Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mask Vendor Tax ID number ?

Former Member

‎01-09-2009 2:36 PM

0 Kudos

Hi All

is it possible to mask Vendor Tax ID number like what we can do for Credit Cards? The issue is that it might contain SSN in some cases for us, and we would like to protect the unauthorized users from viewing it using any way - XK02, XK03, or SE16 or even using a query.

8 REPLIES 8

charmaine_greene
Explorer

‎01-09-2009 6:45 PM

0 Kudos

Hi

You can make certain fields invisible to users by creating transaction variants - have you looked into this option?

Or speak to a Functional FI Consultant in your business . They may know of other functionality that will acheive the desired effect.

Regards

Charmaine

Former Member

‎01-10-2009 7:36 PM

0 Kudos

Hmmm... I guess we have to list all the hacks for you now...

First of all, for the XK* and FK* transaction contexts, you can look in the IMG to add field authorization groups to the field (though these normally control change ability) and field status variants to hide the field (though these are normally global and will affect all users AFAIK). Of course, you could develop your own little application to maintain the tax ID number or (not sure which release you are on) look for appropriate enhancement points.

> To quote myself again:

>> First of all, for the XK* and FK* transaction contexts...

This of course depends on how intact your authorization concept is, to restrict the contexts of the calling user. E.g. some folks create a huge "Universal Role for All Users" and even add anything which appears harmless or unknown to them but found in a trace, to it...) and then rely on subsequent roles (search the forum for "enabler") to add the org levels and activities required to do something more than just display. Of course, that looks good in a Power Point presentation, but when requirements such as these come along then they spot the design error too late, as all their hundreds of "harmless transactions" and broad display authority is already out there "in the wild" and users are using the transactions.

I hope that is not the case here, but wanted to mention it anyway.

Second, the report generators, queries and table views: I assume that you are using quick viewer, report painter, SE16_BSEG, etc and the likes. That in my opinion is a design error as well, even if understandable one to some extent. The bugger is that you cannot control a table at field level unless you make it an org relevant field (object S_TABU_LIN), but a TAX ID number is not an obvious candidate for that. That is why it is best to keep users off the tables completely, right from the start.

Again here you could look for coding exits in the data browsers you are using to clear the field, but that is not bullet proof if the user can display the group which the table belongs to.

I am not logged on, but is it possible to do an F4 search for a vendor in FK03 based on the Tax ID?

Of course you could encrypt the whole DB, but that doesn't help much in the above two scenarios.

Cheers,

Julius

Former Member
In response to Former Member

‎01-10-2009 11:39 PM

0 Kudos

Hi Julius,

Basically I am looking for the similar solution what SAP has for Credit Card#s using Cryptographic library. I can control it for some of the transactions using auths or enhancements, but I could nto find a way to control it system wide. Like in SE16 anyone would be able to viiew all the columns in the table.

This is a brand new implementation ( ECC 6.0 EhP 3 ) and we are still in early stages of defining various roles.

Former Member
In response to Former Member

‎01-11-2009 9:03 AM

0 Kudos

A possibility which comes to mind is to encrypt the data from an enhancement and restrict the access points to create and change the TAX ID so that it cannot bypass the encryption.

Then only decrypt it from those business functions where there is intention to be able to see the data if authorized.

That way, anyone running a query (but possibly also many other reports in the information systems, drill down ALVs, etc) will return nothing.

One way of doing this in ABAP, is via the "Secure Store and Forward" (see for some restraints).

Cheers,

Julius

Former Member
In response to Former Member

‎01-11-2009 2:07 PM

0 Kudos

Thanks, looks like something worth exploring. I will try it out next week and let you know how it goes

Former Member
In response to Former Member

‎09-03-2010 4:05 PM

0 Kudos

HI MxG,

Were you able to mask the vendor tax ID, if so can you share the details on how this can be done.

Thanks.

Former Member
In response to Former Member

‎10-18-2010 2:41 PM

0 Kudos

I am monitoring this thread and I am interested in learning if anyone has been able to mask display of tax id in vendor related transactions.

Former Member
In response to Former Member

‎01-13-2011 9:21 PM

0 Kudos

I have the same request from the business and they are looking for help from security to "mask first five digits of the vendor TIN number".

I am also monitoring this thread, if there is any information on how to accomplish this, please update.