SAP Security Interview Questions And Answers Part - 1

1. What is derived role?

Derived roles are called child roles and its derived from another role which is already exist which is called as master role.

Derived roles inherits menu structure and functions like transactions, reports, weblinks and etc from master role

You need to maintain organization levels in derived role.

2. What is the use of SU56 transaction code?

SU56 tcode used to display current user buffer which authorization is assigned in user master record.

Administrators can able to reset other user buffer when its required.

3. How to lock large number of users at a time?

SU10 tcode used to lock large number of users at a time or check our earlier post for mass user change here

4. How do you check whether CUA is configured in your system?

Go to SU10d tcode and display a usernames which is exist in the particular system and check whether there is a “System” tab before “Roles” Tab which means CUA is configured in it.

5. How GRC landscape designed?

It will be designed a 2 system landscape

GRCDEVàGRCPRD

6. Which ABAP report used for user master reconciliation?

PFCG_TIME_DEPENDENCY 

7. What is the tcode to create authorization groups?

SE54

8. List out some of the critical security transaction codes

SU01, PFCG, ST01, SU24, SU25, SU10

9. List out some security critical authorization objects

S_USER_PRO

S_USER_AGR

S_USER_AUT

S_USER_GRP

S_TABU_DIS

S_TABU_CLI

10. Why does user comparison required?

Security administrators need to perform user comparison when authorization changes required immediate effect 

11. How many profiles/roles can be assigned to a user?

312

12. Maximum how many authorization objects can be assigned to a role?

Max 150 authorization can be assigned to a role

13. What is the use of profile generator/PFCG?

Profile generator used to create/modify/copy/transport/user assignment to a role

14. What is the difference between PFCG, PFCG_TIME_DEPENDENCY and PFUD transaction code?

PFCG is used to create/maintain roles

PFCG_TIME_DEPENDENCY is used to perform mass user comparison

PFUD transaction code does same function like PFCG_TIME_DEPENDENCY report mass user comparison which can be scheduled as background job

15. Transaction codes which is used for security audit?

SM19 and SM20

16. What is the usage of personalization tab in a role?

Personalization tab used to save common information to all users.

17. In which table all activities are stored?

TACT

18. In which table all valid activities for each authorization objects are available?

TACTZ

19. Which ABAP report used to delete mass roles?

AGR_DELETE_ALL_ACTIVITY_GROUPS

20. Table used to roles in composite role?

AGR_AGRS

Security Q & A Part - 2

Click here for GRC questions and answers Part-1 and Part-2