Skip to Content
Product Information
Author's profile photo Tobias Keller

UI Data Protection Masking for ECC scenarios: near feature parity with S/4HANA masking!

With the latest release cycle, we have been able to offer a new product version UI DATA
PROTECTION MASKING 1.0 for ECC scenarios – which brings all of the key data protection features, dynamic/attribute based authorizations, and integrated installation and configuration options from the highly advanced SAP S/4H based masking to be usable for ECC based scenarios! A list of only the key features is appended below.

In this initial release, the solution covers scenarios in SAP GUI, Web Dynpro ABAP, and Web Client UI; with UI5/Fiori based scenarios planned to be integrated with the solution in the future feature packs.

The new product version is based on SAP NetWeaver 7.4 and 7.5 – more specifics can be found in the Release Availability Documentation (RAD) and partly also in the Product Availability Matrix.

Find more information on this release in the Help Portal, as well as in the UI Data Protection community page for the solution in general!

Key Features included in this release are: 

UI data protection masking:
Only users with field-level authorization can view data. If a user is not authorized to view the field’s value, the data can be protected by masking, clearing, hiding, or disabling the field.

Data-element-based masking:
You can protect individual data elements independently of the UI technology displaying them.

Data blocking:
The system can suppress (not show) lines in table-style UI elements and block access to entire sensitive records in applications. This is useful in protecting highly sensitive data when the presence of a record should be hidden entirely and is available in SAP GUI transactions.

Attribute-based authorization:
The ABAC policy cockpit enables you to create policies to determine how you want to protect sensitive data within the system. Authorization checks also take the context of a field or data element into consideration.

Recording tool:
The recording tool records the technical addresses of the UI fields that a specified user accesses during a given timeframe and can be used when setting up your system to provide information for configuring sensitive attributes.

Field access trace:
The field access trace can write a trace entry whenever a user accesses fields configured for UI data protection masking, to understand and improve authorizations.

Reveal on demand:
This feature provides an additional level of data protection in SAP GUI by masking the field value by default, irrespective of whether the user is authorized to view the original field value. Users can choose the option to reveal the field value, giving a reason for viewing the data. This will be granted to authorized users only.

Data protection based on sensitive attributes and context attributes:
Sensitive attributes are at the heart of the solution and are the starting point for any configuration cycle. The different data protection options, such as masking and blocking, are applied to one core entity, the sensitive attribute. Context logical attributes encompass information related to a sensitive attribute. They define the context within which a sensitive attribute is to be protected. Context attributes can be static or dynamic in nature, and can therefore contain different values across different runtime scenarios.

Assigned Tags

      4 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Ramiro Amaya
      Ramiro Amaya

      Hello Tobias,

      I hope you are well.

      Tobias I have taken the audacity to write you to ask you about UI data protection masking for SAP ECC.

      We reviewed his blog "UI Data Protection Masking for ECC scenarios: near feature parity with S/4HANA masking!" in the community https://blogs.sap.com/2022/11/04/ui-data-protection-masking-for-ecc-scenarios-near-feature-parity-with-s-4h-masking/ and found that this product can applied for SAP ECC customers.

      I was reviewing the price list and all the SKUs are for S/4, we want to know if you can indicate the corresponding SKU for SAP ECC and thus know/review the corresponding metrics.

      We appreciate your help and guidance.

      Best Regards!

      Jairo Garcia
      Author's profile photo Tobias Keller
      Tobias Keller
      Blog Post Author

      Dear Ramiro,

      thanks for your question! At the time of writing, the appropriate ECC product would be "UI data protection masking" with the following options and SKUs:

      • on prem: 7020167
      • RISE with ECC: 8012153
      • Private Cloud Edition, Tailored Option: 8011964

      Hope this helps, and let me know if you need more information!

      Best,

      Tobias

      Author's profile photo Ramiro Amaya
      Ramiro Amaya

      Hello Tobias,

      I hope you are well.

      Tobias I have taken the audacity to write you to ask you about UI data protection masking for SAP ECC.

      We reviewed his blog "UI Data Protection Masking for ECC scenarios: near feature parity with S/4HANA masking!" in the community https://blogs.sap.com/2022/11/04/ui-data-protection-masking-for-ecc-scenarios-near-feature-parity-with-s-4h-masking/ and found that this product can applied for SAP ECC customers.

      I was reviewing the price list and all the SKUs are for S/4, we want to know if you can indicate the corresponding SKU for SAP ECC and thus know/review the corresponding metrics.

      We appreciate your help and guidance.

      Best Regards!

       

      Jairo Garcia

      Author's profile photo Syed Imam
      Syed Imam

      Hi Tobias,

      Thanks for the useful article. Could you please confirm if there is any Demo planned or already available for -UI Data Protection Masking for ECC scenarios. If yes could you please share that.

      Thanks,

      Syed Quadir Imam