sensitive Attributes application, you can link technical addresses of fields to sensitive attributes. A technical address describes the exact technical path or technical information which is used by the solution to process the field for UI data protection masking.

To find the technical addresses for SAP GUI screens, navigate to the field and choose F1, then the Technical Information icon. The system displays the relevant information.

Under Technical Mapping > SAP GUI, choose the Add icon.
Use the the value help to select the table name and the field name. You can also enter the referenced transaction codes as a comment to describe the mapping.

Mass Configuration

For mass configuration, select the Mass Configuration icon. The system generates additional customizing for SAP GUI and data element entries. Once the application will be refreshed, entries will get listed under Module Pool.

Select the record and click on “Mass Configuration” button

Maintain Context Attributes

In the Manage Sensitive Attributes application, you can create and update context attributes, and map them to sensitive attributes.

A context attribute is a type of logical attribute which is used to define the context within which a sensitive attribute is to be protected.

To assign a context attribute to a sensitive attribute, under Context Attributes, choose the Add icon.
To create a new context attribute, select Create New, enter the name of the context attribute beginning with LA_ and a description.
Open a context attribute by tapping the arrow next to it and under Technical Mapping, you can map technical addresses to the context attribute in the same way we did for sensitive attribute