8/28/2015

Data Warehousing

19SAPSecurityInterviewQuestionsandanswers

SAP

MicroSoft

Java

Oracle

Testing

WebSphere

Advanced

Home SAP SAP Security Interview Questions and answers

SAP Security Interview Questions and

answers

Searchhere..

Demo Video

PublishedbyadminOnJuly03,2014

Question.1 Please explain the personalization tab within a role?

Answer: Personalization is a way to save information that could be common to users, I meant to a user
roleE.g.youcancreateSAPqueriesandmanageauthorizationsbyusergroups.Nowthisinformationcan
bestoredinthepersonalizationtaboftherole.(IsupposedthatitisawayforSAPtoaddresshisambiguityof
itsconceptofusergroupandroles:isusergroupagroupingofpeoplesharingthesameaccessorisittherole
whoisthegroupingofpeoplesharingthesameaccess).
Question.2 Is there a table for authorizations where I can quickly see the values entered
in a group of fields?
Answer: In particular I am looking to find the field values for P_ORGIN across a number of authorization
profiles, without having to drill down on each profile and authorization. AGR_1251 will give you some
reasonableinfo.

BigClasses.com Reviews
BigClasses.com Reviews
4 stars based on 50 reviews
Follow

Follow

Question.3 How can I do a mass delete of the roles without deleting the new roles ?
Follow

Answer: ThereisaSAPdeliveredreportthatyoucancopy,removethesystemtypecheckandrun.Todoa
landscape with delete, enter the roles to be deleted in a transport, run the delete program or manually delete
andthenreleasethetransportandimportthemintoallclientsandsystems.
Itiscalled:AGR_DELETE_ALL_ACTIVITY_GROUPS.Tousedit,youneedtotweak/debug&replacethecode
as it has a check that ensure it is deleting SAP delivered roles only. Once you get past that little bit, it works
well.

Follow@bigclasses

BigClasses
YouTube

Question.4 Someone has deleted users in our system, and I am eager to find out who. Is
there a table where this is logged?
Answer: DebugoruseRSUSR100tofindtheinfos.
RuntransactionSUIManddownitsChangedocuments.
Question.5 How to insert missing authorization?
Answer: su53 is the best transaction with which we can find the missing authorizations.and we can insert
thosemissingauthorizationthroughpfcg.
Question.6 What is the difference between role and a profile?
Answer: Roleandprofilegohandinhand.Profileisboughtinbyarole.Roleisusedasatemplate,where
you can add Tcodes, reports..Profile is one which gives the user authorization. When you create a role, a
profileisautomaticallycreated.
Question.7 What profile versions?
Answer: ProfileversionsarenothingbutwhenumodifiesaprofileparameterthroughaRZ10andgenerates
anewprofileiscreatedwithadifferentversionanditisstoredinthedatabase.
Question.8 What is the use of role templates?
Answer: User role templates are predefined activity groups in SAP consisting of transactions, reports and
webaddresses.
Question.9 What is the different between single role & composite role?
Answer: Aroleisacontainerthatcollectsthetransactionandgeneratestheassociatedprofile.Acomposite
rolesisacontainerwhichcancollectseveraldifferentroles
Question.10 Is it possible to change role template? How?

http://learn.bigclasses.com/sapsecurityinterviewquestionsandanswers

1/4

8/28/2015

19SAPSecurityInterviewQuestionsandanswers

Question.10 Is it possible to change role template? How?

Answer: Yes,wecanchangeauserroletemplate.Thereareexactlythreewaysinwhichwecanworkwith
userroletemplates
wecanuseitastheyaredeliveredinsap
wecanmodifythemasperourneedsthroughpfcg
wecancreatethemfromscratch.
Foralltheabovespecifiedwehavetousepfcgtransactiontomaintainthem.
Question.11 SAP Security Tcodes?
Answer:
FrequentlyusedsecurityTcodes
SU01Create/ChangeUserSU01Create/ChangeUser
PFCGMaintainRoles
SU10MassChanges
SU01DDisplayUser
SUIMReports
ST01Trace
SU53Authorizationanalysis
Question.12 How to create users?
Answer: ExecutetransactionSU01andfillinallthefield.Whencreatinganewuser,youmustenteraninitial
passwordforthatuserontheLogondatatab.Allotherdataisoptional.Clickhereforturotialoncreatingsap
userid.
Question.13 What is the difference between USOBX_C and USOBT_C?
Answer: The table USOBX_C defines which authorization checks are to be performed within a transaction
andwhichnot(despiteauthoritycheckcommandprogrammed).Thistablealsodetermineswhichauthorization
checksaremaintainedintheProfileGenerator.ThetableUSOBT_Cdefinesforeachtransactionandforeach
authorizationobjectwhichdefaultvaluesanauthorizationcreatedfromtheauthorizationobjectshouldhavein
theProfileGenerator.
Question.14 What authorization are required to create and maintain user master records?
Answer: The following authorization objects are required to create and maintain user master records:
S_USER_GRP:UserMasterMaintenance:Assignusergroups
S_USER_PRO:UserMasterMaintenance:Assignauthorizationprofile
S_USER_AUT:UserMasterMaintenance:Createandmaintainauthorizations
Q.ListR/3UserTypes
A.1.Dialogusersareusedforindividualuser.Checkforexpired/initialpasswordsPossibletochangeyourown
password.Checkformultipledialoglogon
2.AServiceuserOnlyuseradministratorscanchangethepassword.Nocheckforexpired/initialpasswords.
Multiplelogonpermitted
3.System users are not capable of interaction and are used to perform certain system activities, such as
backgroundprocessing,ALE,Workflow,andsoon.
4.AReferenceuseris,likeaSystemuser,ageneral,nonpersonallyrelated,user.Additionalauthorizationscan
beassignedwithinthesystemusingareferenceuser.Areferenceuserforadditionalrightscanbeassignedfor
everyuserintheRolestab.
Question.15 What is a derived role?
Answer: Derivedrolesrefertorolesthatalreadyexist.Thederivedrolesinheritthemenustructureandthe
functionsincluded(transactions,reports,Weblinks,andsoon)fromtherolereferenced.Arolecanonlyinherit
menusandfunctionsifnotransactioncodeshavebeenassignedtoitbefore.
Thehigherlevelrolepassesonitsauthorizationstothederivedroleasdefaultvalueswhichcanbechanged
afterwards.Organizationalleveldefinitionsarenotpassedon.Theymustbecreatedanewintheinheritingrole.
Userassignmentsarenotpassedoneither.

