user guide for field masking for web dynpro for abap 1.0 sp02

USER GUIDE | PUBLIC

Document Version: 1.0 – 2017-11-28

User Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02

© 2

018

SAP

SE o

r an

SAP affi

liate

com

pany

. All r

ight

s re

serv

ed.

THE BEST RUN

Content

1 Introduction to Field Masking for Web Dynpro for ABAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

2 Field Masking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.1 Configuring Field Masking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

3 Field Access Trace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63.1 Configuring Field Access Trace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Displaying Trace Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7Deleting Trace Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Archiving Trace Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Reading Archived Trace Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Deleting Archived Trace Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2 P U B L I CUser Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02

Content

1 Introduction to Field Masking for Web Dynpro for ABAP

Field masking for Web Dynpro for ABAP is a solution that masks the screen output of restricted and sensitive data values at field level of Web Dynpro screens.

It consists of the following functions:

● Field masking: This function allows only users with field-level authorization to view field values on the Web Dynpro for ABAP screens.

● Field access trace: This function creates an access trace entry when the user accesses the fields configured for masking.

NoteCertain considerations apply when using field masking for Web Dynpro for ABAP. For more information, see SAP Note 2392451

Related Information

Field Masking [page 4]Field Access Trace [page 6]

User Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02Introduction to Field Masking for Web Dynpro for ABAP P U B L I C 3

http://help.sap.com/disclaimer?site=https://launchpad.support.sap.com/#/notes/2392451

2 Field Masking

Field masking for Web Dynpro ABAP allows only users with field-level authorization to view field values.

If a user is not authorized to view the value for a field, the data is masked with masking characters. Only users who are authorized to view the field value can see the original value.

Related Information

Configuring Field Masking [page 4]

2.1 Configuring Field Masking

Configure field masking for Web Dynpro ABAP to mask the screen output at field level of Web Dynpro screens in the system.

Prerequisites

● The following SAP Notes have been implemented prior to installation of the add-on:○ SAP Note 2392399 (UIMWDA 100: Master Note for Field Masking for Web Dynpro ABAP )○ SAP Note 2392421 (UIMWDA 100: Add-On UIMWDA 100 Installation Note)○ The UIMWDA 100 add-on has been installed.○ The required post-installation SAP Notes required for field masking for Web Dynpro for ABAP have

been implemented as mentioned in SAP Note 2392399 .

Procedure

1. Configure the fields for field masking for Web Dynpro for ABAP in Customizing for SAP NetWeaver under Field Masking for Web Dynpro for ABAP Masking Configuration Maintain Masking Configuration .

2. Assign the default role /UIMWDA/PFCG_ROLE to authorized users using Role Maintenance (transaction PFCG). If you want to use a different role for a specific field, you can also maintain any other PFCG role in the Role field under General Details. Only users assigned to this role are authorized to view the original value of the field. The masked value is displayed to all users not assigned this role. If the field is left blank, data is not masked for any user.


Field Masking




Results

You have configured field masking for the respective fields for all users except those users assigned the role that authorizes them to view the original value.

Related Information

Field Masking [page 4]Field Access Trace [page 6]

User Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02Field Masking P U B L I C 5

3 Field Access Trace

Field access trace writes an access data entry when the user accesses the fields configured for masking.

The following information is logged by field access trace:

● Who – user who accessed the value● When – date and time when the user accessed the value● How – application name, component name, view name, component configuration, and field name that was

configured● What – the value displayed on the screen● Authorization – whether the user was authorized to view unmasked data for the configured field● Any free text added through a BAdI

Field access trace uses the same configuration tables as those tables used for field masking and is carried out for the Web Dynpro for ABAP screens.

Related Information

Configuring Field Access Trace [page 6]Field Masking [page 4]

3.1 Configuring Field Access Trace

Configure field access trace in the system to trace user access to the fields that you have configured for masking.

Prerequisites

In Customizing for SAP NetWeaver under Field Masking for Web Dynpro for ABAP Masking Configuration Maintain Masking Configuration , you have maintained the following Web Dypnro configuration data:

● Application name● Component● View name● Application type● Component configuation (if applicable)● Masking control indicator


Field Access Trace

Procedure

1. In Customizing for SAP NetWeaver, choose Field Masking for Web Dynpro for ABAP Masking Configuration Maintain Masking Configuration .

2. In the WD Masking Configuration table, select the row containing the application in which you want to mask certain fields.

3. Choose Maintain Field Data.4. Enter the ID of the field you want to mask and select one of the Field Access Trace options:

○ Trace If Original Field Value Is Displayed Without Masking○ Always Trace Regardless of Masking○ Never Trace Regardless of Masking

5. Maintain the other configuration data for the field to be masked.6. Save your entries.

Results

You have enabled field access trace for the masked field based on the option you selected.

Related Information

Field Access Trace [page 6]Field Masking [page 4]Configuring Field Masking [page 4]

3.1.1 Displaying Trace Data

Display the trace entries created by field access trace to see a list of users who have accessed certain fields configured for masking.

Prerequisites

You have DISPLAY authorization on the authorization object /UIMWDA/AO.

User Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02Field Access Trace P U B L I C 7

Procedure

1. On the SAP Easy Access screen, choose Cross-Application Components Field Masking for Web Dynpro for ABAP View and Delete Field Access Trace .

NoteThis starts the report /UIMWDA/R_VIEW_DEL_UI_FAT (for more information about this report, see the associated documentation in the system).

