Apply Mask on Data Dictionary for Only Specific Users

[SlyRee]

I've got an application displaying some data that we'd like to mask for certain specific users. By mask I mean show only the last 4 digits. I know there's a data dictionary display rule that applies a mask for everyone, but can this be circumvented for specific users? If not will this just need to be custom coded in this specific application?

 

[BOster]

I believe it will take custom coding but that may be dependent on the application????

For custom coding there is SetControlDataDictionaryItem C api defined in jdepropwrap.h as well as the ER code system functions "Set Data Dictionary Item" and "Set Data Dictionary Overrides" all of which s/b be able to override DD item properties at run time. There is also SetControlDataPrivate, SetGridCellDataPrivate and jdeSetDataPrivacy defined in jdepropwrap.h that, just based on their name, may accomplish what you want... have not used them myself. You could also play around with defining your own display rule and/or edit rule and set that as a DD override.

 

[ccornagg]

I've got an application displaying some data that we'd like to mask for certain specific users. By mask I mean show only the last 4 digits. I know there's a data dictionary display rule that applies a mask for everyone, but can this be circumvented for specific users? If not will this just need to be custom coded in this specific application?

There's a standard program named P0040 "Work with Data Protection Configuration" which I'm currently using in order to unmask Bank info for certain users and programs.

I'm not sure it's going to work in all conditions because I can see on Oracle support site several requests for change on it ... but let's say it's better than nothing.

Other topic not completely clear with me looking at document:
E1: DD: How to Remove Data Masking for Bank Accounts in Custom Applications and Reports After Applying ESUs Listed in Doc ID 2790533.2 (Doc ID 2867886.1)

How it's possible Oracle is suggesting to customize standard objects in order to remove a new functionality they added through an ESU ?

Kind regards,

Carlo

 

[ccornagg]

Again on P0040 / F0040 ... I did miss a part of my statements:
I noticed F0040 table is mapped within "Business Data" datasource instead of "System" as per other security setup tables.

Is there someone using it in production environment ?
Do you really have a separate copy of your F0040 per each environment / datasource ?

Thanks for your input.

Carlo

 

[SlyRee]

I believe it will take custom coding but that may be dependent on the application????

For custom coding there is SetControlDataDictionaryItem C api defined in jdepropwrap.h as well as the ER code system functions "Set Data Dictionary Item" and "Set Data Dictionary Overrides" all of which s/b be able to override DD item properties at run time. There is also SetControlDataPrivate, SetGridCellDataPrivate and jdeSetDataPrivacy defined in jdepropwrap.h that, just based on their name, may accomplish what you want... have not used them myself. You could also play around with defining your own display rule and/or edit rule and set that as a DD override.

Thanks for this information. I'll give it a shot and play around with these and see if they can do what I need

 

[JohnDanter2]

I believe it will take custom coding but that may be dependent on the application????

For custom coding there is SetControlDataDictionaryItem C api defined in jdepropwrap.h as well as the ER code system functions "Set Data Dictionary Item" and "Set Data Dictionary Overrides" all of which s/b be able to override DD item properties at run time. There is also SetControlDataPrivate, SetGridCellDataPrivate and jdeSetDataPrivacy defined in jdepropwrap.h that, just based on their name, may accomplish what you want... have not used them myself. You could also play around with defining your own display rule and/or edit rule and set that as a DD override.

Hi Brian
Out of interest, how do you find this stuff out and then know how to call them?

I've ran into this similar problem and suggested we switch off the DD mask, but for now I've tested a simple hide or show solution
RV IBAN is the old code in 9.0 then I just added a new report variable string called RV Hide/Show IBAN, then flip them over


Do Section 00054 RV IBAN [IBAN] = VA evt_F59XL010_IBAN [IBAN]
00055 // =================================================================
00056 // BEGIN: PROJ4034.12B Hidden IBAN test 10/10/2022 John Danter
00057 // Create new variable over IBAN and hide/show depending on 00 PI and F0040
00058 // =================================================================
00059 VA rpt_UnmaskBankAccount_EV01 [EV01] = "1"
00060-RetrieveUsersCurrentRole(B9509523.RetrieveUsersCurrentRole)
VA rpt_FromRole_FRROLE [FRROLE] <- szRole [FRROLE]

