Data Insight User Guides
DDR In-Place Masking – End-to-End Step-by-Step User Guide
This guide explains how to configure In-Place Masking in Dynamic Data Replicator. In-place masking protects sensitive data that already exists in the target non-production SAP system by applying approved scrambling patterns directly against the target data set.
Introduction to DDR In-Place Masking
In-Place Masking is used when sensitive data is already present in the target non-production system and must be protected without performing a full new data replication cycle. Instead of only masking during export or import, DDR allows the user to select an in-place mode and apply an approved scrambling profile directly to the existing target data.
This is useful after a client refresh, test data load, support copy, or previous replication where data needs to be secured before wider non-production access is provided to project teams, support users, testers, partners, or training users.
Key point: In-place masking should only be used for non-production systems and must be controlled through authorised templates, approved scrambling patterns, and correct target system connections.
Technical Benefits and Advantages
Protect data that already exists in the target system without forcing a complete refresh or reload.
Mask sensitive values in the non-production client where users will actually access the data.
Avoid separate manual clean-up or ad hoc masking activities after a system refresh.
Use the same approved scrambling patterns across multiple masking templates for consistency.
Helps reduce exposure of personal, payroll, customer, vendor, financial, or commercially sensitive data.
Masking is configured through the DDR wizard and preview panel before execution.
Select In Place – Target from Scramble Mode
In the DDR Object Refresh wizard, go to the Scramble Mode step. Open the Mode dropdown and select In Place – Target. This option is used when the target system already contains the data and the requirement is to mask that data directly in the target.
The preview panel should be reviewed carefully. It confirms the template type, template name, transfer type, connection, process, business object, and whether data scrambling has been enabled.
Important: In-place masking requires the correct target-side connection and should only be used where the target non-production system is intended to be masked.
Include the Required Scrambling Pattern
Once In Place – Target is selected, DDR displays the available scrambling patterns. Select the required pattern and click Include. The pattern is moved into the Selected Patterns section and the preview panel updates to show that Data Scramble is enabled.
The selected profile controls which fields and rules will be applied during the in-place masking run. In the example shown, the selected profile is SCR_RAN_LIST.
Review the Preview Panel Before Completion
Before progressing, confirm the values in the preview panel. This prevents masking from being applied to the wrong target, wrong process, wrong business object, or wrong profile.
| Preview Field | What to Check |
|---|---|
| Template Type | Confirm the template is the intended custom or standard template for the masking activity. |
| Template Name | Confirm the name clearly identifies the in-place masking purpose. |
| Transfer Type | Confirm the correct RFC-based connection is being used for the target system activity. |
| Connection | Confirm the source and target client values are correct. In-place masking normally relies on the target-side processing route. |
| Business Object | Confirm the data domain being masked, for example transactional data. |
| Data Scramble | Confirm this is set to Yes after the scrambling pattern is included. |
| Profile | Confirm the selected scrambling profile is correct before the template is finalised. |
Complete the Template and Execute from DDR
After confirming the in-place masking mode and selected profile, continue through the wizard and complete the template. Once released, the template can be executed from DDR using the normal dashboard execution process.
During execution, DDR applies the selected scrambling rules against the relevant target data. The user should monitor the job from the dashboard and review job status, runtime progress, and any error log entries.
Operational note: Execute in-place masking during an approved maintenance or controlled test window where possible, especially where large target tables are involved.
Recommended Control Checks
- Confirm the system is a non-production target system.
- Confirm the RFC connection points to the correct target client.
- Confirm the selected pattern is approved for the data domain being masked.
- Confirm the template preview shows Data Scramble: Yes.
- Confirm the selected profile is correct before releasing the template.
- Confirm authorisation is restricted to approved DDR users only.
- Review dashboard status and error logs after execution.
When to Use In-Place Masking
| Scenario | Why In-Place Masking Helps |
|---|---|
| After a target refresh | Protect sensitive data that has already been copied into the non-production client. |
| Before opening test access | Mask personal or commercial data before wider project or support teams are given access. |
| For existing target data | Avoid running a complete new replication when the data already exists and only needs protection. |
| For compliance remediation | Apply controlled scrambling where sensitive values have been identified in a non-production system. |