user guide for field masking for web dynpro for abap 1.0 sp02
TRANSCRIPT
USER GUIDE | PUBLIC
Document Version: 1.0 – 2017-11-28
User Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02
© 2
018
SAP
SE o
r an
SAP affi
liate
com
pany
. All r
ight
s re
serv
ed.
THE BEST RUN
Content
1 Introduction to Field Masking for Web Dynpro for ABAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
2 Field Masking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.1 Configuring Field Masking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3 Field Access Trace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63.1 Configuring Field Access Trace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Displaying Trace Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7Deleting Trace Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Archiving Trace Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Reading Archived Trace Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Deleting Archived Trace Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2 P U B L I CUser Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02
Content
1 Introduction to Field Masking for Web Dynpro for ABAP
Field masking for Web Dynpro for ABAP is a solution that masks the screen output of restricted and sensitive data values at field level of Web Dynpro screens.
It consists of the following functions:
● Field masking: This function allows only users with field-level authorization to view field values on the Web Dynpro for ABAP screens.
● Field access trace: This function creates an access trace entry when the user accesses the fields configured for masking.
NoteCertain considerations apply when using field masking for Web Dynpro for ABAP. For more information, see SAP Note 2392451
Related Information
Field Masking [page 4]Field Access Trace [page 6]
User Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02Introduction to Field Masking for Web Dynpro for ABAP P U B L I C 3
2 Field Masking
Field masking for Web Dynpro ABAP allows only users with field-level authorization to view field values.
If a user is not authorized to view the value for a field, the data is masked with masking characters. Only users who are authorized to view the field value can see the original value.
Related Information
Configuring Field Masking [page 4]
2.1 Configuring Field Masking
Configure field masking for Web Dynpro ABAP to mask the screen output at field level of Web Dynpro screens in the system.
Prerequisites
● The following SAP Notes have been implemented prior to installation of the add-on:○ SAP Note 2392399 (UIMWDA 100: Master Note for Field Masking for Web Dynpro ABAP )○ SAP Note 2392421 (UIMWDA 100: Add-On UIMWDA 100 Installation Note)○ The UIMWDA 100 add-on has been installed.○ The required post-installation SAP Notes required for field masking for Web Dynpro for ABAP have
been implemented as mentioned in SAP Note 2392399 .
Procedure
1. Configure the fields for field masking for Web Dynpro for ABAP in Customizing for SAP NetWeaver under Field Masking for Web Dynpro for ABAP Masking Configuration Maintain Masking Configuration .
2. Assign the default role /UIMWDA/PFCG_ROLE to authorized users using Role Maintenance (transaction PFCG). If you want to use a different role for a specific field, you can also maintain any other PFCG role in the Role field under General Details. Only users assigned to this role are authorized to view the original value of the field. The masked value is displayed to all users not assigned this role. If the field is left blank, data is not masked for any user.
4 P U B L I CUser Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02
Field Masking
Results
You have configured field masking for the respective fields for all users except those users assigned the role that authorizes them to view the original value.
Related Information
Field Masking [page 4]Field Access Trace [page 6]
User Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02Field Masking P U B L I C 5
3 Field Access Trace
Field access trace writes an access data entry when the user accesses the fields configured for masking.
The following information is logged by field access trace:
● Who – user who accessed the value● When – date and time when the user accessed the value● How – application name, component name, view name, component configuration, and field name that was
configured● What – the value displayed on the screen● Authorization – whether the user was authorized to view unmasked data for the configured field● Any free text added through a BAdI
Field access trace uses the same configuration tables as those tables used for field masking and is carried out for the Web Dynpro for ABAP screens.
Related Information
Configuring Field Access Trace [page 6]Field Masking [page 4]
3.1 Configuring Field Access Trace
Configure field access trace in the system to trace user access to the fields that you have configured for masking.
Prerequisites
In Customizing for SAP NetWeaver under Field Masking for Web Dynpro for ABAP Masking Configuration Maintain Masking Configuration , you have maintained the following Web Dypnro configuration data:
● Application name● Component● View name● Application type● Component configuation (if applicable)● Masking control indicator
6 P U B L I CUser Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02
Field Access Trace
Procedure
1. In Customizing for SAP NetWeaver, choose Field Masking for Web Dynpro for ABAP Masking Configuration Maintain Masking Configuration .
2. In the WD Masking Configuration table, select the row containing the application in which you want to mask certain fields.
3. Choose Maintain Field Data.4. Enter the ID of the field you want to mask and select one of the Field Access Trace options:
○ Trace If Original Field Value Is Displayed Without Masking○ Always Trace Regardless of Masking○ Never Trace Regardless of Masking
5. Maintain the other configuration data for the field to be masked.6. Save your entries.
Results
You have enabled field access trace for the masked field based on the option you selected.
Related Information
Field Access Trace [page 6]Field Masking [page 4]Configuring Field Masking [page 4]
3.1.1 Displaying Trace Data
Display the trace entries created by field access trace to see a list of users who have accessed certain fields configured for masking.
Prerequisites
You have DISPLAY authorization on the authorization object /UIMWDA/AO.
User Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02Field Access Trace P U B L I C 7
Procedure
1. On the SAP Easy Access screen, choose Cross-Application Components Field Masking for Web Dynpro for ABAP View and Delete Field Access Trace .
NoteThis starts the report /UIMWDA/R_VIEW_DEL_UI_FAT (for more information about this report, see the associated documentation in the system).
2. Enter your selection parameters.3. Execute the report.
Results
The system displays a list of access trace entries based on your selection parameters.