00061-DataProtectionRule(B0000040.DataProtectionRule)
SL ReportName -> szProgramId_PID [PID]
VA rpt_FromRole_FRROLE [FRROLE] -> szUserId_USER [USER]
VA rpt_UnmaskBankAccount_EV01 [EV01] <- cUnmaskBankAccount_EV01 [EV01]

00062-If VA rpt_UnmaskBankAccount_EV01 [EV01] is equal to ("U","V")
00063 | // If U then Unmask, so show the values by hiding the base E1 DD and show the
00064 | // copy variable instead
00065 | Hide Object(RV IBAN [IBAN])
00066 | RV Hide/Show IBAN = RV IBAN [IBAN]
00067 | Show Object(RV Hide/Show IBAN)
00068-Else
00069 | // Mask, meaning hide
00070 | Hide Object(RV Hide/Show IBAN)
00071 | RV Hide/Show IBAN = RV IBAN [IBAN]
00072 | Show Object(RV IBAN [IBAN])
00073 End If
00074 // =================================================================
00075 // END: PROJ4034.12B Hidden IBAN test 10/10/2022 John Danter
00076 // =================================================================

 

[BOster]

In this case I knew about the ER system functions. I also have used quite a few of the functions in jdepropwrap.h so I also looked it to see if there was anything that looked promising.

Probably multiple ways to accomplish this but theoretically you could look up the current user id or better a user's membership in a role and then set the field property using one of these calls if in or not in role. I never config security so it's possible there is an "out of the box" solution that I am not aware of?????

 

[JohnDanter2]

In this case I knew about the ER system functions. I also have used quite a few of the functions in jdepropwrap.h so I also looked it to see if there was anything that looked promising.

Ok, but where did you look and how I mean in general, not this particular problem. I'm keen to knw how you knew this and how you look at the C APIs in general.
Did you have documentation or something?

 

[BOster]

Ah, that's a good topic actually. As you know being a JDE Developer is about 10% developer and about 90% reverse engineer since nothing is really documented and what is documented requires someone like Indiana Jones to unearth (Indiana Jones is a fictional professor of archaeology and adventurer that was the chief protagonist in several feature length movies to everyone that is, well, younger than me).

For JDE C APIs.

I usually start with P98652, SQL or other tools and simply search for existing BSFNs that may do what I want. I will search for something like "*encrypt*". If I find something I will then either use the BSFN or open it up to see what the implementation looks like and see what C APIs it is using. If the API is not exactly what I need often it will lead to related APIs defined in the JDE system headers that will do what I want or lead me to other BSFNs by searching \source for APIs that I find in \system\include, which leads me back to searching in \source for APIs I find in \system\include. I sometimes get stuck in an infinite loop and have to be rebooted.

If that doesn't lead me to what I want I will simply do a text search of [jde install path]\system\include (and all sub folders) using a good text editor like UltraEdit or Notepad++. I might search for the word "encrypt" for example. I might find APIs that look good. If I find other definitions like enums, typedefs, etc. (even comments) that have that key word I will then try and find API calls that use those in their signature again using text searches with the text editor.

I also have just gotten to know some of the \system header files (like jdepropwrap.h) that have things and will just "browse" through those and I have gotten to know some of the "families" of APIs and have also collected various JDE PDFs and Oracle Doc IDs, etc. over the years that do document various APIs. I also sometimes will note API calls down for future reference if I stumble upon something that looks useful even if I don't immediately need it.

I also use Visual Studio IntelliSense within the VS IDE a lot to jump to header file definitions and "browse" APIs - certainly while coding but also for discovery.

When I find some API that looks promising I first look to see if it is used in any existing BSFNs anyplace to try to divine how to use it. Failing that, I just start trying to use it and reverse engineer how it is used... in other words I start crashing activConsole.exe a lot. I do usually try and stay away from APIs that are not used in pristine BSFNs though. I don't want to use something that Oracle themselves do not depend on. It may work now but will it work on a future TR????

Google searches like "encrypt site:jdelist.com" often turn up a lot of things. And if it doesn't I post to jdelist.com. I bet I have learned more from jdelist.com than from any other single source.

I do also search for stuff on Oracle.com.

Honestly there are a lot of really good and useful C APIs as well as other things out there that are just not known. For example I learned just the other day that there is a ER code system function that can fill drop down lists from jdeCache - did a POC and it works - I am sure I could have used that multiple times over the years had I known it existed.

I would be curious to know what other "discovery" techniques people use not only for C APIs but for other things like ER code and Orchestrator.

 

[JohnDanter2]

Love this