Logo

    SAP BW Authorization Integration

    🏠
    Home
    /
    SAP BW Authorization Integration

    SAP BW Authorization Integration

    Hashing of sensitive data

    Our framework also introduces logic to apply configuration-driven data masking:

    sensitive_data_rules:
# hashes all values in given columns
- table_name: USERS5
  columns: [DN_LDAP, DN_NOTES, DN_AD]
  masking_rule: hash
  category: user_information
# masks all values in given column with "X" given condition KTOKK='YEMP'
- table_name: LFA1
  columns: [SEXKZ]
  masking_rule: mask
  filter: "KTOKK='YEMP'"
  category: hr_information

    Application of SAP-permission on Databricks tables

    Data access permission rules can be exported from SAP BW (example table sap_permissions in this case) to be applied to similar datalake tables.

    • MAIL_ADDR column defines the unique user identifier (e-mail)
    • FIELDNM column specifies the target table column name
    • DAUTHVLOW restricts
    MAIL_ADDR
    FIELDNM
    DAUTHVLOW
    jiri.koutny@datasentics.com
    COMP_CODE
    X241
    jan.novak@datasentics.com
    TCAIPROV
    %
    jiri.koutny@datasentics.com
    /BIC/DBG
    %

    Then VIEWs with access control logic are automatically created:

    # row level security based on SAP permissions table
CREATE VIEW v_my_table_restricted AS
SELECT * FROM my_table
WHERE (
	`BUKRS_VF` IN (
		SELECT
			DAUTHVLOW
		FROM
			sap_permissions
		WHERE
			MAIL_ADDR = $CURR_USER
      AND FIELDNM = "COMP_CODE"
	)
)
    icon
    Sign up for a Q&A session and ask us anything about leveraging SAP data in Databricks

    ← Return SAP BW data integration