Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mask sensitive information of SE16

Go to solution
Former Member

‎10-14-2015 3:05 PM

0 Kudos


Hi Experts,

I have a project requirement where i need to mask sensitive information like SSN,DOB,Bank account no etc which we get in SE16 output .

In se16-> PA0002(table name) we get result which contains column which has sensitive information like SSN,DOB. Instead of restricting the complete table access i want to mask those particular columns which has sensitive information at UI level . Is it possible to acheive it?

1 ACCEPTED SOLUTION

Go to solution
Juwin
Active Contributor

‎10-14-2015 4:02 PM

0 Kudos

If you use SE16N, there are roles and exits which you can use to achieve this functionality. The authorization object which you may use is S_BRWS_CUS. Have a look at these tables:

SE16N_ROLE_DEF                 Definition of Roles

SE16N_ROLE_DEF_T               Definition of Roles, Text Table

SE16N_ROLE_TABLE               Field level authorization check

SE16N_ROLE_VALUE               Field value level authorization check

SE16N_USER_ROLE                Assignment of User to Roles

Thanks,

Juwin

12 REPLIES 12

Go to solution
roberto_vacca2
Active Contributor

‎10-14-2015 3:34 PM

0 Kudos

Hi.

You should create a view for them in this case and revoke user rights to display the original table.

Hope to help

Bye

Go to solution
Former Member
In response to roberto_vacca2

‎10-14-2015 3:41 PM

0 Kudos

Hi Roberto,

Thanks for your reply.

We have minor restriction from client side, we can't create custom view for standard table. Is it possible to implement something like BADI which will mask the data if user don't have authorisation else for authorised user it will display unmasked data.

Go to solution
roberto_vacca2
Active Contributor
In response to roberto_vacca2

‎10-14-2015 4:10 PM

0 Kudos

Hi.

Yes there's a BADI but it's inside a global crossroad in SAP and you would affect all tables viewed from SE16.

That's not reccomended to do such things. Better should be a custom program that simulates SE16 or other stuff like this.

Client shouldn't ask for such things because make their system unstable. But if they still want and they pay, no problem

Hope to help

Bye

Go to solution
Juwin
Active Contributor

‎10-14-2015 4:02 PM

0 Kudos

If you use SE16N, there are roles and exits which you can use to achieve this functionality. The authorization object which you may use is S_BRWS_CUS. Have a look at these tables:

SE16N_ROLE_DEF                 Definition of Roles

SE16N_ROLE_DEF_T               Definition of Roles, Text Table

SE16N_ROLE_TABLE               Field level authorization check

SE16N_ROLE_VALUE               Field value level authorization check

SE16N_USER_ROLE                Assignment of User to Roles

Thanks,

Juwin

Go to solution
Former Member
In response to Juwin

‎10-15-2015 10:54 AM

0 Kudos

Hi Juwin,

Thanks for your reply.

Do ABAPer needs to implement it...or do we need to contact security guys ?

Go to solution
Juwin
Active Contributor
In response to Juwin

‎10-15-2015 1:37 PM

0 Kudos

Hi Meemank,

There is no ABAP coding required to implement this. So, security guys should be able to do this on their own.

Thanks,

Juwin

Go to solution
christianpunz
Participant
In response to Juwin

‎04-14-2016 11:27 AM

0 Kudos

Dear Juwin,

on the customer system (currently NW 7.02) we have the TCODE SE16N_ROLE and the tables you spoke of.

BUT: TCODE SE16N_ROLE tells me: "not yet released" .

Tried on our demo system (NW 7.31 + EHP 7 + SimpleFinance  ==> newer than customer-system) and got the same message "not released".

the message pops up directly out of code, so there is no customizing-switch to get it running easily:

any ideas?

br

chris

Preview file
4 KB
Preview file
8 KB

Go to solution
Juwin
Active Contributor
In response to Juwin

‎04-14-2016 2:50 PM

0 Kudos

Yes, I also got this message for the Tcode. But, if when I checked SE16N code, I can see that the checks for authorization are already coded in there.

Thanks,

Juwin

Go to solution
matt
Active Contributor
In response to Juwin

‎04-14-2016 4:03 PM

0 Kudos

Don't add your question to an old question. Start a new question and link to the old if necessary. The reasons are

1. You can't mark any answers as correct or helpful because it's not your question

2. An old thread moves to first page

3. People don't notice the date and start answering the old question.

Thread locked.

Go to solution
kiran_k8
Active Contributor

‎10-16-2015 12:50 PM

0 Kudos

Meemank,

I echo Roberto Vacca.

You should explain them the consequences of tampering the standard code and suggest the available alternatives.Being an SAP Consultant it is part of your role to advise the Customer on pros and cons an convince them to use the best available alternative rather than tampering the standard code.

K.Kiran.

Go to solution
Former Member
In response to kiran_k8

‎10-16-2015 2:05 PM

0 Kudos

Hi Kiran,

I totally agree with you.

Acutally client doesn't want us to create  a view for standard table. They are looking for some alternate possibilities to achieve the requirement. That's why i am searching for alternate ways, So that i can suggest them. I would like to thank Juwin and Roberto for their help, Do we have any other ways to achieve the functionalities.

Go to solution
Patrick_vN
Active Contributor
In response to kiran_k8

‎04-14-2016 3:27 PM

0 Kudos

How about making a sap querry instead (combined with a transaction ofc)?