10-14-2015 3:05 PM
Hi Experts,
I have a project requirement where i need to mask sensitive information like SSN,DOB,Bank account no etc which we get in SE16 output .
In se16-> PA0002(table name) we get result which contains column which has sensitive information like SSN,DOB. Instead of restricting the complete table access i want to mask those particular columns which has sensitive information at UI level . Is it possible to acheive it?
10-14-2015 4:02 PM
If you use SE16N, there are roles and exits which you can use to achieve this functionality. The authorization object which you may use is S_BRWS_CUS. Have a look at these tables:
SE16N_ROLE_DEF Definition of Roles
SE16N_ROLE_DEF_T Definition of Roles, Text Table
SE16N_ROLE_TABLE Field level authorization check
SE16N_ROLE_VALUE Field value level authorization check
SE16N_USER_ROLE Assignment of User to Roles
Thanks,
Juwin
10-14-2015 3:34 PM
Hi.
You should create a view for them in this case and revoke user rights to display the original table.
Hope to help
Bye
10-14-2015 3:41 PM
Hi Roberto,
Thanks for your reply.
We have minor restriction from client side, we can't create custom view for standard table. Is it possible to implement something like BADI which will mask the data if user don't have authorisation else for authorised user it will display unmasked data.
10-14-2015 4:10 PM
Hi.
Yes there's a BADI but it's inside a global crossroad in SAP and you would affect all tables viewed from SE16.
That's not reccomended to do such things. Better should be a custom program that simulates SE16 or other stuff like this.
Client shouldn't ask for such things because make their system unstable. But if they still want and they pay, no problem
Hope to help
Bye
10-14-2015 4:02 PM
If you use SE16N, there are roles and exits which you can use to achieve this functionality. The authorization object which you may use is S_BRWS_CUS. Have a look at these tables:
SE16N_ROLE_DEF Definition of Roles
SE16N_ROLE_DEF_T Definition of Roles, Text Table
SE16N_ROLE_TABLE Field level authorization check
SE16N_ROLE_VALUE Field value level authorization check
SE16N_USER_ROLE Assignment of User to Roles
Thanks,
Juwin
10-15-2015 10:54 AM
Hi Juwin,
Thanks for your reply.
Do ABAPer needs to implement it...or do we need to contact security guys ?
10-15-2015 1:37 PM
Hi Meemank,
There is no ABAP coding required to implement this. So, security guys should be able to do this on their own.
Thanks,
Juwin
04-14-2016 11:27 AM
Dear Juwin,
on the customer system (currently NW 7.02) we have the TCODE SE16N_ROLE and the tables you spoke of.
BUT: TCODE SE16N_ROLE tells me: "not yet released" .
Tried on our demo system (NW 7.31 + EHP 7 + SimpleFinance ==> newer than customer-system) and got the same message "not released".
the message pops up directly out of code, so there is no customizing-switch to get it running easily:
any ideas?
br
chris
04-14-2016 2:50 PM
Yes, I also got this message for the Tcode. But, if when I checked SE16N code, I can see that the checks for authorization are already coded in there.
Thanks,
Juwin
04-14-2016 4:03 PM
Don't add your question to an old question. Start a new question and link to the old if necessary. The reasons are
1. You can't mark any answers as correct or helpful because it's not your question
2. An old thread moves to first page
3. People don't notice the date and start answering the old question.
Thread locked.
10-16-2015 12:50 PM
Meemank,
I echo Roberto Vacca.
You should explain them the consequences of tampering the standard code and suggest the available alternatives.Being an SAP Consultant it is part of your role to advise the Customer on pros and cons an convince them to use the best available alternative rather than tampering the standard code.
K.Kiran.
10-16-2015 2:05 PM
Hi Kiran,
I totally agree with you.
Acutally client doesn't want us to create a view for standard table. They are looking for some alternate possibilities to achieve the requirement. That's why i am searching for alternate ways, So that i can suggest them. I would like to thank Juwin and Roberto for their help, Do we have any other ways to achieve the functionalities.
04-14-2016 3:27 PM
How about making a sap querry instead (combined with a transaction ofc)?