https://www.guru99.
com/
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1) Explain what is SAP security?
SAP security is providing correct access to business users with respect to their authority or
responsibility and giving permission according to their roles.
2) Explain what is “roles” in SAP security?
“Roles” is referred to a group of t-codes, which is assigned to execute particular business task.
Each role in SAP requires particular privileges to execute a function in SAP that is called
AUTHORIZATIONS.
3) Explain how you can lock all the users at a time in SAP?
By executing EWZ5 t-code in SAP, all the user can be locked at the same time in SAP.
4) Mention what are the pre-requisites that should be taken before assigning Sap_all to a user
even there is an approval from authorization controllers?
Pre-requisites follows like
• Enabling the audit log- using sm 19 tcode
• Retrieving the audit log- using sm 20 tcode
5) Explain what is authorization object and authorization object class?
• Authorization Object: Authorization objects are groups of authorization field that regulates
particular activity. Authorization relates to a particular action while Authorization field
relates for security administrators to configure specific values in that particular action.
• Authorization object class: Authorization object falls under authorization object classes,
and they are grouped by function area like HR, finance, accounting, etc.
� https://www.guru99.com/
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
6) Explain how you can delete multiple roles from QA, DEV and Production System?
To delete multiple roles from QA, DEV and Production System, you have to follow below steps
• Place the roles to be deleted in a transport (in dev)
• Delete the roles
• Push the transport through to QA and production
This will delete all the all roles
7) Explain what things you have to take care before executing Run System Trace?
If you are tracing batch user ID or CPIC, then before executing the Run System Trace, you have to
ensure that the id should have been assigned to SAP_ALL and SAP_NEW. It enables the user to
execute the job without any authorization check failure.
8) Mention what is the difference between USOBT_C and USOBX_C?
• USOBT_C: This table consists the authorization proposal data which contains the
authorization data which are relevant for a transaction
• USOBX_C: It tells which authorization check are to be executed within a transaction and
which must not
9) Mention what is the maximum number of profiles in a role and maximum number of object
in a role?
Maximum number of profiles in a role is 312, and maximum number of object in a role is 170.
10) What is the t-code used for locking the transaction from execution?
For locking the transaction from execution t-code SM01, is used.
11) Mention what is the main difference between the derived role and a single role?
For the single role, we can add or delete the t-codes while for a derived role you cannot do that.
12) Explain what is SOD in SAP Security?
SOD means
Segregation of Duties; it is implemented in SAP in order to detect and prevent error or fraud
during the business transaction. For example, if a user or employee has the privilege to access
bank account detail and payment run, it might be possible that it can divert vendor payments to
his own account.
� https://www.guru99.com/
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
13) Mention which t-codes are used to see the summary of the Authorization Object and Profile
details?
• SU03: It gives an overview of an authorization object
• SU02: It gives an overview of the profile details
14) Explain what is User Buffer?
A user buffer consists of all authorizations of a user. User buffer can be executed by t-code SU56
and user has its own user buffer. When the user does not have the necessary authorization or
contains too many entries in his user buffer, authorization check fails.
15) By which parameter number of entries are controlled in the user buffer?
In user buffer number of entries are controlled by the profile parameter
“Auth/auth_number_in_userbuffer”.
16) How many transactions codes can be assigned to a role?
To a role maximum of 14000 transaction codes can be assigned.
17) Mention which table is used to store illegal passwords?
To store illegal passwords, table USR40 is used, it is used to store pattern of words which cannot
be used as a password.
18) Explain what is PFCG_Time_Dependency ?
PFCG_TIME_DEPENDENCY is a report that is used for user master comparison. It also clears up
the expired profiles from user master record. To directly execute this report PFUD transaction
code can also be used.
19) Explain what does USER COMPARE do in SAP security?
In SAP security, USER COMPARE option will compare the user master record so that the produced
authorization profile can be entered into the user master record.
20) Mention different tabs available in PFCG?
Some of the important tab available in PFCG includes
• Description: The tab is used to describe the changes made like details related to the role,
addition or removal of t-codes, the authorization object, etc.
• Menu: It is used for designing user menus like addition of t-codes
• Authorization: Used for maintaining authorization data and authorization profile
• User: It is used for adjusting user master records and for assigning users to the role
� https://www.guru99.com/
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
21) Which t-code can be used to delete old security audit logs?
SM-18 t-code is used to delete the old security audit logs.
22) Explain what reports or programs can be used to regenerate SAP_ALL profile?
To regenerate SAP_ALL profile, report AGR_REGENERATE_SAP_ALL can be used.
23) Using which table transaction code text can be displayed?
Table TSTCT can be used to display transaction code text.
24) Which transaction code is used to display the user buffer?
User buffer can be displayed by using transaction code SU56
25) Mention what SAP table can be helpful in determining the single role that is assigned to a
given composite role?
Table AGR_AGRS will be helpful in determining the single role that is assigned to a given
composite role.
26) What is the parameter in Security Audit Log (SM19) that decides the number of filters?
Parameter rsau/no_of_filters are used to decide the number of filters.
Guru99 Provides FREE ONLINE TUTORIAL on Various courses like
Java MIS MongoDB BigData Cassandra
Web Services SQLite JSP Informatica Accounting
SAP Training Python Excel ASP Net HBase
Project
Test Management Business Analyst Ethical Hacking PMP
Management
� https://www.guru99.com/
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Live Project SoapUI Photoshop Manual Testing Mobile Testing
Data Warehouse R Tutorial Tableau DevOps AWS
Software
Jenkins Agile Testing RPA JUnit
Engineering
Selenium CCNA AngularJS NodeJS PLSQL
