Authorization on sensitive data

Similar Messages

• How to handle sensitive data in BI?

  Hi there,
  we are about to load data from HR into BI. The authorities according to the queries and InfoProviders are lowered to a minimum so that only a group of people has access to those sensitive data.
  But what about the generated tables in which the data of the InfoProviders are stored? Some people are granted to use SE16 (e.g. the basis team). How is it possible to protect the data from being reviewed without changing the authorities of the basis team.
  Thanks in advance
  Dennis

  Hi Dennis,
  Q.How is it possible to protect the data from being reviewed without changing the authorities of the basis team.
  If you do not want to change the authorities provided to the basis team then you will have to opt for the data in the table to be scrambled so that on displaying the information is not meaningful.
  Not aware, if there could be other options.
  Thanks,
  Saby..

• Does Tiger store sensitive data in its files like OS 9 did?

  OS 7-9 and perhaps earlier stored sensitive data in files. For example once I copied a file to a floppy disk, and sometime later popped this disk in a PC. For some reason the file became corrupted and when I opened the file on the PC I was able to see the volume name of my Mac, the path, and other data that I never put there. The old OS always seemed to leave behind tracks in files. Does OSX do the same?
  I have been looking for a way to find out myself, but since NDE classic crashes the classic environment in OSX, and I have been unable to find a OSX alternative to NDE (does one exist)? I have been stuck.
  NDE was able to open volumes, see hidden files, change type/creator codes, and do other things. Does a alternative exist in OSX? It would be useful.
  Some screenshots
  http://johnw.freeshell.org/graphics/Picture%201.png
  http://johnw.freeshell.org/graphics/Picture%202.png
  Thanks
  John

  Hi, John.
  You wrote: "NDE was able to open volumes, see hidden files, change type/creator codes, and do other things. Does a alternative exist in OSX? It would be useful."I'm not familiar with NDE, but some of the screen shots you posted look like the same kind of output you can get from X-Ray.
  When looking for new applications, I recommend searching MacUpdate or Version Tracker. The user-submitted reviews accompanying the listings are helpful in sorting the wheat from the chaff.
  Good luck!
  Dr. Smoke
  Author: Troubleshooting Mac® OS X

• How to design universe to dynamically/conditionally hide sensitive data

  Hi,
  I am completely new to the BusinessObjects suite and am trying to understand which features might help me solve a problem.
  In K-12 education, there is often a desire to allow users to drill into and filter data in various ways, but at the same time a need to protect student confidentiality (as required by FERPA, a U.S. law).  It is not sufficient to prevent access to the most detailed data; we also have to prevent the viewer from inferring sensitive data based on obvious demographic characteristics or already-known data.   For instance, given the following dataset for a school:
  Name          Gender          Ethnicity      Score
  Bobby          M                 White          B
  Samuel         M                Black          A
  Richard          M                Black         A
  Jenny          F               White               A
  Margo          F               Black               A
  Whitney        F               White               A
  And a data display like this:
                           Ethnicity
  Gender               <count of As>
  If I filter Gender to F and allow all ethnicity values, I will see the following:
                           Ethnicity: All
  Gender:F               3
  Assuming I the viewer know there are three females in the dataset, and I happen to know that Jenny attends that school (info which is readily available), I now know that Jenny got an A. 
  Can I customize the universe or some other component in the system so that, in the above scenario, I see a "data not available" or something instead of the 3?
  thanks!
  Martin

  Hi,
  You have to PERFORM 3 Steps.
  Step-1
  Create a Universe connection to the (Required)Database.
  Step-2
  Design a UNIVERSE representing your Business flow (Like a Department- HR, Sales, Purchase Etc)- As the UNIVERSE is a semantic layer(Do not hold data) you have to have a exact business flow in terms of how the data is moved and CREATE your required MEASURES and DIMENSIONS.
  Step-3
  Now you use the create the query by USING the MEASURES and DIMENSIONS you created in Step#2drop. Now you can model the report in any way Say... A Graph / Tabular way....
  Hope this is helpful...

