Introduction
In this blog post, we will learn how to mask “
Address“, “
Bank Account“, “
Bank Country“, and “
Bank Key” fields of Supplier in
Supplier application of
SAPUI5. Only
"Address" field will be configured as
Reveal on Demand which means when user will use
Reveal on Demand feature, value of
Address field will be revealed and all the other fields will remain masked.
Attribute based authorizations are dynamic determination mechanism which determines whether a user is authorized to access specific data sets which can be based on the context attributes of the user and data (for example, price of certain sensitive materials are masked).
The end result will appear as:
Reveal on Demand
Reveal on demand provides additional data protection by masking the field value by default, even if the user is authorized to view the data. The authorized user then explicitly chooses the option to reveal the field value on the user interface.
When the authorized user reveals the data, a dialog box (which can be configured to display a confirmation message, reason code, and free text) is displayed. The user then has to specify, for example, a reason for revealing the data. The revealed data is masked again once the timeout takes effect or when the user switches off the reveal option.
- To unmask the "Address" field information using Reveal on Demand feature, click on "Eye" icon and then click on "Reveal" option
- On Reveal On Demand pop-up, select “Reason” as “DVA Data Verification”, enter “Comments for Reveal” as “Unmask to view values”, and click on “Submit” button
- Field value will get unmasked for “Address” field
- To again mask the "Address" field value, click on "Eye" icon and then click on "Mask" option
- On Reveal On Demand pop-up, click on “OK” button
- “Address" field will again appear as masked
Prerequisite
UI Data Protection Masking for SAP S/4HANA is a solution that allows you to protect restricted and sensitive data values at field level by masking, clearing, or disabling fields for those users who are not authorized to view or edit this data.
Product “
UI data protection masking for SAP S/4HANA” is used in this scenario to protect sensitive data at field level and must be installed in the
S/4HANA system.
The product is a cross-application product which can be used to mask/protect any field in
SAP GUI,
SAPUI5/SAP Fiori,
CRM Web Client UI, and
Web Dynpro ABAP.
Let’s begin
Configuration to achieve masking
Logical Attribute is a functional modelling of how any attribute such as
Social Security Number,
Bank Account Number,
Amounts,
Pricing information,
Quantity etc. should behave with masking.
Configure Logical Attribute – Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Maintain Metadata Configuration -> Maintain Logical Attributes
Supplier Address
Supplier Bank
Supplier Number
Configure Value Range
Value Ranges are a set of pre-populated values which can be used to derive the context under which an action should be executed.
Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Maintain Metadata Configuration -> Maintain Attributes and Ranges for Policy – Follow below mentioned steps:
Range for Supplier List
- Click on “New Entries” button
- Enter “Value Range” as “VR_PROTECTED_SUPPLIERS_LIST”
- Select “Application Module” as “M Materials Management”
- Enter “Description” as “Protected Supplier's List”
- Click on “Save” button
Enter entries in “VR_PROTECTED_SUPPLIERS_LIST” Value Range
- Execute Transaction Code “/UISM/V_RANGE”
- Click on “VR_PROTECTED_SUPPLIERS_LIST” Value Range
- Click on “Display<- -> Change” button
- Click on “Add New Entry” button
- Add following entries under “Include Value” tab and click on “Save” button
Value Description
8 Witness Protested Supplier : Added by Mr. Jose as per general meeting outcome
12 Witness Protected Supplier : Added by Mr. Brain on request of Mr. Doug
19 Nuclear Supplier : Default Protected
25 Nuclear Supplier : Added for Masking as per meeting held on 1 Feb, 2019
29 Precious Metal Supplier : Protected by Default as per circular dated 12.3.2018
Maintain Technical Address
In this step, we will associate the
Technical Address of the fields to be masked with the
Logical Attributes.
To get the
Technical Address of a
SAPUI5/SAP Fiori field, refer
Technical Trace blog post.
Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Maintain Metadata Configuration -> Maintain Technical Address
Follow below mentioned steps:
Under “
UI5/Fiori NetWeaver Gateway Field Mapping”, maintain technical address for following fields.
Policy Configuration
A
Policy is a combination of
rules and
actions which are defined in one or more
blocks. The
actions are executed on a
sensitive entity (field to be protected) which has to be assigned to a
Policy. The conditions are based on
contextual attributes which help derive the context.
Context Attributes are
logical attributes which are used in designing the
rules of a
policy. They are mapped to fields which are used to derive the context under which an action is to be executed on a
sensitive entity.
Sensitive Entities are
logical attributes which are sensitive and need to be protected from unauthorized access.
Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Data Protection Configuration -> Maintain Policy Details for Attribute based Authorizations – Follow below mentioned steps:
- Click on “New Entries” button
- Enter “Policy Name” as “POL_PROTECT_SUPPLIER”
- Select “Type” as “Field Level Masking”
- Select “Application Module” as “M Materials Management”
- Enter “Description” as “Protect Address of Sensitive Suppliers”
- Click on “Save” button
Write following logic into Policy
Maintain Field Level Security and Masking Configuration
Here, we will define how masking will behave with the logical attribute that we created in above step.
Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Data Protection Configuration -> Maintain Field Level Security and Masking Configuration
Follow below mentioned steps:
- Click on “New Entries” button
- Enter “Sensitive Entity” as “LA_SUPPLIER_ADDRESS” and press “Enter” key. “Description” and “Application Module” will get populated in corresponding fields
- Check “Enable Configuration” check-box
- Select “Attribute Based Authorization” option
- Enter “Policy Name” as “POL_PROTECT_SUPPLIER”
- Click on “Save” button
- Click on “New Entries” button
- Enter “Sensitive Entity” as “LA_SUPPLIER_BANK” and press “Enter” key. “Description” and “Application Module” will get populated in corresponding fields
- Check “Enable Configuration” check-box
- Select “Attribute Based Authorization” option
- Enter “Policy Name” as “POL_PROTECT_SUPPLIER”
- Click on “Save” button
Conclusion
In this blog post, we have learnt how Attribute-based masking is achieved in
Supplier application of SAPUI5 for masking “
Address“, “
Bank Account“, “
Bank Country“, and “
Bank Key” fields.