Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

How to do conditional UI Masking

Chandan
Advisor
Advisor
0 Kudos

Hi Experts, Could anyone please help me with my below requirement related to Conditional UI masking:

Issue - As per the requirement we have to mask whole row (if possible) or multiple column depending upon a specific field the data (Containing Sensitive Data) table as well as in Tcodes.

Information that I have -

As there is a constraint in UI Masking that restricts us to determine the row-wise data as we get data comes column-wise so the above condition was not met in the BAPI. The primary key field of a table can be conditionally masked as their relation can directly be selected from DB. Thus for POC only 2 fields from the MARC table was conditionally masked - MATNR(Material) and Plant(WERKS). MATNR is the primary key field of the table MARC thus we were able to determine whether the Material was extended to Nuclear Plant or not by checking it from DB. WERKS has direct condition so we know which are realted to specific plant. But in case of other fields we are not able to determine which material or plant does the value belong thus cannot be masked.We want to mask the rest of the fields from MARC table based on values of MARC-WERKS.

The similar kind of masking is needed for over 109 tables depending upon different criteria.

For the poc we have done the below code in BAPI /UIM/ES_MASKING-PREPARE_MASK_DATA

CHECK cs_mask_data-fldname EQ 'MATNR' OR cs_mask_data-fldname EQ 'WERKS' OR cs_mask_data-fldname EQ 'EMATN'. ASSIGN: cs_mask_data-original_val->* TO <fv_original>, cs_mask_data-masked_val->* TO <fv_masked>. * IF <fv_original> IS ASSIGNED. CASE cs_mask_data-fldname. WHEN 'MATNR' OR 'EMATN'. GET PARAMETER ID 'MAT' FIELD lv_matnr. IF NOT lv_matnr IS INITIAL. CLEAR lv_matnr. SET PARAMETER ID 'MAT' FIELD lv_matnr. ENDIF. lv_matnr = <fv_original>. CALL FUNCTION 'CONVERSION_EXIT_MATN1_INPUT' EXPORTING input = lv_matnr IMPORTING output = lv_matnr EXCEPTIONS length_error = 1 OTHERS = 2. IF sy-subrc <> 0. * Implement suitable error handling here ENDIF. SELECT COUNT( * ) FROM marc WHERE matnr EQ lv_matnr AND werks LIKE <Specific plant>. IF NOT sy-subrc IS INITIAL AND cs_mask_data-auth_flag IS INITIAL. <fv_masked> = <fv_original>. ENDIF. WHEN 'WERKS'. IF cs_mask_data-auth_flag IS INITIAL AND <fv_original>(1) NE <Specific plant>. <fv_masked> = <fv_original>. ENDIF. WHEN OTHERS. ENDCASE. ENDIF.

2 REPLIES 2

Sandra_Rossi
Active Contributor

Please format your code. There's the buton "CODE".

0 Kudos

Hi Chandan

I am from the Product Management team of the UI data protection product.

You can refer to the blog by Kulvendra (Architect) of the product to help you out in your scenario.

https://blogs.sap.com/2020/01/06/abac-attribute-based-masking-in-transaction-fbl1n/

In case you have any further queries, please mention as a comment and I will get back to you.

Thanks,
Deepak