Header image

It's full of stars

Where documentation meets reality


Too much personal information

By Tobias Hofmann July 2, 2026 Posted in SAP
Tags: SAP

Reading time: 3 min read


I went through the Fiori app Manage KPIs and reports 🔗.

Manage KPIs and reports

Scrolling a little bit down I found the entry F3942: Group for Contract Details.

Entry F3942

In the detail page the app displays the information of the owner. Normally, for SAP delivered content, these fields are empty. Here, however, there were values. Name, User ID, email.

SAP personal information

Curious about the why I looked closer.

Optional fields

First, these fields are optional. When you create a new group, they are empty and can stay empty. Inserting data here was done on purpose.

new group

OData service

I am unable to edit the enntry, and given that this content is delivered by SAP it should not be editable. Seems I cannot get this personal information out of my system. Question is now: how many of those entries are there? Looking at the OData calls, the service and entity is:

/sap/opu/odata/SBB/SMART_BUSINESS_DESIGNTIME_SRV/INDICATORS

Calling this entity loads all entries at all (no pagination). It is 245 entries in total. Out of these:

In 6 cases the e-mail is delivered by SAP, and 22 times you get a name. The name property also comes 4 times with value TeamS4PP. Leaves 18 names of persons. 22 out of 245 is close to 10%.

Handling of personal data

If someone asks: where do you have personal data? The answer is now: not only in PRD, also have them in DEV. Personal data not from the customer or partner. And not just generic, anonymized personal data like John Doe or Jane Roe.

I do have peronsal data in a system that I did not create. Even when your guidelines state that no personal data should be inserted, maybe only an org name, personal data is stored in the system. As it is SAP content, it is not so easy to delete it. Possible one more case for an exception of the rule: yes, I know, no personal data is to be inserted here, but this is an exception.

There is a reason SAP delivered content is normally shown with user ID / name SAP. First, you do not care who created the content. When you have an issue with the code, your contract is with SAP, not to the person that wrote the code. This is also how it look for most of the content:

no user id

Questions go to SAP; not a specific person. Well, maybe. Now that I DO have the email of the persons that created the groups / KPIs, let’s see how this kind of super premium first class support works. In the meantime, I hope that the QA process gets some more attention and that the personal information can be removed somehow.

App navigation issue

The app Manage KPIs and Reports comes with a navigation feature that makes it hard to work with the app. I can scroll down in the list, click on an entry and when I navigate back to the list page: I starts at the top. The app does not remember where I was last in the list. So if you scroll down 200 entries, open the detail page of the 201. entry, you’ll have to scroll down again 200 entries to click on the 202. entry.