Skip to content

Latest commit

 

History

History
531 lines (327 loc) · 7.96 KB

File metadata and controls

531 lines (327 loc) · 7.96 KB

Data Visibility Based on Restrictions

The administrator can set restrictions on restriction fields in the Maintain Business Roles app. The restrictions set appear in the Read/Value Help restriction type in the Maintain Business Roles app.

Note:

When maintaining restrictions, set the Write, Read, Value Help restriction to No Access.

The user can view objects in the Customer Data Browser app based on the restrictions set by the administrator.

TheRead/Value Helprestriction type for the Customer Data Browser app consists of the following restriction fields:


Restriction Field

Description

Object Group

Logically groups Customer Data Browser objects.

Note that this field is not active.

Object Name

Displays a list of Customer Data Browser objects and their descriptions.

Object Fields

Provides access to the following categories of fields in Customer Data Browser objects:

  • GE: General fields that do not contain sensitive personal information
  • SP: Sensitive personal information fields that contain key fields and fields with sensitive personal information
  • Unrestricted: All fields containing general and sensitive personal information

Note that the field categories are determined by internal SAP classifications.

Object Records

Provides access to the following categories of data records in Customer Data Browser objects:

  • OV: Records with bypassed access controls (privileged access)
  • AC: Records that fulfill access controls (unprivileged access)
  • Unrestricted: Records that fulfill access controls (unprivileged access)

See the restriction categories and visibility scenarios below to understand what you can view in the Customer Data Browser application.

Restriction Category: Bypassing Access Controls

Scenario 1: View the data of all CDS views and all database tables

If you want to view the data of all CDS views and database tables, the administrator needs to set the following restrictions in the Maintain Business Roles app:

Object

Required Restriction

Object Name

Unrestricted

Object Fields

General fields (GE) <or> Sensitive personal fields (SP) <or> Both

Object Records

Access to records with bypassed access controls (OV)

Scenario 2: View the data of only CDS views

If you want to view the data of only CDS views, the administrator needs to set the following restrictions in the Maintain Business Roles app:

Object

Required Restriction

Object Name

Restricted - Select all CDS views

Object Fields

General fields (GE) <or> Sensitive personal fields (SP) <or> Both

Object Records

Access to records with bypassed access controls (OV)

Scenario 3: View the data of only database tables

If you want to view the data of only database tables, the administrator needs to set the following restrictions in the Maintain Business Roles app:

Object

Required Restriction

Object Name

Restricted - Select all database tables

Object Fields

General fields (GE) <or> Sensitive personal fields (SP) <or> Both

Object Records

Access to records with bypassed access controls (OV)

Scenario 4: View the data of specific CDS views and specific database tables

If you want to view the data of specific CDS views and specific database tables, the administrator needs to set the following restrictions in the Maintain Business Roles app:

Object

Required Restriction

Object Name

Restricted - Select specific CDS views and specific database tables

Object Fields

General fields (GE) <or> Sensitive personal fields (SP) <or> Both

Object Records

Access to records with bypassed access controls (OV)

Scenario 5: View the data of a group of objects created with SSCUI

If you want to view the data of objects created with SSCUI, the administrator needs to set the following restrictions in the Maintain Business Roles app:

Object

Required Restriction

Object Name

Optional - Restricted <or> Unrestricted <or> Not maintained

Object Fields

General fields (GE) <or> Sensitive personal fields (SP) <or> Both

Object Records

Access to records with bypassed access controls (OV)

Restriction Category: Retaining Access Controls

Scenario 1: View the data of only CDS views

If you want to view the data of only CDS views, the administrator needs to set the following restrictions in the Maintain Business Roles app

Object

Required Restriction

Object Name

Unrestricted <or> Restricted

Object Fields

General fields (GE) <or> Sensitive personal fields (SP) <or> Both

Object Records

Access to records that fulfill access controls (AC)

Scenario 2: View the data of only database tables

This is not possible.

Business Users

You can access…

If…

Even if…

Data in CDS views

You have the required CDS view-specific access controls

You have Customer Data Browser-specific access to bypass access controls (Object Records: OV)

Data in database tables

You have Customer Data Browser-specific access to bypass access controls (Object Records: OV)

 

Administrators

You can restrict access to Customer Data Browser objects by providing a list of object names in the Object Name restriction field.:

Related Information

Customer Data Browser

Working wtih the App

Accessing the App