Masking Street address in BP based on category using Derived Attribute
SAP UI Masking is a tool that sits between the database and GUI to protect the sensitive data. Basically the tool works at the presentation layer which can be used for making a field display only, mask using a pattern or completely hide the field itself without impacting the application layer that runs the business processes.
Attribute Based Masking: ABAC Policy cockpit is the feature in the product that offers many ways to protect the sensitive data like Hiding, disabling or masking the field as the per the requirement.
In below example, we will use Attribute Based Masking on field STREET with respect to transaction codes BP and BUP3 but masking will use derived attribute and value range for category US1 to implement the logic.
If the data in the field STCD1 is further categorized by type US1 (SSN) and US2 (General Data) then Attribute based masking will be the solution and it will mask only if the category is of type US1.
Business Scenario: Business Partner data is deemed as highly sensitive which is common in many organizatons. Users who have access to business partner data like transactions BP and BUP3 see much more than they are authorized to see. There is a growing concern among the organizations to protect the data of their employees, customers and suppliers. At the same time many departments need access to display BUP3/BP hence securing the data based on context is legitimate case for using UI Masking and data protection.
Prequisite: Add-on UISM100 must be installed first in the system to achieve Field level Masking
Configure Technical Information (Table Name-Field Name) of field in masking configuration.
The Technical Address of a GUI field can be find by pressing “F1” on the field.
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA –> Maintain Metadata Configuration
- Maintain Logical Attributes
- Maintain Technical Address
Under Maintain Logical Attributes –> Click on New Entries
Click on Maintain Technical Address –> Click on new entries
- Enter the table, field name, and Logical Attribute. C
- Select the row and click on Mass Configuration
- Select all and Generate Customizing
Click on Maintain Attributes and Ranges for Policy
Go to SE24 and create the class with following code changes that applies to tables and t-code fields based on context
Data Protection Configuration
Click on Maintain Policy Details for Attribute-Based Authorizations
Assign the above policy to the Logical Attribute which is tied to the fields where masking needs to be switched on.
Conclusion: Street address is masked based on derived attribute based on category of type US1 in BP and BUP3
Please share your thoughts and feedback in a comment.
Related topics – link from the text
Ask questions about field masking for SAP GUI and follow https://answers.sap.com/tags/67838200100800005192
Read other field masking for SAP GUI and follow blog posts https://blogs.sap.com/tags/67838200100800005192