• Case sensitive data in workflow

  I am working with some case sensitive data in a work flow. To set and get the values from the container, I am using the macros swc_set_element and swc_get_element.
  I realized that these macros automatically convert the case of the data I am passing to upper case. I don't want the case conversion to happen, and want to retain the original case of the data (which is a mix of upper and lower case).
  Can somebody suggest an approach to handle the same?? Its kinda urgent.
  Thanks,
  Srihari

  Hi,
    The data is generally converted to Uppercase if the Domain of the data you are using is not marked as case sensitive. You can set the "Lowercase" check box for the respective domains so that data is maintained in a case sensitive manner. May be you can copy the code of these macro's and change them to use your own case sensitive domains.
  Regards,
  Sesh
  Message was edited by:
          Seshatalpasai Madala

• Masking sensitive data in the messages?

  All,
  We are getting some sensitive data from a legacy system that needs to be imported into R/3. There is a translation service - that translates the sensitive data into public format.
  The question i have is - though we will be able to use XI to call this translation service and translate and then send the translated values to R/3, how can we mask the sensitive data on the messages that would be logged in the XI system. (Like if somebody runs the SXMB_MONI - they will be able to see the sensitive data that was sent to get the public format back).
  Is there a setting or way - we can accomplish this in XI?
  Thanks.

  Hi,
  you have to restrict user access to certain messages.
  Go through this blog to see how to accomplish this:
  <a href="/people/michal.krawczyk2/blog/2006/01/02/xi-sxmbmoni--controlling-access-to-message-display: SXMB_MONI - controlling access to message display</a>
  Also have a look at this link to understand which are all the possible points you should protect:
  <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/a0/64f6413a15e23ee10000000a155106/frameset.htm">Protection of Sensitive Message Data</a>
  Kind Regards,
  Sergio

• Use Firefox for sensitive data & use a virtual keyboard plus internet antivirus. This current version does not allow such or an extension . Can you make provision for this?

  Use Firefox for sensitive data & use a virtual keyboard plus internet antivirus. This current version does not allow such or an extension . Can you make provision for this?

  Use Firefox for sensitive data & use a virtual keyboard plus internet antivirus. This current version does not allow such or an extension . Can you make provision for this?

• Using Sensitive Data in Flash

  Hello,
  I am working on a Flash project for the web which will be using some sensitive information (for example, username, password). I am concerned about putting that data directly in the Flash file (that is, in the Actionscript used in the Flash file) in case someone decides to try to download and crack the swf. Although I am sure someone else has had to deal with this issue, I cannot seem to find a solution.
  The solution I have attempted to implement is as follows.
  Place the sensitive data in an external file (I am using an XML file).
  Load the data into the Flash file at runtime.
  Secure the data file.
  Step #3 is where I am running into trouble. I have attempted the following methods of securing the data file.
  1) Place the data file in a directory that is not accessible from the web (for example, underneath public_html). This method failed presumably because the web browser needs to access the directory?
  2) Place the data file in a web accessible directory that has been password protected via .htaccess. This method fails because a visitor is prompted to enter a password in order for data to be loaded into the Flash file.
  3) Use .htaccess to only allow access to the data file and/or its directory from the same domain. Once again, this fails presumably the request from the web browser is coming from the visitor's IP?
  Any suggestions?
  Thanks!

  Hi there,
  Right tried that and the preloader wont display, even when I simulate download at a slower speed.
  To make sure I am doing this right:
  I have my slideshow in layer1. It starts in frame2, I have my preloader in frame1.
  I then make a new layer which appears above layer1, in that I go to the end of my slideshow and click at the end.
  I then goto window - action and then enter the code you gave me.
  If that is right then the screen stays blank until the slideshow starts, no preloader.
  Am I doing this right?
  Thank you.

• Re-authenticate or provide additional credentials to access sensitive data

  Hi,
  I am wondering if anyone has ever come across a scenario in SAP where a user is asked to provide an additional logon (perhaps a PIN number or asked to re-enter their password) in order to access sensitive data in the system? I was recently asked this question and in my 15 years of working with SAP I can't recall ever seeing such a scenario.
  An equivalent scenario which I see in my daily life is when I use my internet banking and I want to increase my daily transfer limits. When I go to this part of the site it asks me to provide a special code that they send to me via SMS.
  The only thing that came to my mind was Firefighter, where you can get temporary higher level privileges but this is more in a technical support role.
  Does anyone have any thoughts on this?
  Thanks in advance,
  Simon

