Financial Management Blogs by SAP
Get financial management insights from blog posts by SAP experts. Find and share tips on how to increase efficiency, reduce risk, and optimize working capital.
cancel
Showing results for 
Search instead for 
Did you mean: 
AmitKrSingh
Product and Topic Expert
Product and Topic Expert
1,241

Introduction


In this blog, we will learn how to configure masking in Analytical Queries to protect the sensitive information displayed in it. Analytical Queries are used for reporting and analysis.

S/4HANA Embedded Analytics


Analytics is one of the most typical and tangible values of S/4HANA. S/4HANA Embedded Analytics is the function for real-time operational analytics in S/4HANA. It consists of ABAP CDS Views as data source and Fiori Analytical application as the frontend. As the frontend, other than S/4HANA Embedded Analytics, SAP Analytics Cloud is available which is used together with S/4HANA embedded analytics.

Query Monitor (RSRT TCode)


The Query Monitor tests, checks, and is used to test or regenerate queries and query views, and to check or change query properties. A detailed analysis of queries can be done with the transaction RSRT (Query Monitor) in a very convenient way. With the help of the Query Monitor you can run and analyze queries without a BW front end.

To launch the Query Monitor, execute transaction RSRT.


Here, we will use Query Monitor to showcase masking of sensitive fields of analytical queries. We will configure masking through UI Data Protection Masking for SAP S/4HANA 2011 solution based on Role Based Authorization Control (RBAC) concept.

Prerequisite


UI data protection masking for SAP S/4HANA is a solution for selective masking of sensitive data on SAP S/4HANA user interfaces – SAP GUI, SAPUI5/SAP Fiori, Web Dynpro for ABAP, and Web Client UI. Data can be protected at field level, either by masking the content (replacing original characters with generic characters, such as asterisks) or by clearing or disabling the field.

Requirement


Here, we want to configure masking for G/L Account field in 2CCFITRIALBALANCE query result using Role-based authorization concept.

Product “UI data protection masking for SAP S/4HANA 2011” is used in this scenario to protect sensitive data at field level and must be installed in the S/4HANA system.

Let’s begin


Configuration to achieve masking G/L Account field


Logical Attribute is a functional modelling of how any attribute such as Social Security Number, Bank Account Number, Amounts, Pricing information, Quantity etc. should behave with masking.

Configure Logical Attribute


Follow the given path:

SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Sensitive Attribute Configuration -> Maintain Metadata Configuration -> Maintain Logical Attributes

Follow below mentioned steps:

Under “Maintain Logical Attributes”, maintain following logical attribute.

G/L Account



  • Click on “New Entries” button

  • Enter “Logical Attribute” as “LA_GL_ACCOUNT

  • Enter “Description” as “G/L Account"

  • Select “Is Sensitive” checkbox

  • Click on “Save” button




Maintain Analytics Technical Address


To mask the fields in Analytical Queries, Technical Information (InfoProvider-Query-InfoObject) is required. To retrieve the Technical Address for Analytical Query fields, you need to use Recording Tool feature to get the Technical Address as Technical Information on press of F1 key is not available here.

Refer to this blog to know how to use the Recording tool.

Follow the given path:

SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Sensitive Attribute Configuration -> Maintain Metadata Configuration -> Maintain Analytics Technical Address

Follow below mentioned steps:

Under “Analytics Technical Address”, maintain technical address for following field.

G/L Account



  • Click on “New Entries” button

  • Enter “InfoProvider” as “2CIFIGLBALCUBE

  • Enter “Query” as “2CCFITRIALBALANCE

  • Enter “InfoObject” as “2CIFIGLACCINCOA

  • Enter “Logical Attribute” as “LA_GL_ACCOUNT

  • Enter “Description” as “G/L Account

  • Click on “Save” button




Maintain Field Level Security and Masking Configuration


Here, we will define how masking will behave with the logical attribute that we created in the above step.

Follow the given path:

SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Sensitive Attribute Configuration -> Masking and Blocking Configuration -> Maintain Field Level Security and Masking Configuration

Follow below mentioned steps:

  • Click on “New Entries” button

  • Enter “Sensitive Entity” as “LA_GL_ACCOUNT” and press “Enter” key. “Description” will get populated in corresponding fields

  • Check “Enable Configuration” checkbox

  • Select “Role Based Authorization” option

  • Enter “PFCG Role” as “/UISM/PFCG_ROLE“. In this example, we have used a blank role “/UISM/PFCG_ROLE”. Customers can use any role as per their requirement.

  • Enter “Field Level Action” as “MASK_ALL

  • Click on “Save” button




Masking in ABAP BICS Query Display Mode


Follow below mentioned steps:

  • Execute “RSRT” TCode

  • Enter “Query” as “2CIFIGLBALCUBE/2CCFITRIALBALANCE

  • Select “Query Display” mode as “ABAP BICS

  • Click on “Execute” button





  • Enter highlighted search criteria in the corresponding fields and click on “OK” button





  • G/L Account field value will appear as masked




Conclusion


In this blog post, we have learnt how Role-based masking is achieved in Analytical Queries in Query Monitor (RSRT TCode) in ABAP BICS Query Display mode for masking sensitive field information.
1 Comment