http://learn.bigclasses.com/sapsecurityinterviewquestionsandanswers

2/4

8/28/2015

19SAPSecurityInterviewQuestionsandanswers

Derived roles are an elegant way of maintaining roles that do not differ in their functionality (identical menus
andidenticaltransactions)buthavedifferentcharacteristicswithregardtotheorganizationallevel.
Question.16 What is a composite role?
Answer: A composite role is a container which can collect several different roles. For reasons of clarity, it
doesnotmakesenseandisthereforenotallowedtoaddcompositerolestocompositeroles.Compositeroles
arealsocalledroles.
Composite roles do not contain authorization data. If you want to change the authorizations (that are
representedbyacompositerole),youmustmaintainthedataforeachroleofthecompositerole.
Creating composite roles makes sense if some of your employees need authorizations from several roles.
Insteadofaddingeachuserseparatelytoeachrolerequired,youcansetupacompositeroleandassignthe
userstothatgroup.
The users assigned to a composite role are automatically assigned to the corresponding (elementary) roles
duringcomparison.
Question.17 What does user compare do?
Answer: If you are also using the role to generate authorization profiles, then you should note that the
generatedprofileisnotenteredintheusermasterrecorduntiltheusermasterrecordshavebeencompared.
YoucanautomatethisbyschedulingreportFCG_TIME_DEPENDENCYon.
Question.18 How do I change the name of master / parent role keeping the name of
derived/child role same? I would like to keep the name of derived /child role same and
also the profile associated with the child roles.?
Answer:FirstcopythemasterroleusingPFCGtoarolewithnewnameyouwishtohave.Thenyouhaveto
generatetherole.Nowopeneachderivedroleanddeletethemenu.Oncethemenusareremoveditwillletyou
put new inheritance. You can put the name of the new master role you created. This will help you keep the
samederivedrolenameandalsothesameprofilename.Oncethenewrolesaredoneyoucantransportit.The
transportautomaticallyincludestheParentroles.
Question.19 What is the difference between C (Check) and U (Unmentioned)?
Answer: Background: When defining authorizations using Profile Generator, the table USOBX_C defines
which authorization checks should occur within a transaction and which authorization checks should be
maintainedinthePG.YoudeterminetheauthorizationchecksthatcanbemaintainedinthePGusingCheck
Indicators.ItisaCheckTableforTableUSOBT_C.
InUSOBX_Cthereare4CheckIndicators.
CM(Check/Maintain)
Anauthoritycheckiscarriedoutagainstthisobject.
ThePGcreatesanauthorizationforthisobjectandfieldvaluesaredisplayedforchanging.
Defaultvaluesforthisauthorizationcanbemaintained.
C(Check)
Anauthoritycheckiscarriedoutagainstthisobject.
ThePGdoesnotcreateanauthorizationforthisobject,sofieldvaluesarenotdisplayed.
Nodefaultvaluescanbemaintainedforthisauthorization.
N(Nocheck)
Theauthoritycheckagainstthisobjectisdisabled.
ThePGdoesnotcreateanauthorizationforthisobject,sofieldvaluesarenotdisplayed.
Nodefaultvaluescanbemaintainedforthisauthorization.
InterviewQ&A

U(Unmaintained)

BigClasses

Blog

Reviews

Nocheckindicatorisset.
Anauthoritycheckisalwayscarriedoutagainstthisobject.
ThePGdoesnotcreateanauthorizationforthisobject,sofieldvaluesarenotdisplayed.
Nodefaultvaluescanbemaintainedforthisauthorization.

http://learn.bigclasses.com/sapsecurityinterviewquestionsandanswers

3/4

8/28/2015

19SAPSecurityInterviewQuestionsandanswers

SAPSECURITYINTERVIEWQUESTIONSANDANSWERS

SAPSECURITYINTERVIEWQUESTIONSANDANSWERS2014

SAPSECURITYINTERVIEWQUESTIONSANDANSWERSEXPLANATIONS

Previous:SAPSDInterviewQuestionsandAnswers

SAPSECURITYINTERVIEWQUESTIONSANDANSWERSPDF

Next:ASP.NETInterviewQuestionsandanswers

Leave a Reply
Name*

Name*

Email*

Email*

Website

Website

YourCommentHere..

POSTCOMMENT

RSS | Sitemap | About Us | Testimonials | Terms of Use | Privacy Policy | Contact Us

Learn From BigClasses 2015

Flat15%OffonallDWHTools&allSAPmodules Hurry..!!! Upto31st

AugOnly..

http://learn.bigclasses.com/sapsecurityinterviewquestionsandanswers

4/4