Introduction
In this blog, we will learn how to protect sensitive information displayed in the “Text” tabs i.e. Purchase Order Text and Sales Text tabs in transactions MM03, ME23N, and ME53N.
Purchase Order Text
A Purchase Order Text is a text describing the material in more detail. This text is subsequently copied to purchasing documents (such as purchase requisitions or purchase orders) automatically, where it can be changed if needed. It is valid for all organizational levels, not for a specific plant. Purchase order text can be entered in the material master record in many languages though only one text is allowed per language.
Sales Text
A Sales Text is a text describing the material in more detail. This text is subsequently copied to sales documents (such as requests for quotations or sales orders) automatically, where it can be changed if needed. It is valid for a specific sales organization and distribution channel. Sales Text can be entered in the material master record in many languages though only one text is allowed per language.
Here, we will learn the configuration process to protect Purchase Order Text tab through MM03 TCode and using the same configuration process we can protect Text tab information in other TCodes like, ME23N, ME53N.
Prerequisite
UI data protection masking for SAP S/4HANA is a solution for selective masking of sensitive data on SAP S/4HANA user interfaces – SAP GUI, SAPUI5/SAP Fiori, Web Dynpro for ABAP, and Web Client UI. Data can be protected at field level, either by masking the content (replacing original characters with generic characters, such as asterisks) or by clearing or disabling the field.
Requirement
Here, we want to protect sensitive information displayed in Purchase Order Text tab in MM03 TCode using Role-based authorization concept.
Product “UI data protection masking for SAP S/4HANA 2011” is used in this scenario to protect sensitive data at field level and must be installed in the S/4HANA system.
Let’s begin
Configuration to achieve protection for information displayed in Purchase Order Text tab
Logical Attribute is a functional modelling of how any attribute such as Social Security Number, Bank Account Number, Amounts, Pricing information, Quantity etc. should behave with masking.
Configure Logical Attribute
Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Sensitive Attribute Configuration -> Maintain Metadata Configuration -> Maintain Logical Attributes
Follow below mentioned steps:
Under “Maintain Logical Attributes”, maintain following logical attribute.
Purchase Order Text tab
- Click on “New Entries” button
- Enter “Logical Attribute” as “LA_PO_TEXT”
- Enter “Description” as “Purchase Order Text Tab”
- Select “Is Sensitive” checkbox
- Click on “Save” button
Maintain Technical Address
In order to mask the fields on SAP GUI Module Pool screens, Technical Information (Program Name-Screen Number-Field Name) is required which users can get by pressing “F1” on the field.
In this scenario, we will map Logical Attribute with Technical Address of any of the field available on the Purchase Order Text tab, for example, Language field. This is needed to trigger the masking framework.
To retrieve the Technical Address of Language field, you need to use Recording Tool feature as Technical Information on press of F1 key is not available here.
Refer to this blog to know how to use the Recording tool.
Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Sensitive Attribute Configuration -> Maintain Metadata Configuration -> Maintain Technical Address
Follow below mentioned steps:
Under “SAP GUI (Module Pool) Field Mapping”, maintain technical address for following field.
Maintain Masking Pattern
In this step, we will configure Masking Patterns using the Masking BAdI strategy which will determine the way masked masked values will be displayed on the UI. Through Masking BAdI strategy, the masking string for a field to be displayed on the UI is dynamic and returned by the BAdI. The BAdI Implementation must have the filter value that has the same name as the masking pattern.
Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Basic Settings -> Field-Level Masking Patterns and Actions -> Maintain Masking Pattern – Follow below mentioned steps:
Maintain Field-Level Actions
In this step, we will configure the actions to be applied to a field that is configured for UI data protection. An action determines how a field appears and behaves when it is rendered on the user interface. Predefined patterns can be applied to specific actions to define how the field is displayed.
Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Basic Settings -> Field-Level Masking Patterns and Actions -> Maintain Field-Level Actions – Follow below mentioned steps:
BAdI Implementation
The visibility of Purchase Order Text tab can be controlled by implementing Masking Pattern BAdI /UISM/BD_MASK_PATTERN.
Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Business Add-Ins -> BAdI: Masking Pattern – Follow below mentioned steps:
In method “/UISM/IF_MASK_PATTTERN~EXECUTE_MASKING_PATTERN” of the BAdI Implementation class, the logic to set the visibility of the Purchase Order Text tab is implemented.
Add the same filter value as the name of the Masking Pattern “MASK_TEXT”.
Sample code is given below –
METHOD /uism/if_mask_patttern~execute_masking_pattern.
* Transaction MM03
UNASSIGN <fs_gt_control>.
DATA(lv_value1) = '(SAPLMGD1)<EDITOR_OBJ>'.
ASSIGN (lv_value1) TO <fs_gt_control>.
IF <fs_gt_control> IS ASSIGNED AND <fs_gt_control> IS NOT INITIAL.
lr_ref = <fs_gt_control>.
lr_ref->set_visible(
EXPORTING
visible = abap_false " Visible
EXCEPTIONS
cntl_error = 1 " CNTL_ERROR
cntl_system_error = 2 " CNTL_SYSTEM_ERROR
OTHERS = 3
).
IF sy-subrc <> 0.
ENDIF.
ENDIF.
cv_output_value = '******'.
ENDMETHOD.Maintain Field Level Security and Masking Configuration
Here, we will define how masking will behave with the logical attribute that we created in the above step. Here, we need to select the same Field Level Action which we have created in above step.
Follow the given path:
SPRO -> SAP NetWeaver -> UI Data Protection Masking for SAP S/4HANA -> Sensitive Attribute Configuration -> Masking and Blocking Configuration -> Maintain Field Level Security and Masking Configuration
Follow below mentioned steps:
Purchase Order Text tab
- Click on “New Entries” button
- Enter “Sensitive Entity” as “LA_PO_TEXT” and press “Enter” key. “Description” will get populated in corresponding fields
- Check “Enable Configuration” checkbox
- Select “Role Based Authorization” option
- Enter “PFCG Role” as “/UISM/PFCG_ROLE“. In this example, we have used a blank role “/UISM/PFCG_ROLE”. Customers can use any role as per their requirement.
- Enter “Field Level Action” as “MASK_TEXT”
- Click on “Save” button
Protecting Purchase Order Text tab information
Follow below mentioned steps:
- Execute “MM03” TCode
- Enter “Material” as “2257”
- Click on “Select View(s)” button
- Select “Purchase Order Text” view
- Click on “Continue” button
- Select “Plant” as “GT01“
- Click on “Continue” button
- Purchase Order Text information will not be displayed
Conclusion
In this blog post, we have learnt how we can use Role-based Authorization Concept to protect sensitive information displayed in the Purchase Order Text tab of MM03 transaction.
Original Article:
https://blogs.sap.com/2023/03/10/ui-data-protection-how-to-protect-sensitive-data-displayed-in-text-tabs-in-mm03-tcode/