02-15-2008 3:02 PM
We want to mask some sensitive fields such as bank account number, social security number, credit card number etc during display based on an authority check. The displayed values, if not authorized, may look something like *****1234 or 1234***** without fully displaying the value.
I have seen some options to do that for credit card numbers but what are our options to do that for any such sensitive fields? Do we have to go for third party tools? If so, do they support only certain fields? Also, we want to do this at the domain level, so that no matter which transaction one of these sensitive fields is displayed on, we want this authority check and masking to happen. I looked for conversion routine option, but not all the domains have conversion routines attached to them.
Encryption of the data at the database level is something we want to keep as last resort. We are on ECC 6.0 version.
02-15-2008 10:11 PM
Are these standard SAP tables and domains?
I would think that some sort of conversion routine would be your best bet.
I recall a similar question a while back, but I don't know if it was ever answered satisfactorily.
Rob
Edited by: Rob Burbank on Feb 16, 2008 4:01 PM
02-15-2008 10:11 PM
Are these standard SAP tables and domains?
I would think that some sort of conversion routine would be your best bet.
I recall a similar question a while back, but I don't know if it was ever answered satisfactorily.
Rob
Edited by: Rob Burbank on Feb 16, 2008 4:01 PM
02-17-2008 6:23 AM
Are these fields in standard SAP transactions or in your own developments? If you're considering encryption, I can only assume the latter. In which case, you've full control over what is displayed. Rob's suggestion of conversion functions is very neat.
If the former, then you could use transaction variants (shd0), to create transactions that mask the sensitive fields completely. Then create your own program that all users calls, that does a further CALL TRANSACTION, depending on the results of authority checks.
matt
02-18-2008 3:31 PM
Thank you Rob/Mathew, I have already looked into conversion routines as I mentioned in my post. But not all of them have conversion routines attached to their domains. So I will have to modify standard SAP domains to add the conversion routines, unless there is another way that I am missing here.
These are standard SAP transactions where we want to do this not custom ones. Hiding is not an option.
02-19-2008 9:37 PM
02-19-2008 9:45 PM
Sorry Rob, he is my collegue asking the same question. So I can say for sure that he hasn't found an answer to it.
02-19-2008 9:47 PM
02-18-2008 3:45 PM
Hi,
did you think about Field-Exits (Transaction: CMOD and then FCOD: PRFB) instead of modification.
Some useful Hints may be found in Note 29377.
Martin
Edited by: Martin Pfeiffer on Feb 18, 2008 4:50 PM
Edited by: Martin Pfeiffer on Feb 18, 2008 4:50 PM
04-17-2008 12:26 AM
Hi! Srinivas,
Have you found any solution for your question yet ? Would you mind share it with me ? Thanks.
12-21-2009 7:34 AM
Hi Srinivas, Rob
Appreciate your questions and answers for the maksing fields. I'm kindoff looking for a similar issue would appreciate and your responses if some one would have come up with a solution. I beleive SAP Would have a solution for this bcoz masking of social is a common scenario and it would come with security team or functional team while creating security matrix I'll check with my team. If any one have an anwer for this kindly update.
Thanks
Raja
08-27-2010 9:17 PM
We still have no answer for this. Third party tools seem to be the only answer.
12-29-2010 5:50 PM
Try this configuration.
SPRO -> Cross-application components -> Payment cards -> Make security settings for payment cards.
This should take care of your issue.
05-19-2011 9:23 PM
Was anyone able to solve this problem?
Have you tried a Field Exit?
http://help.sap.com/saphelp_40b/helpdata/fr/c8/19765b43b111d1896f0000e8322d00/content.htm