Sunday, 04 April 2021 09:03

UI Data Protection – How to protect sensitive data displayed in SAP GUI Trees

Written by Shantanu Sharma
Rate this item
(0 votes)
“© 2020. SAP SE or an SAP affiliate company. All rights reserved.” “Used with permission of SAP SE”

In this blog, we see how to use SAP UI Data Protection Masking to protect sensitive data represented through Trees.

Several transactions use Tree displays to represent data. A common example is the address usage tree in the BP transaction. In this blog, we use the BP transaction to showcase how sensitive data can be protected using SAP UI Data Protection Masking for SAP S/4HANA. However, the same steps would apply on any transaction / report which represents data through any sort of Tree.

Use the recording tool to capture the technical details of the fields. For more information of the recording tool, refer this blog

Select the record with the Field ID ‘TEXT’  and assign a logical attribute to it. For more information on logical attributes and configuring data protection, refer this blog.

Once the configuration is made, the entire tree will be masked.

Similarly, if the configuration is for data blocking, the entrie tree display will be blocked. Such as in the screenshot below:

However, to protect (mask/block) selective nodes in the tree through conditional logic, a few extra steps are required. This would require the setting up of a scenario with Attribute based Masking

Furthermore, a helper class: /UISM/CL_DA_HELPER is delivered to provide additional contextual information in tree scenarios. The helper methods can be used to write the logic for derived attributes, which in turn can be used in the Policies. Through configurations, it is possible to protect certain nodes. As in the screenshot below, only certain nodes are protected

For more information on node-specific masking, please feel free to reach out to me / raise an OSS incident in the component ‘GRC-UDS-DO’.

Continue reading here
Read 55 times

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.