If you're looking for SAP Security Interview Questions and Answers 2019 for Experienced & Freshers, you are at the right place. Here Mindmajix presenting a list of 40+ interview questions on SAP Security. There are a lot of opportunities from many reputed companies in the world. According to research SAP Security has a market share of about 0.8%. So, You still have the opportunity to move ahead in your career in SAP Security. Mindmajix offers Advanced SAP Security Interview Questions 2019 that helps you in cracking your interview & acquire dream career as SAP Security Developer.
|This gives personal information about which particular authorization checks need execution inside the transaction and which authorization check doesn’t need to be.||This table gives information regarding the proposal data of the authorization that includes the data related to authorization which is useful for transactions|
|This table also looks at the checks which are present in the profile generator.||It looks at the default of set values which need to be present in the profile generator.|
The main role of SAP security is to provide the right access for users with business according to their responsibility and the authority that they hold. And permission is supposed to be given as per their roles in any of the organization or departments.
Roles are nothing but the transactional codes these are generally found in groups. These codes are given to take out a specific business assignment. So all these t-codes or roles requires some specific privileges to implement any function as far as SAP security is concerned. And these special privileges are known as authorization.
It is possible to lock every user at the same time at SAP security. One has to implement a transactional code EWZ5 for doing this particular task.
There are certain steps that need to be taken prior to handing over or giving SAP_all to any of the users. These steps are necessary even when it has the approval of someone in the position of authority. These pre-requisite includes the following.
It is very essential to understand the meaning of authorization object and that of authorization object class.
The authorization object is nothing but the groups of the field of authorization which looks after the function of a specific activity. Authorization is related to a specific action only whereas the field of authorization looks after the security administrators. It helps in the configuration of the particular values in any action which is required.
As far as authorization object class is concerned it is an umbrella term under which authorization object is taken into consideration. These are put into groups by some departments which include accounting, HR, finance and some more.
There are certain steps which make it possible to delete numerous roles from the above-mentioned systems. These steps are as follows:
There are a few things that need to be done before one wants to execute the Run system trace. If one is going to trace the CPIC or the user id then prior to executing Run system then one has to make sure that they said ID is given to someone that is either SAP_new or SAP_all. This has to be done because this ensures that one is able to execute the work without any kind of checking failure by the authorization.
Three hundred and twelve is the highest amount of profile that a role can have. And a role can have one hundred and seventy highest amount of object.
The transactional code which is used to lock the transaction from the execution is SM01.
The main difference is that of dealing with the transactional codes. When one deals with the single role then the transactional codes can be added or deleted easily. But if one is dealing with a derived role then a person is not able to add or delete any transactional code. This is the most important difference that one needs to know about a single role and derived role.
SOD is the segregation of duties the most important reason as to why is it implemented is that it helps in detecting and preventing any kind of fraud or error which might occur while getting into business and money transactions. Say for instance an employee or even a user is privileged to access any account details of a bank and go through any kind of payment then it might be likely that it can change the course of the payments of the vendor to the employees or users own bank accounts. That is why it is essential to implement the SOD.
In case if one person has to go through the summary for profile and authorization object then there are two different transactional codes are to be used.
For the summary of any authorization, object one has to use the transactional code of SU03. And if one needs the summary of profile details then one has to use the transactional code of SU02.
The user buffer is the one which has every authorization of any user. A user buffer can be implemented by a transactional code of SU56. Any user has a user buffer of own. In case of a lot of entries in the users, user buffer it leads to failure in the authorization checking. If there is no needful authorization to the user then even that leads to failure in the authorization checking.
The user buffer looks at the entries and it has to control the entries because it shouldn’t exceed. The parameter which is used is the following, auth/auth_number_in_userbuffer.
A role can have a transactional code of as many as fourteen thousand.
In order to stock or accumulate the illegal password a table called USR40 is usually used. This particular table stores various patterns and arrangements of words that cannot be implemented while making any password.
The PFCG time dependency is nothing but a report which is normally used for comparison of the user master. The PFCG Time dependency also makes sure to wipe away any profiles from the main record which seem to have expired and are of no use. There is also a transactional code which can be employed in order to execute this particular action. The transactional code which is used to do this is PFUD.
The role of user compare in the sap security is that it helps in comparison of the master records of the user. This helps in entering the authorized profile which is produced into the main records.
There are a lot of important and essential tabs which are present in the PFCG. The following tabs are included in the PFCG.
If one has to delete the previous audit log of the security then the transactional code of SM-18 will be used.
If one has to regenerate the profile of sap all then one has to use the following report or program;
If a person wants to display the text of the transactional code then TSTCT table will be used.
If a user buffer needs to be displayed when the following transactional code will be used; the code is SU56.
If one has to know the single roles the table which is used is AGR_AGRS.
The parameter which is used for deciding on the amount of filters is as follows; rsau/no_of_filters.
The derived role is an already present role. This role receives functions and menu structure which is present in the role referenced. This function of inheriting by the roles is only possible when no type of transactional code is assigned prior. The roles at the highest level will pass on the authorizations as a default to derived roles and this can be changed later on. Certain levels are not passed to the derived roles and they need to be created newly this includes the organizational definitions as well as assignments of the user. Derived roles are well-designed and have a fixed functionality which means it has the same menus and transactions. But the characteristics are different as far as the level of organization is concerned.
On the other hand, a composite level role is like a big container which can collect numerous varied roles. These types of roles do not have any data about authorization. In case of any changes in the authorization since composite roles represent it, a data needs to be maintained regarding every role of every composite role. Creation of the composite roles is only useful when some of the employees in the organization require authorization from various roles. So, in that case, the composite role can be set and the user can be assigned to that group. This is time saving rather than separately assigning every user to each different role. When a user is assigned to one composite role, then during comparison they are spontaneously assigned to other elementary roles.
The transactional codes which are most commonly used in SAP security are
SU53 for authorization of analysis, ST01 for trace, SUIM for the reports, SU01D for the display user, SU10 for bulk changes, PFCG to maintain roles and SU01 for the creation or changing the user.
The role templates are nothing but the activity clusters which are predetermined. These clusters or groups consist of the reports, web addresses and the transactions.
In SAP system user group can be created by following steps,
By using SE10 t-code we can find the transport requests created by other users.
By using t-code RSPFPAR we can ding user-defined and system default security parameters.
By using t-code SCC4, we can assign logical system to the client.
If you want to copy data from USBOT, USBOX to tables USOBT_C and USOBX_C, then we can use t-code SU25.
ST01 t-code is used to trace the user authorizations.
Derived roles are defined by other existing roles called as master roles.
Derived roles inherit features from a master role like functions, menu structure, transactions, reports, web links etc.
T-code SU56 is used to display current user buffer which authorization is assigned in user master record.
We can lock multiple users using SU01 t-code. Go to SU01 t-code and enter user names to be locked.
We can create authorization groups in SAP using SE54 T-code.
In SAP, the maximum number of roles can be assigned is 312.
SAP supports multiple layers of security, they are:
Authentication, Authorization, Integrity, Privacy, and Obligation.
We can get the user list by using SM04/AL08 transaction code.
Using SM37 transaction code we can check the background jobs.
Transaction code SM12 is used to manage lock entries.