Data Privacy field definitions
In order to protect confidential data, you can define Data Privacy profiles using the /AUDIC/SE_DPRV transaction and assign them to users or roles. Click the Field definitions subfolder to switch to the maintenance of the table fields. In the Field definitions dialog, you can specify the table fields to be anonymized or pseudonymized during extraction and the method to be used.
Field definitions dialog
In the Field definitions dialog select which table field is to be anonymized or encrypted.
| Field | Description |
|---|---|
|
Table Name |
Name of an SAP® database table or view. Generic values like those used for specifying authorization profile table filters, e.g. "*", are not allowed here. |
|
Field Name |
Name of a database field |
|
Method |
Please specify what kind of anonymization is to be used or whether the data of the table field are to be encrypted in accordance with the selected plug-in. The following encryption methods are available: |
|
Parameter for constant and masking |
When using a constant or masking for encryption, enter the required parameters here. Click the SmartExporter Help |
icon for more information on the parameters.Table: Field definitions for Data Privacy profiles
Please note that as a result of using anonymization or encryption, the relation to other tables might be lost, e.g. when running a join later. This is not true for the encryption plugins DATA_PRIVACY_VIGENERE, DATA_PRIVACY_AES128 and DATA_PRIVACY_AES256 with the SmartExporter ABAP implementation and neither for SmartExporter joins, because SmartExporter joins are run before the anonymization or encryption method is applied.
Note:
If there are several Data Privacy profiles for one user that contain different field definitions for the same table field, the SmartExporter SAP® components will use the field definition with the anonymization method that is more secure, in the following order: encryption with plug-in, masking, assigning a value. If the same anonymization method is used in these Data Privacy profiles, the SmartExporter SAP® components will use only the field definition of the first profile, i.e. the profile that comes first in the list of profiles.
The following encryption methods are available:
Method: Anonymization with initial value
This method replaces the original data with the corresponding initial value. The latter depends on the data type of the table field. No input of parameters is required.
Examples:
| Table | Field | Parameters | Original value | Value after applying the method |
|---|---|---|---|---|
| BKPF | GJAHR | 2016 | 0000 | |
| BKPF | USNAM | EISENMANN | ||
| BSEG | AUGDT | 20150315 | 00010101 | |
| BSEG | DMBTR | 144259.73 | 00000000000000. |
Method: Anonymization with minimum value
Here the original data are replaced with the minimum value depending on the data type of the field. No input of parameters is required.
Examples:
| Table | Field | Parameters | Original value | Value after applying the method |
|---|---|---|---|---|
| BKPF | GJAHR | 2016 | 0000 | |
| BKPF | USNAM | EISENMANN | ||
| BSEG | AUGDT | 20150315 | 00010101 | |
| BSEG | DMBTR | 144259.73 | -99999999999999 |
Method: Anonymization with maximum value
This method replaces the original data with the maximum value depending on the data type of the field. No input of parameters is required.
Examples:
| Table | Field | Parameters | Original value | Value after applying the method |
|---|---|---|---|---|
| BKPF | GJAHR | 2016 | 9999 | |
| BKPF | USNAM | EISENMANN | ������������ | |
| BSEG | AUGDT | 20150315 | 99991231 | |
| BSEG | DMBTR | 144259.73 | 99999999999999. |
Method: Anonymization with random value
Here the original data are replaced with random values depending on the data type of the field. No input of parameters is required.
Examples:
| Table | Field | Parameters | Original value | Value after applying the method |
|---|---|---|---|---|
| BKPF | GJAHR | 2016 | 5646 | |
| BKPF | USNAM | EISENMANN | R8F7V7RCOE1T | |
| BSEG | AUGDT | 20150315 | 76440210 | |
| BSEG | DMBTR | 144259.73 | -02582679732087 |
Method: Anonymization with constant
This method replaces the original data with a constant. The constant is entered in the Parameter for constant and masking field. Please consider the data type of the table field. In the case of e.g. date fields, only valid date values in the YYYYMMDD format should be entered. For example, the value to be entered for November 30, 2016 is "20161130".
Examples:
| Table | Field | Parameters | Original value | Value after applying the method |
|---|---|---|---|---|
| BKPF | GJAHR | 1900 | 2016 | 1900 |
| BKPF | USNAM | MUSTERMANN | EISENMANN | MUSTERMANN |
| BSEG | AUGDT | 20000101 | 20150315 | 20000101 |
| BSEG | DMBTR | 100000.00 | 144259.73 | 100000.00 |
| VCNUM | CCINS | VISA | MC | VISA |
Method: Anonymization by masking
This method masks the individual characters of the original data as specified in the Parameter for constant and masking field. Here the user is able to define which characters are to be replaced and what kind of replacement will be applied.
The parameters have to be entered in the following format:
<pattern>,<replacement character>,<minimum length>,<maximum length>
<pattern>
The following characters can be used for masking:
- 'A': If the original character is a digit (0-9), it will be replaced with the replacement character. Otherwise, the original character will be returned.
- 'N': If the original character is a digit (0-9), it will be returned; otherwise, it will be masked.
- 'X': Returns any character without masking.
- '+': The plus sign replaces the original character with the replacement character.
- '*': The asterisk marks the position where masking starts or ends. The asterisk can be used to replace the preceding or succeeding characters of a value. If the asterisk precedes the parameters A, N or X, all preceding characters will be replaced. If the asterisk succeeds the parameters A, N or X, all succeeding characters will be replaced.
<replacement character>
Here you can specify the character to be used for masking. If no replacement character is specified, the standard replacement character '*' will be used.
Please note that for numeric values only the digits 0 to 9 should be used so that subsequent applications are able to import the data correctly.
<minimum length>,<maximum length>
In order to standardize the length of a value, the minimum and maximum number of characters to be created can be defined by specifying the minimum and maximum length, respectively.
If the user-defined maximum length exceeds the allowed field length, the latter will be used. The definition of a minimum and maximum length is optional. If no minimum or maximum length is specified, the number of characters remains the same as that of the original data.
Examples:
| Table | Field | Parameters | Original value | Value after applying the method |
|---|---|---|---|---|
| BKPF | GJAHR | +++N,2 | 2016 | 2226 |
| BKPF | USNAM | X* | John Taylor |
J********** |
| BSEG | AUGDT | NNNN++++,1 | 20150315 | 20151111 |
| BSEG | DMBTR | *N,1 | 144259.73 | 111111113 |
| VCNUM | CCNUM | *NNNN,x,1,25 | 5100000000000008 | xxxxxxxxxxxxxxxxxxxxx0008 |
| VCNUM | CCNUM | *NNNN,x,1,6 | 5100000000000008 | xx0008 |
Method: Encryption using plug-in configuration
If you select this method, the data will be encrypted. The encryption algorithm used depends on which plug-in ID is selected in the Data Privacy profile.