1. How do you identify SAP standard
roles?
SAP standard roles will start with
“SAP*”
2. How do you assign SAP standard role to
user or what is the procedure to assign SAP standard role?
It’s good to avoid direct
assignment of SAP standard roles and copy SAP standard role to a new role and
assign it to the users.
3. There is no authorization profile
assigned to a role whether its considered as composite role?
No its not considered as composite
role and it’s a incomplete single role
4. What are the role types available?
- Single role
- Composite role
- Derived role
- Master role
- Copy role
5. What is the relationship between
parent role and derived role?
Parent role is the place where we
maintain list of tcodes and derived role will inherit all the authorizations
from parent role except Org values.
6. What are the values for user lock?
- 00 - not locked
- 32 – Locked Globally by administrator
- 64 – Locked by administrator
- 128 – Locked due to incorrect logon attempt
7. How do you deactivate a
authorization object globally?
Goto tcode SU25 and select step 5.
Deactivate authorization object globally
8. If all users are locked mistakenly
and how do you login to sap system
Check link how to unlock SAP* at
OS level
9. Which authorization object used to
check transaction codes?
S_tcode
10. Which authorization object is used
to check HR transaction codes?
P_tcode
11. Why do we need to create a TR for
a role?
Roles are developed in development
system and tested in quality system and moved to production system, so that’s
why we need to create a transport request for a role when its created/changed
12. List out important security tcodes
PFCG Role Maintenance
SM19 Security Audit Configuration
SM20 Security Audit Log Assessment
ST01 System Trace
SU01 User Maintenance
SU02 Maintain Authorization
Profiles
SU03 Maintain Authorizations
SU10 User Mass Maintenance
SU21 Maintain Authorization Objects
SU24 Auth. Obj. Check Under
Transactions
SU25 Upgrade Tool for Profile
Generator
SU53 Display Check Values
SUIM User Information System
13. What are the mandatory fields
while creating a username?
Password and lastname
14. What is the difference between
USOBX_C and USOBT_C?
Table USOBX_C defines which authorization checks are to be performed within a transaction and which not (despite authority-check command programmed ) when its executed. This table also determines which authorization checks are maintained in the Profile Generator.
Table USOBT_C defines for each transaction and for each authorization object which default values an authorization created from the authorization object should have in the Profile Generator.
Table USOBX_C defines which authorization checks are to be performed within a transaction and which not (despite authority-check command programmed ) when its executed. This table also determines which authorization checks are maintained in the Profile Generator.
Table USOBT_C defines for each transaction and for each authorization object which default values an authorization created from the authorization object should have in the Profile Generator.
15. How do you create usernames in SAP?
Goto transaction SU01 and creating a new username, you must enter an initial password for that user on the Logon data tab and last name in address tab
Goto transaction SU01 and creating a new username, you must enter an initial password for that user on the Logon data tab and last name in address tab
16. What are the authorization objects
are required to create and maintain user master records?
- S_USER_GRP: User Master Maintenance: Assign user groups
- S_USER_PRO: User Master Maintenance: Assign authorization profile
- S_USER_AUT: User Master Maintenance: Create and maintain authorizations
17. List R/3 User Types
- Dialog - users are used for individual user. Check for expired/initial passwords Possible to change your own password. Check for multiple dialog logon
- Service user - Only user administrators can change the password. No check for expired/initial passwords. Multiple logon permitted
- System - users are not capable of interaction and are used to perform certain system activities, such as background processing, ALE, Workflow, and so on.
- Reference - user is, like a System user, a general, non-personally related, user. Additional authorizations can be assigned within the system using a reference user. A reference user for additional rights can be assigned for every user in the Roles tab.
- Communication data – GUI logon not possible and and check for expired/initial passwords and its used for RFC connections
18. What does user compare do?
If you are also using the role to generate authorization profiles, then you should note that the generated profile is not entered in the user master record until the user master records have been compared. You can automate this by scheduling report FCG_TIME_DEPENDENCY on.
If you are also using the role to generate authorization profiles, then you should note that the generated profile is not entered in the user master record until the user master records have been compared. You can automate this by scheduling report FCG_TIME_DEPENDENCY on.
19. What is the difference between the
table buffer and the user buffer?
The table buffers are in the shared memory. Buffering the tables increases performance when accessing the data records contained in the table. Table buffers and table entries are ignored during startup. A user buffer is a buffer from which the data of a user master record is loaded when the user logs on. The user buffer has different setting options with regard to the 'auth/new_buffering' parameter.
The table buffers are in the shared memory. Buffering the tables increases performance when accessing the data records contained in the table. Table buffers and table entries are ignored during startup. A user buffer is a buffer from which the data of a user master record is loaded when the user logs on. The user buffer has different setting options with regard to the 'auth/new_buffering' parameter.
20. How do
you find out who has deleted a user from your system, Is there a table where
this is logged?
Debug or use RSUSR100 to find the info's.
Run transaction SUIM and down its Change documents.
Debug or use RSUSR100 to find the info's.
Run transaction SUIM and down its Change documents.
21. What is the difference between
role and a profile?
Role and profile go hand in hand, Profile is bought in by a role.
Role and profile go hand in hand, Profile is bought in by a role.
Role is used as a template, where
you can add T-codes, reports. Profile is one which gives the user
authorization. When you create a role, a profile is automatically
created.
22. What is system profile version?
Profile versions are nothing but when you modify a profile parameter in RZ10 and generates a new profile is created with a different version and it is stored in the database and physical backup file is created as .bak.
Profile versions are nothing but when you modify a profile parameter in RZ10 and generates a new profile is created with a different version and it is stored in the database and physical backup file is created as .bak.
23. What is the use of role templates?
User role templates are predefined activity groups in SAP consisting of transactions, reports and web addresses.
User role templates are predefined activity groups in SAP consisting of transactions, reports and web addresses.
24. What is the different between
single role & composite role?
A role is a container that collects the transaction and generates the associated profile. A composite roles is a container which can collect several different roles
A role is a container that collects the transaction and generates the associated profile. A composite roles is a container which can collect several different roles
25. Is it possible to change role
template? How?
Yes, we can change a user role template.
Yes, we can change a user role template.
- we can use it as they are delivered in sap
- we can modify them as per our needs through PFCG
- we can create them from scratch
SAP Security Interview Questions And Answers Part - 3
Please do share if you like this post:)