  Hello Simon,
  If you are talking about web access to the system then this scenario can be implemented when SAML 2.0 is used. For a web application which provides sensitive data you can either force re-authentication with a password or require specific SAML 2.0 authentication context means authentication method, e.g. PIN. In this case even the user is authenticated with the ABAP system when he navigates to such application he will be redirected to the SAML 2.0 identity provider (IDP) to re-authenticate, either with a password or with a PIN. If you are interested in further details let me know.
  http://help.sap.com/saphelp_ca_cpd102/helpdata/en/4a/b5ef3222526d6de10000000a42189c/content.htm?frameset=/en/46/631b92250b4fc1855686b4ce0f2f33/frameset.htm
  Regards,
  Dimitar
  P.S. SAP provides SAML 2.0 compliant IDP which can easily be extended to support any authentication method using JAAS login modules: http://scn.sap.com/community/netweaver-sso/blog/2013/02/28/competitive-advantages-of-sap-identity-provider. With the next SP of NW SSO we plan to support by default also authentication with time-based one-time passwords (TOTP) - http://tools.ietf.org/html/rfc4226.

• Posting sensitive data via href's

  Hey all
  Is it possible to send sensitive data which you don't want the user to see
  via a hyperlink to a servlet? As far as I know hyperlinks can only call the doGet method so the passed parameters are viewable to the user. Are there any best practices when wanting to communicate safely between JSP's and servlets using hyperlinks?
  Thanks!

  Get the query string and encrypt it using something like this:
  public static String encrypt(String msg){
  String passPhrase = "passphrase";
  try {
  KeySpec keySpec = new DESKeySpec(passPhrase.getBytes());
  SecretKey key = SecretKeyFactory.getInstance("DES").generateSecret(keySpec);
  Cipher ecipher = Cipher.getInstance(key.getAlgorithm());
  ecipher.init(Cipher.ENCRYPT_MODE, key);
  //Encode the string into bytes using utf-8
  byte[] utf8 = msg.getBytes("UTF8");
  //Encrypt
  byte[] enc = ecipher.doFinal(utf8);
  //Encode bytes to base64 to get a string
  return new sun.misc.BASE64Encoder().encode(enc);
  } catch (InvalidKeyException e) {
  e.printStackTrace();
  } catch (InvalidKeySpecException e) {
  e.printStackTrace();
  } catch (NoSuchAlgorithmException e) {
  e.printStackTrace();
  } catch (NoSuchPaddingException e) {
  e.printStackTrace();
  } catch (IllegalStateException e) {
  e.printStackTrace();
  } catch (IllegalBlockSizeException e) {
  e.printStackTrace();
  } catch (BadPaddingException e) {
  e.printStackTrace();
  } catch (UnsupportedEncodingException e) {
  e.printStackTrace();
  return null;
  }and attach back the encrypted query string as:
  http:\\mycompany.com?data=<the_encrypted_query_string_returned_by_above_method>
  Now, when you want to retrieve the contents of the query string, send the contents of the "data" to the method below:
  public static String decrypt(String msg){
  String passPhrase = "passphrase";
  KeySpec keySpec;
  try {
  keySpec = new DESKeySpec(passPhrase.getBytes());
  SecretKey key = SecretKeyFactory.getInstance("DES").generateSecret(keySpec);
  Cipher decipher = Cipher.getInstance(key.getAlgorithm());
  decipher.init(Cipher.DECRYPT_MODE, key);
  // Decode base64 to get bytes
  byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer(msg);
  //Decrypt
  byte[] utf8 = decipher.doFinal(dec);
  //Decode using utf-8
  return new String(utf8, "UTF8");
  } catch (InvalidKeyException e) {
  e.printStackTrace();
  } catch (InvalidKeySpecException e) {
  e.printStackTrace();
  } catch (NoSuchAlgorithmException e) {
  e.printStackTrace();
  } catch (NoSuchPaddingException e) {
  e.printStackTrace();
  } catch (IOException e) {
  e.printStackTrace();
  } catch (IllegalStateException e) {
  e.printStackTrace();
  } catch (IllegalBlockSizeException e) {
  e.printStackTrace();
  } catch (BadPaddingException e) {
  e.printStackTrace();
  return null;You will now get the original query string, you should parse it to get the individual parameters, since you must already know the parameter names, the parsing part should be easy.

