Introduction
In this blog post, we will learn how to configure masking in
Details screen of
SE16 transaction through
Manage Sensitive Attributes app provided by
UI Data Protection Masking for SAP S/4HANA 2011 solution based on
Role Based Authorization Control(RBAC) concept.
Manage Sensitive Attributes app
The
Manage Sensitive Attributes application allows you to maintain configuration for UI data protection in a SAP Fiori-based UI.
This application brings together several individual transactions, simplifying the maintenance of masking configuration and presenting a holistic picture to the end user. With this app, you can:
Create, update and delete sensitive attributes
Define masking and blocking configurations
Manage technical attribute mappings
Create and assign context attributes
Create and assign derived attributes and lists of values
You can use the app on your desktop, tablet or smartphone.
Prerequisite
UI data protection masking for SAP S/4HANA is a solution for selective masking of sensitive data on SAP S/4HANA user interfaces – SAP GUI, SAPUI5/SAP Fiori, Web Dynpro for ABAP, and Web Client UI. Data can be protected at field level, either by masking the content (replacing original characters with generic characters, such as asterisks) or by clearing or disabling the field.
The solution uses both
role-based and
attribute-based authorizations, affording customers a high degree of control.
Requirement
In order to explain how masking can be configured in
Details screen of
SE16 transaction, we will mask
IBAN field in
TIBAN table using
Role-based authorization concept. Product “
UI data protection masking for SAP S/4HANA 2011” is used in this scenario to protect sensitive data at field level and must be installed in the
S/4HANA system.
Let’s begin
Configuration to achieve masking in Details screen of SE16 transaction
Login to
Fiori Launchpad and click on “
Manage Sensitive Attributes” app available under “
UI data protection masking” catalog.
Maintain Sensitive Attributes
A
Sensitive Attribute is a type of logical attribute that define a field which needs to be configured for UI data protection.
- Enter “LA_IBAN” in Sensitive Attribute field
- Enter “IBAN field -> TIBAN table” in Description field
- Click on “Create” button

- Sensitive Attribute with specified details will be created.

Maintain Mapping to Technical Addresses
In the
Manage Sensitive Attributes application, you can link
technical addresses of fields to sensitive attributes. A
technical address describes the exact technical path or technical information which is used by the solution to process the field for UI data protection masking.
To find the technical addresses for
SAP GUI screens, navigate to the field and choose
F1, then the
Technical Information icon. The system displays the relevant information.

Under , choose the Add icon.
Use the the value help to select the table name and the field name. You can also enter the referenced transaction codes as a comment to describe the mapping



Mass Configuration
For mass configuration, select the Mass Configuration icon. The system generates additional customizing for SAP GUI and data element entries. Once the application will be refreshed, entries will get listed under Module Pool.
- Select all the records and click on “Mass Configuration” button




Additional Information
The configuration required to mask the fields in
Details screen of
SE16 transaction can also be maintained manually by following the given steps -
- Under , choose the Add icon.

- Enter Program Name, Screen Number, and Field Name information which is available on the Technical Information screen (Highlighted in Light Green).

- Click on "Save" button. An entry with specified details will be created.

Note: It is strongly recommended that instead of maintaining the entries manually, use the "
Mass Configuration" feature to generate the required entries automatically.
Masking Configuration
In the
Manage Sensitive Attributes application, you can configure masking for a sensitive attribute to define in detail how it is to be protected in the system.
Masking configuration defines which fields are to be masked for unauthorized users and in which contexts.
To configure masking for a sensitive attribute, under , choose Edit.
- Enable masking.
- Select Role-Based authorization concept. For role-based authorization, use the value help to select a PFCG role
- Select a field-level action to determine what should be visible to unauthorized users. Users with this PFCG role will have access to the original values.
- Save the configuration.


Masking in SE16 transaction

Masking in Details screen of SE16 transaction

Conclusion
In this blog post, we have learnt how
Masking is achieved in
Details screen of
SE16 transaction through
Manage Sensitive Attributes app provided by
UI Data Protection Masking for SAP S/4HANA 2011 solution.