2. Enter your selection parameters.3. Execute the report.

Results

The system displays a list of access trace entries based on your selection parameters.

Related Information

Deleting Trace Data [page 8]

3.1.2 Deleting Trace Data

Delete the trace entries created by field access trace if they are no longer required in the system. For example, you may want to delete old entries for a specific time period.

Prerequisites

You have DELETE authorization on the authorization object /UIMWDA/AO.

Procedure

1. On the SAP Easy Access screen, choose Cross-Application Components Field Masking for Web Dynpro for ABAP View and Delete Field Access Trace .


Field Access Trace

NoteThis starts the report /UIMWDA/R_VIEW_DEL_UI_FAT (for more information about this report, see the associated documentation in the system).

2. Enter your selection parameters.3. Execute the report.4. In the table displayed, select the entries you want to delete.5. Delete the entries from the table.

Results

You have deleted the trace entries from the access trace table.

Related Information

Displaying Trace Data [page 7]Field Access Trace [page 6]

3.1.3 Archiving Trace Data

Archive trace data if you want to move existing entries from the access trace table to the archive files. For example, you may want to archive trace data if the trace table contains a large number of entries or if you no longer want to view the old entries.

Prerequisites

● You have WRITE authorization on the authorization object /UIMWDA/AO● Entries exist in the access trace table for the selected date range.

Procedure

1. On the SAP Easy Access screen, choose Cross-Application Components Field Masking for Web Dynpro for ABAP Write Field Access Trace to Archive .


NoteThis starts the report /UIMWDA/R_ARCHIVE_WRITE (for more information about this report, see the associated documentation in the system).

2. Specify the date range.3. Select one of the following processing options:

○ Test Mode: The data is not archived.○ Production Mode: The data is archived.

4. Select the detail log type and output you require.5. (Optional) Enter an archiving session note6. Execute the report.

Results

The system writes the trace data to the archive files based on the selected date range and displays a summary of the results based on the parameters you selected. The results also indicate the processing mode you selected (Test Mode or Production Mode).

Related Information

Reading Archived Trace Data [page 10]Deleting Archived Trace Data [page 11]

3.1.4 Reading Archived Trace Data

Read trace data from the archived files to display the archived trace data for a selected date range.

Prerequisites

● You have DISPLAY authorization on the authorization object /UIMWDA/AO.● Archived data exists for the selected date range.


Field Access Trace

Procedure

1. On the SAP Easy Access screen, choose Cross-Application Components Field Masking for Web Dynpro for ABAP Read Field Access Trace Data from Archive .

NoteThis starts the report /UIMWDA/R_ARCHIVE_READ (for more information, see the associated report documentation in the system).

2. Specify the creation date range of the trace entries that you want to display.3. Execute the report.4. In the dialog box that opens, select the archive files that you want to read and then choose Continue.

Results

The system displays the archived trace data based on the selected date range of the trace.

Related Information

Deleting Archived Trace Data [page 11]Archiving Trace Data [page 9]

3.1.5 Deleting Archived Trace Data

Delete archived trace data from the trace table if the archive has exceeded its data limit or if you want to remove the old data saved in the archive files.

Prerequisites

● You have DELETE authorization on the authorization object /UIMWDA/AO.● The entries to be deleted exist.

Procedure

1. On the SAP Easy Access screen, choose Cross-Application Components Field Masking for Web Dynpro for ABAP Delete Archived Data from Access Trace Table .


NoteThis starts the report /UIMWDA/R_ARCHIVE_DELETE (for more information about this report, see the associated documentation in the system).

2. On the initial screen, select from the following processing options:

○ Test Mode: The data is not deleted.○ Production Mode: The data is deleted.

3. Execute the report.4. In the dialog box that opens, select the archive files that you want to delete and then choose Continue.

Results

The system displays a summary of archive files that have been deleted from the access trace table. The results also indicate the processing mode you selected (Test Mode or Production Mode).

Related Information

Archiving Trace Data [page 9]


Field Access Trace

Important Disclaimers and Legal Information

HyperlinksSome links are classified by an icon and/or a mouseover text. These links provide additional information.About the icons:

● Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your agreements with SAP) to this:

● The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.● SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any

damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.

● Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering a SAP-hosted Web site. By using such links, you agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this information.

Beta and Other Experimental FeaturesExperimental features are not part of the officially delivered scope that SAP guarantees for future releases. This means that experimental features may be changed by SAP at any time for any reason without notice. Experimental features are not for productive use. You may not demonstrate, test, examine, evaluate or otherwise use the experimental features in a live operating environment or with data that has not been sufficiently backed up.The purpose of experimental features is to get feedback early on, allowing customers and partners to influence the future product accordingly. By providing your feedback (e.g. in the SAP Community), you accept that intellectual property rights of the contributions or derivative works shall remain the exclusive property of SAP.

Example CodeAny software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax and phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of example code unless damages have been caused by SAP's gross negligence or willful misconduct.

Gender-Related LanguageWe try not to use gender-specific word forms and formulations. As appropriate for context and readability, SAP may use masculine word forms to refer to all genders.

User Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02Important Disclaimers and Legal Information P U B L I C 13

www.sap.com/contactsap

© 2018 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. The information contained herein may be changed without prior notice.

Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary.

These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies.

Please see https://www.sap.com/about/legal/trademark.html for additional trademark information and notices.

THE BEST RUN

https://www.sap.com/about/legal/trademark.html

user guide for field masking for web dynpro for abap 1.0 sp02

Documents