Introduction
In this blog post, we will learn how to mask “
Tax Number" field based on “
Tax Number Category” information of table
DFKKBPTAXNUM in
SE16 and BP transaction.
“
Tax Number” field of table
DFKKBPTAXNUM in
SE16 and
BP transaction need to be masked where “
Tax Number Category" is “
US01”. For other "
Tax Number Category", "
Tax Number" field will appear as unmasked.
A PFCG Role will be used for the authorization check which will allow users with the specified role to view the field value. If a user does not have this role, it means the user is not authorized and data will be protected either through masking, clearing, or disabling the field.
The end result for unauthorized users will look like below:
SE16 – ALV Grid Display
Masking is also supported in
Display,
Detail,
Double-Click,
Print, and
Download scenario for
SE16 ALV Grid Display in this scenario.
SE16 – ALV List
Masking is also supported in
Display,
Detail,
Double-Click, and
Download scenario for
SE16 ALV List in this scenario.
SE16 – Standard List
Masking is also supported in
Display,
Detail, and
Double-Click scenario for
SE16 Standard List in this scenario.
SE16N
Masking is also supported in
Detail,
Double-Click, Views-List Output, View-Excel In-place, and Download scenario for
SE16N in this scenario.
BP - Identification tab - Tax Numbers section
What is Context based Masking?
Attributes that deal with time, location or dynamic aspects is called
Context (environment)
attribute. Masking a field based on context attribute is called
Context based-masking.
e.g. – Masking the salary of employees who belong to Germany.
Prerequisite
“
Field Masking for SAP GUI” is a solution to protect sensitive data on
SAP GUI screens at field level.Product “
Field Masking for SAP GUI” is delivered to customer as add-on (
UIM 100). To achieve Role based masking, Add-on
UIM 100 must be installed in customer system.
Requirement
Context-based masking is required for
SE16 and
BP transaction, “
Tax Number” field of table
DFKKBPTAXNUM in
SE16 and
BP transaction need to be masked where “
Tax Number Category" is “
US01”. For other "
Tax Number Category", "
Tax Number" field will appear as unmasked.
Maintain Masking configuration
Configure Technical Information (
Table Name-Field Name) of field in masking configuration.
You can get the Technical Address of a GUI field by pressing “
F1” on the field.
Follow the given path:
SPRO -> SAP NetWeaver -> Field Masking for SAP GUI -> Masking Configuration->Maintain Masking Configuration
Follow below mentioned steps:
- Click on “New Entries” button
- Enter “Table Name” as “DFKKBPTAXNUM”
- Enter “Field Name” as “TAXNUM”
- Enter “PFCG Role Name” as “/UIM/PFCG_ROLE“. In this example, we have used a blank role “/UIM/PFCG_ROLE”. Customers can use any role as per their requirement.
- Check “Masking Control” checkbox”
- Click on “Save” button
Follow below mentioned steps:
- Click on “New Entries” button
- Enter “Table Name” as “DFKKBPTAXNUM”
- Enter “Field Name” as “TAXNUMXL”
- Enter “PFCG Role Name” as “/UIM/PFCG_ROLE“. In this example, we have used a blank role “/UIM/PFCG_ROLE”. Customers can use any role as per their requirement.
- Check “Masking Control” checkbox”
- Click on “Save” button
Mass Configuration
For the above entries, “
Mass Configuration” report should be executed which is required to generate technical addresses.
Follow below mentioned steps:
- Select the entry
- Click on “Mass Configuration” button
- Click on “Select All” button
- Click on “Generate Customizing” button
- Save the information
BAdI Implementation
Context-based masking can be achieved by implementing Masking BAdI
/UIM/BD_MASKING
Create BAdI implementation for method
PREPARE_MASK_DATA
Sample code is given below –
method /UIM/IF_UISECURITY~PREPARE_MASK_DATA.
DATA: lv_taxnum TYPE BPTAXNUM,
ls_dfkkbptaxnum TYPE dfkkbptaxnum.
"-- Mask taxnumber in table DFKKBPTAXNUM output and BP transaction for tax category US1
CHECK cs_mask_data-tabname EQ 'DFKKBPTAXNUM' AND ( cs_mask_data-fldname EQ 'TAXNUM' OR cs_mask_data-
fldname EQ 'TAXNUMXL' ).
ASSIGN cs_mask_data-original_val->* TO FIELD-SYMBOL(<fs_taxnum>).
lv_taxnum = <fs_taxnum> .
SELECT SINGLE * FROM dfkkbptaxnum INTO ls_dfkkbptaxnum WHERE taxnum = lv_taxnum..
IF sy-subrc = 0 AND ls_dfkkbptaxnum-taxtype = 'US1'.
ELSE.
cs_mask_data-masked_val = cs_mask_data-original_val.
ENDIF.
endmethod.
Conclusion
In this blog post, we have learnt how Role-based masking is achieved for “
Tax Number” field based on “
Tax Number Category" information of table
DFKKBPTAXNUM in
SE16 and
BP transaction.