For reasons of internal policies or regulations it may be necessary to make some data inside of SAP anonymous. There are many ways to do this. The first elements we need to consider are:
After a good assessment how to proceed and what tool to use will be clear. One of the tools that SAP puts at disposal is Field Masking (see also this video on the SAP site:
https://www.sap.com/assetdetail/2017/01/a4d972a3-a37c-0010-82c7-eda71af511fa.html)
This product is paid and is made up of to components:
The SAP UI Masking tool allows to mask, with star symbols (****) sensible data. This level of masking works in the process before output (BPO), so data from SAP tables is not modified.
An example shown below about transaction PA20 on remunerative data
Data not hidden:
Data Hidden:
Through a specific report transaction (/UIM/VIEW_FAT) it’s also possible to see who displayed what data (in both a hidden or not hidden format). This function can be also utilized on various front-end technologies:
The connection to a SIEM (Security Information and Event Management) becomes crucial in highlighting only the events regarded as important in case of UI Logging component activation.
From a SAP terminology standpoint it’s crucial to highlight the difference between Masking and Scrambling.
These components can be utilized from a GDPR standpoint (see more here) or for the protection of specific organizational data. (See more here)
Do you want to better understand how to go about a project of data masking? Which are the most important aspects to consider? Which are the standard solutions (SAP and non-SAP) and the paid ones, pros and cons?
Blog post originally translated from: https://www.aglea.com/blog/sap-field-masking