• Possibility that a check/ authorization on Pricing Date - Sales Order

  Is there any possibility that a check/ authorization on Pricing Date can be implemented at Sales Order Level.
  Regards,

  Hi
  You cant use authorizations in relation to the pricing date.
  I dont know which kind of check you want to make but of course user-exits like mv45afzz is always an option.
  Kind regards
  Søren Nielsen

• Need to store sensitive data in a table, need to encrypt or data masking

  Hello,
  I have a table that contains a column of sensitive data. Which is a good method to encrypt this column? How about data masking the column? Other methods? Thank you in advance.

  Will need to share with us who is supposed to see and not supposed to see the data and under what circumstances.
  There are a number of ways to restrict access: via view/roles/privileges, encryption (DBMS_CRYPTO), or TDE if you want to buy the Advanced Security extra-cost option for Enterprise Edition.

• Blur sensitive data in videos

  Hi,
  I am evaluating Captivate at the moment for our Marketing Departement. So far I am very happy with it except that I search for a blur function in videos.
  This would be a must for us to purchase the product.
  Knowing that it is not suposed to be a Video Editing Software I still think there must be the feature, if I record an application, that I can pull a blur video
  over it and active in timeline at the moment needed.
  I found how to blur highlightin boxes, but this hasn´t had effect on the video below.
  Only 10 days trial left and I would really like to go on with captivate, but would not be able to justify the purchase of 2 licenses without this function.
  Thanks
  Wolf

  Hello,
  That is the trouble, if you had captured Automatic, you end up with slides and they are easy to edit, to do the blurring etc. But a FMR is like a video, there are not that much possibilities to edit. May I ask: is there any specific reason why you choose for FMR? The native way for Captivate (and it excels in this way) is to capture all in static slides, and only switch to FMR for specific tasks like dragging the mouse, scrolling etc. When the published file is viewed the user will have the impression that it is a video. The advantage of this way of capturing is not only that you can rather easily edit the slides (like adding the blurring effect) but that the resulting file is much smaller. I understand that you are in trial period, would it be possible to give 'Automatic' capture a try? You will have the choice between demonstration mode (like a video, just to be watched), training simulation (the user will have to interact and do some tasks like clicking, choosing menus, typing text) and assessment mode (like training simulation, but with a lot less tips for the user). It will then be possible to blur the sensitive data, either by editing the backgrounds in a image processing app or by covering up the data with a drawing object, or by applying a blurring effect.
  If you want to stay with FMR this will be a lot less easier, if it can be done at all.
  Lilybiri

• Authorization for HR data.

  How can we check Authorization for HR data.
  can any one spot light on this.
  Regards
  vamsi.

  What they said...and to add..
  SAP has two type of authorization. Standard authorization which is at the infotype and subtype level. You could lock down what infotypes, subtypes, object types, and transaction codes a person has access to display, update, and/or execute.
  The other authorization is structural. A person can only see and/or update people below him/her from an organizational structure perspective. For example, a manager can only see his/her subordinate. He can not see subordinate of other managers nor can he see another manager information. However, his manager could see him, his subordinate, and all of people below down the organizational structure.
  Here is an article written by Keith Pulliam on Structural Authorization
  http://www.photographybykevin.net/ccount/click.php?id=14
  If implimented correctly, the standard logicial database (PNP/PNPCE) will support it and check for it on all programs / reports that uses the logical database.

• How safe is to exchange encrypted sensitive data over unsecured network

  Hi All:
  We have developed a signed applet to display sensitive data. The applet communicates with Server over SSL connection. Applet is developed with SUN JDK 1.4.2_06 and uses JSSE to communicate with the Server, which is using openSSL. After we deployed the applet to end customers, we found that there exists a SocketTimeOut issue with JSSE bundled with SUN 14.2_06 JRE. We reported it to SUN and they told us that it is going to be fixed in a new release 1.4.2_11 that is going to come out by this month end.
  In the mean time we are exploring different options. Just wondering whether it is safe to use thirdy party libraries such as one from BouncyCastle, RSA (RSA-BSAFE C/J),etc. to encrypt the sensitive data and exchange the same over unsecured communication channels? We are for sure want to use asymmetric keys for encryption. We are not experts in security related matters. We would like to get some valuable inputs from you.
  Thanks a lot in advance....

  If you use public/private keys you are as safe as your private keys are. You will find this is rather slow. SSL uses the public/private keys to negotiate a one-time session key which is used symmetrically which is much quicker.