Related Information
Deleting Trace Data [page 8]
3.1.2 Deleting Trace Data
Delete the trace entries created by field access trace if they are no longer required in the system. For example, you may want to delete old entries for a specific time period.
Prerequisites
You have DELETE authorization on the authorization object /UIMWDA/AO.
Procedure
1. On the SAP Easy Access screen, choose Cross-Application Components Field Masking for Web Dynpro for ABAP View and Delete Field Access Trace .
8 P U B L I CUser Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02
Field Access Trace
NoteThis starts the report /UIMWDA/R_VIEW_DEL_UI_FAT (for more information about this report, see the associated documentation in the system).
2. Enter your selection parameters.3. Execute the report.4. In the table displayed, select the entries you want to delete.5. Delete the entries from the table.
Results
You have deleted the trace entries from the access trace table.
Related Information
Displaying Trace Data [page 7]Field Access Trace [page 6]
3.1.3 Archiving Trace Data
Archive trace data if you want to move existing entries from the access trace table to the archive files. For example, you may want to archive trace data if the trace table contains a large number of entries or if you no longer want to view the old entries.
Prerequisites
● You have WRITE authorization on the authorization object /UIMWDA/AO● Entries exist in the access trace table for the selected date range.
Procedure
1. On the SAP Easy Access screen, choose Cross-Application Components Field Masking for Web Dynpro for ABAP Write Field Access Trace to Archive .
User Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02Field Access Trace P U B L I C 9
NoteThis starts the report /UIMWDA/R_ARCHIVE_WRITE (for more information about this report, see the associated documentation in the system).
2. Specify the date range.3. Select one of the following processing options:
○ Test Mode: The data is not archived.○ Production Mode: The data is archived.
4. Select the detail log type and output you require.5. (Optional) Enter an archiving session note6. Execute the report.
Results
The system writes the trace data to the archive files based on the selected date range and displays a summary of the results based on the parameters you selected. The results also indicate the processing mode you selected (Test Mode or Production Mode).
Related Information
Reading Archived Trace Data [page 10]Deleting Archived Trace Data [page 11]
3.1.4 Reading Archived Trace Data
Read trace data from the archived files to display the archived trace data for a selected date range.
Prerequisites
● You have DISPLAY authorization on the authorization object /UIMWDA/AO.● Archived data exists for the selected date range.
10 P U B L I CUser Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02
Field Access Trace
Procedure
1. On the SAP Easy Access screen, choose Cross-Application Components Field Masking for Web Dynpro for ABAP Read Field Access Trace Data from Archive .
NoteThis starts the report /UIMWDA/R_ARCHIVE_READ (for more information, see the associated report documentation in the system).
2. Specify the creation date range of the trace entries that you want to display.3. Execute the report.4. In the dialog box that opens, select the archive files that you want to read and then choose Continue.
Results
The system displays the archived trace data based on the selected date range of the trace.
Related Information
Deleting Archived Trace Data [page 11]Archiving Trace Data [page 9]
3.1.5 Deleting Archived Trace Data
Delete archived trace data from the trace table if the archive has exceeded its data limit or if you want to remove the old data saved in the archive files.
Prerequisites
● You have DELETE authorization on the authorization object /UIMWDA/AO.● The entries to be deleted exist.
Procedure
1. On the SAP Easy Access screen, choose Cross-Application Components Field Masking for Web Dynpro for ABAP Delete Archived Data from Access Trace Table .
User Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02Field Access Trace P U B L I C 11
NoteThis starts the report /UIMWDA/R_ARCHIVE_DELETE (for more information about this report, see the associated documentation in the system).
2. On the initial screen, select from the following processing options:
○ Test Mode: The data is not deleted.○ Production Mode: The data is deleted.
3. Execute the report.4. In the dialog box that opens, select the archive files that you want to delete and then choose Continue.
Results
The system displays a summary of archive files that have been deleted from the access trace table. The results also indicate the processing mode you selected (Test Mode or Production Mode).
Related Information
Archiving Trace Data [page 9]
12 P U B L I CUser Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02
Field Access Trace
Important Disclaimers and Legal Information
HyperlinksSome links are classified by an icon and/or a mouseover text. These links provide additional information.About the icons:
● Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your agreements with SAP) to this:
● The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.● SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any
damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.
● Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering a SAP-hosted Web site. By using such links, you agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this information.
Beta and Other Experimental FeaturesExperimental features are not part of the officially delivered scope that SAP guarantees for future releases. This means that experimental features may be changed by SAP at any time for any reason without notice. Experimental features are not for productive use. You may not demonstrate, test, examine, evaluate or otherwise use the experimental features in a live operating environment or with data that has not been sufficiently backed up.The purpose of experimental features is to get feedback early on, allowing customers and partners to influence the future product accordingly. By providing your feedback (e.g. in the SAP Community), you accept that intellectual property rights of the contributions or derivative works shall remain the exclusive property of SAP.
Example CodeAny software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax and phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of example code unless damages have been caused by SAP's gross negligence or willful misconduct.
Gender-Related LanguageWe try not to use gender-specific word forms and formulations. As appropriate for context and readability, SAP may use masculine word forms to refer to all genders.
User Guide for Field Masking for Web Dynpro for ABAP 1.0 SP02Important Disclaimers and Legal Information P U B L I C 13
www.sap.com/contactsap
© 2018 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. The information contained herein may be changed without prior notice.
Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies.
Please see https://www.sap.com/about/legal/trademark.html for additional trademark information and notices.
THE BEST RUN