Understanding Sensitivity

Sensitivity - Background

This functionality helps ensure that only authorized users can access sensitive information and objects, enhancing the security of the system.

Defense & Security provides a sensitivity field, which can be used to assign a specific sensitivity value to force elements(e.g.to define special force units). As a result, this field can then be used to prevent certain users accessing these units. To categorize the sensitivity of a unit, the classification needs to be assigned.

As a new feature, the sensitivity field has been integrated in the classification section of force elements, positions, FMPOs, capabilities, and capability statements. It has been enabled for multiple values, meaning that a single object can have several different sensitivity values. A user only needs to be granted authorization to access the object protected by the sensitivity for one of these values.

Possible use cases in defense organizations: Standard user authorizations are not necessarily enough, e.g.,

The user may have access to the brigade structure, but must not access the Special Forces company.
The user may have access to the equipment authorizations, but must not see special weapon authorizations
The user may have access to material management reports, but must not see ammunition

Hint

It is also possible to use sensitivity with classification in non-DFS-objects by implementing following

NOTE: 3085419: Enhance a Non-DFS-object with Sensitivity with Classification (Example for Product Master Data)

Sensitivity

Manage Force Elements-App	SPRO-Customizing	PFCG-Role
The Sensitivity Field has freelycustomizable values to determine the (non-)visibility of objects (e.g. Force Elements). These values are not hierarchical although they can be used to configure one or more hierarchal systems of access levels like "confidential", "secret", "top secret".	The sensitivity value can also be inherited automatically from force elements to all other force elements at lower levels of the organizational hierarchy when the usage type of the sensitivity value is set to "F" in customizing.	To protect objects with sensitivity you must use the authorization object DFS_SNSTVY with following activities: 33 (Read), 03 (Display), 06 (Delete) and 23 (Maintain).

Manage Force Elements-App

SPRO-Customizing

PFCG-Role

The Sensitivity Field has freelycustomizable values to determine the (non-)visibility of objects (e.g. Force Elements).

These values are not hierarchical although they can be used to configure one or more hierarchal systems of access levels like "confidential", "secret", "top secret".

The sensitivity value can also be inherited automatically from force elements to all other force elements at lower levels of the organizational hierarchy when the usage type of the sensitivity value is set to "F" in customizing.

To protect objects with sensitivity you must use the authorization object DFS_SNSTVY with following activities: 33 (Read), 03 (Display), 06 (Delete) and 23 (Maintain).

Example:

Imagine you have a military force where different levels of information need to be accessible only to certain ranks.
Imagine you have a military force where different levels of information need to be accessible only to certain ranks.
You can set up the Sensitivity Field so that "top secret" information is only visible to officers, "secret" information to middle ranks, and "confidential" information to lower ranks.
If you decide that information about a mission is "top secret" and set it at the top Force Elements, this sensitivity level can automatically apply to all related organizational parts of the mission.

This system helps make sure the right people get the right information without needing to manually adjust settings for every piece of information.

This authorization object (DFS_SNSTVY) is used to cover the sensitivity functionality within the Defense solution.

Defined values for Activity field

33 - Read Authority to show the business object (FMPO, FE, CAP, etc.) in general in the apps and value helps.
03 - Display Only display of the classification information (the sensitivity value) on UI (classification facet). In combination with activity 33 (read). Otherwise "XXX" will shown instead of the real sensitivity value.
06- Delete Only Authority to delete a sensitivity value and not the whole object.
23 - Maintain Only Authority to add or remove a sensitivity value and not the whole object.

Defined values for Sensitivity field

Add the values which are allowed. The values are defined in Customizing.

Sensitivity - Without Inheritance (for FEs, FMPOs, Pos., Cap., and Cap. Stat.)

Prerequisite

User X is authorized for Flag A (e.g. Sensitivity level „Secret" with Activities 33 (Read), 03 (Display) & 23 (Maintain) in authorization object DFS_SNSTVY in his assigned PFCG-Role.

Result

User X is allowed to view/edit Force Elements which are also flagged with Sensitivity level „Secret" (Flag A).
User X is not allowed to view/edit Force Element which is flagged with another Sensitivity level than „Secret" (Flag B).
User X and all other users are allowed to view/edit all unflagged Force Elements (no Flag).

Sensitivity - With Inheritance (only for Force Elements)

Prerequisite

User X is still authorized for Flag A (e.g. Sensitivity level „Secret" with Activities 33 (Read), 03 (Display) & 23 (Maintain) in authorization object DFS_SNSTVY in his assigned PFCG-Role.

Result

User X is allowed to view/edit Force Element & lower-level structure which is also flagged with Sensitivity level „Secret" (Flag A).
User X is not allowed to view/edit Force Element & lower-level structure which is flagged with another Sensitivity level than „Secret" (Flag B).
User X and all other users are allowed to view/edit all unflagged Force Elements & lower-level structure (no Flag).