You are here: SmartExporter 2018 R1 > SmartExporter SAP® components > Application > Data Privacy Encryption > Data Privacy Profile

Data Privacy Profile

In order to protect sensitive data, you can use the /AUDIC/SE_DPRV transaction to encrypt data when extracted with SmartExporter.

To do this you first have to define Data Privacy profiles and assign users to them. In the Data Privacy profiles you can specify the table fields to be anonymized or pseudonymized during extraction.

The function can be run by calling the transaction /AUDIC/SE_DPRV.

Fill in the following fields to create a Data Privacy profile.

Field Description

Profile

 Unique name of a Data Privacy profile

Description

 Short description of the profile.

If you need the profile description in multiple languages, you can enter the corresponding translations via the Translation entry in the Goto menu.

Plug-In ID

The way data are anonymized or encrypted is implemented in plug-ins. This means that you have to select the Data Privacy plug-in here. All Data Privacy plug-ins start with DATA_PRIVACY.

List of currently implemented Plug-Ins.

Type

 The current implementation supports field anonymization and field encryption.
Key Type

If you want the data of a field to be encrypted, specify how encryption is to be done.

The current implementation only supports the key type Key.
Encryption using

Please specify the means of encryption. The following options are available:

  1. Key value

    Only the entered key value is used. All Data Requests use the same key.

    The key can be used for the decryption of all Data Requests.

  2. Key value and system ID

    The key will be generated based on the key value entered and the system ID.

    The key can be used for the decryption of all Data Requests of this system.

  3. Key value and system ID and Data Request ID

    The key will be generated based on the key entered, the system ID and the Data Request ID.

    Each Data Request will be encrypted with a different key.

    The key can only be used for the decryption of one Data Request.

  4. Key value and system ID and client

    The key will be generated based on the key entered, the system ID and the client.

    The key can be used for the decryption of all Data Requests of this client.

  5. Key value and Data Request ID

    The key will be generated based on the key value entered and the Data Request ID.

    Each Data Request will be encrypted with a different key.

    The key can only be used for the decryption of one Data Request.

  6. Key value and random value

    The key will be generated based on the key value entered and a random value.

    Each Data Request will be encrypted with a different key.

    The key can only be used for the decryption of one Data Request.
Key value Please specify the static string to be used for encryption. This string can also be generated automatically via the Generate passphrase icon.

Table: Settings for Data Privacy profiles

 

Note:

Some of the algorithms used for anonymization or encryption are CPU intensive and may lead to a considerable decrease in runtime performance.

If you decide to use the AES Data Privacy plug-ins for the encryption, note that the SAP® kernel variants are considerably faster than the ABAP implementation.

Due to the implementation in SAP®, however, the kernel variants will generate different encryptions for the same values. This may be a problem if the encrypted values are key fields which will be used in other tools later on. For example, the data analysis tool IDEA may not be able to assign key fields correctly anymore when joining files.

Decrypting the data, however, will still be possible without any restrictions despite the different encrypted data values.

 

Plug-Ins for encryption

The way data are anonymized or encrypted is implemented in plug-ins. This means that you have to select the Data Privacy plug-in here. All Data Privacy plug-ins start with DATA_PRIVACY.

Please refer to the table below for the currently implemented Data Privacy plug-ins:

Plug-In ID Description
DATA_PRIVACY_VIGENERE Vigenère cipher. This is a monographic polyalphabetic substitution method.
DATA_PRIVACY_AES128 Advanced Encryption Standard (AES) - encryption algorithm with 128 bit key length and Cipher Block Chaining Mode (CBC).
DATA_PRIVACY_AES128_KERNEL Advanced Encryption Standard (AES) - encryption algorithm with 128 bit key length and Cipher Block Chaining Mode (CBC).
DATA_PRIVACY_AES256 Advanced Encryption Standard (AES) - encryption algorithm with 256 bit key length and Cipher Block Chaining Mode (CBC).
DATA_PRIVACY_AES256_KERNEL Advanced Encryption Standard (AES) - encryption algorithm with 256 bit key length and Cipher Block Chaining Mode (CBC).

 

There are two versions of each AES algorithm: the SmartExporter ABAP implementation and the SAP® kernel implementation. The SmartExporter ABAP implementation is selected by default because that relations to other tables are kept, which is important when encrypting key fields that will be used for joins later on. This default setting can be changed in the corresponding user profile parameters. If there is no need to keep the relations to other tables, you can change the default setting because the encryption using SAP® kernel implementation is considerably faster than the encryption using the ABAP implementation.

 

Related Topics



Copyright © 2019 Audicon GmbH. All rights reserved.