cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Sensitive Field Protection using SAP UI Masking

former_member204634
Participant

on ‎09-22-2015 2:21 AM

0 Kudos

Hello Everyone

Please pardon if parts of this question are already answered somewhere or other, I am trying to gather bits and pieces around my requirement.

I referred following documentation:

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/607975c0-4168-3210-cab9-96aaa87cc...

and had followup questions related to sensitive fields around vendor information: 

1. Guess its masking the data and not encrypting, then how does it prevent users from not viewing the data  via some reports if we are not encrypting at database level (I infer product documentation (link below) SE16 is protected  but how about some random S_ALR reports - how do we protect them if tax id is visible there? Or its guaranteed that every damn noon and corner within SAP is masked from users who don't have access to corresponding auth object? ) 

    

  2. Does the solution allows for match code masking also ? so that no one can search on sensitive fields by wild card or search on other fields inadvertently doesn't show up the sensitive fields  

    

3. Estimation on level of effort required for protection of Tax id information - would this be out of box solution and straightforward implementation as its a typical requirement, or some level of custom development is required ? I am just trying to understand level of development and testing since we are already in UAT and approaching code freeze at a very fast rate. 

    

Thanks for your time and review !!

Prashant

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

tobias_keller3
Advisor
Advisor
‎10-01-2015 12:40 PM
0 Kudos

Dear Prashant,

thank you for contacting us!


Concerning your questions,

1. UI Masking is based in the UI level, and does not provide database-level functionality like encrypting.

SE16 and other table view transactions can be protected, of course.

For reports, there are means to achieve masking as well; this can naturally not cover new reports which might draw on different data objects.

2. Search help is a tricky topic. We have found that to some degree, our solution might provide protection; this however is subject to analysis on your specific requirements. We're glad to look a a description of what exactly you would need masking for, and potentially provide coverage specifically for your organization.

3. Basically UI Masking should be able to cover Tax ID protection out of the box. There might be caveats that we are happy to evaluate and feed back to you upon your specific requirements.

Please also be aware that SAP UI technology does not provide consistent definitions of objects (e.g. "tax ID"). To ensure consistent masking of "tax ID" (or any other object), UI Masking needs to be configured on database table/field and/or transaction/dynpro field level.

Hope this helps! Very welcome with any other questions and thoughts!


Best,

Tobias Keller

Show replies
Show replies
Ask a Question