The SAPAppConnRule connection rule uses the Client/Application Information matcher to identify incoming requests. The matcher contains items on the include list that identify SAP clients. The connection rule is applied to any request that comes from a tool that is on the include list. The rule action specifies that Dynamic Data Masking uses the SAPAppRuleSet security rule set for the request.

For example, if a user accesses the database through an SAP client, the SAPAppConnRule rule directs the request to the SAPAppRuleSet security rule set.