Skip to Content

Masking sensitive fields during display

We want to mask some sensitive fields such as bank account number, social security number, credit card number etc during display based on an authority check. The displayed values, if not authorized, may look something like *****1234 or 1234***** without fully displaying the value.

I have seen some options to do that for credit card numbers but what are our options to do that for any such sensitive fields? Do we have to go for third party tools? If so, do they support only certain fields? Also, we want to do this at the domain level, so that no matter which transaction one of these sensitive fields is displayed on, we want this authority check and masking to happen. I looked for conversion routine option, but not all the domains have conversion routines attached to them.

Encryption of the data at the database level is something we want to keep as last resort. We are on ECC 6.0 version.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

7 Answers

  • Best Answer
    avatar image
    Former Member
    Feb 15, 2008 at 10:11 PM

    Are these standard SAP tables and domains?

    I would think that some sort of conversion routine would be your best bet.

    I recall a similar question a while back, but I don't know if it was ever answered satisfactorily.

    Rob

    Edited by: Rob Burbank on Feb 16, 2008 4:01 PM

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 17, 2008 at 06:23 AM

    Are these fields in standard SAP transactions or in your own developments? If you're considering encryption, I can only assume the latter. In which case, you've full control over what is displayed. Rob's suggestion of conversion functions is very neat.

    If the former, then you could use transaction variants (shd0), to create transactions that mask the sensitive fields completely. Then create your own program that all users calls, that does a further CALL TRANSACTION, depending on the results of authority checks.

    matt

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 18, 2008 at 03:45 PM

    Hi,

    did you think about Field-Exits (Transaction: CMOD and then FCOD: PRFB) instead of modification.

    Some useful Hints may be found in Note 29377.

    Martin

    Edited by: Martin Pfeiffer on Feb 18, 2008 4:50 PM

    Edited by: Martin Pfeiffer on Feb 18, 2008 4:50 PM

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Apr 16, 2008 at 11:26 PM

    Hi! Srinivas,

    Have you found any solution for your question yet ? Would you mind share it with me ? Thanks.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 21, 2009 at 07:34 AM

    Hi Srinivas, Rob

    Appreciate your questions and answers for the maksing fields. I'm kindoff looking for a similar issue would appreciate and your responses if some one would have come up with a solution. I beleive SAP Would have a solution for this bcoz masking of social is a common scenario and it would come with security team or functional team while creating security matrix I'll check with my team. If any one have an anwer for this kindly update.

    Thanks

    Raja

    Add comment
    10|10000 characters needed characters exceeded

  • Aug 27, 2010 at 08:17 PM

    We still have no answer for this. Third party tools seem to be the only answer.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Try this configuration.

      SPRO -> Cross-application components -> Payment cards -> Make security settings for payment cards.

      This should take care of your issue.

  • avatar image
    Former Member
    May 19, 2011 at 08:23 PM

    Was anyone able to solve this problem?

    Have you tried a Field Exit?

    http://help.sap.com/saphelp_40b/helpdata/fr/c8/19765b43b111d1896f0000e8322d00/content.htm

    Add comment
    10|10000 characters needed characters exceeded