SAP security questions and answer

Ans: using system Trace ST01

1. 3.       There are two options in the PFCG while modifying a role. One change authorizations and another expert mode-what is the difference between them

Ans: Change authorization: This option we will use when we create new role and modify old role

Expert mode: i. Delete and recreate authorizations and profile

(All authorizations are recreated. Values which had previously been maintained, changed or entered manually are lost. Only the maintained values for organizational levels remain.)

                           ii. Edit old status

(The last saved authorization data for the role is displayed. This is not useful, if transactions in the role menu have been changed.)

                           iii. Read old data and merge with new data

(If any changes happen in SU24 Authorizations we have to use this)

1. 4.       If we give Organizational values as * in the master role and want to restrict the derived roles for a specific country, how do we do?

Ans: we have to maintain org level for the country based on the plant and sales area etc in the derived Role

1. 5.       What is the table name to see illegal passwords?

Ans: USR40

1. 6.       What is the table name to see the authorization objects for a user

Ans: USR12

1. 7.       What are two main tables to maintain authorization objects

Ans: USOBT, USOBX

1. 8.       How to secure tables in SAP?

Ans: Using Authorization group (S_TABU_DIS, S_TABU_CLI) in T.Code SE54

1. 9.       What are the critical authorization objects in Security

Ans:

S_user_obj,s_user_grp, s_user_agr , s_tabu_dis, s_tabu_cli , s_develop ,s_program

1. 10.   Difference between USOBT and USOBX tables

Ans: 1.USOBT-Transaction VS Authorization objects

        2. USOBX- Transaction VS Authorization objects check indicators

1. 11.   Use of Firefighter application

Whenever the request coming from the user for new authorization .the request goes to firefighter owner. FF owner proved the FF ID to normal user then the user (secu admin) will assign the authori to those users (end user)

1. 12.   Where do we add the FF ids to the SAP user ids

Ans: go to Tcode    /n/virsa/vfat    >>goto fireFighter  tab the give the ffID to firefighter with validity

1. 13.   How to create FF ids

Ans:

1. 14.   Different types of users

Ans: 1.Diolag user 2.service user 3.system user 4.communication user 5.refrences user

1. 15.   Different types of roles

Ans: 1.Single role 2.Composite role 3.Derived role

1. 16.   Can a single role be used as master role?

Ans: yes

1. 17.   How to create derived role

Ans: go to PFCG type the Role name stating with Z .click on create role icon .Then right side u will find derive from here type the parent Role name 

1. 18.   HR Security: How to create structural authorizations in HR

Ans:

1. 19.   HR Security: What are the objects for HR and what is the importance of each HR object

Ans: P_PERNR object is used by a Person to see data related to his Personal Number

P_ORGXX HR: Master Data - Extended Check

1. 20.   How to copy 100 roles from a client 800 to client 900?

Ans: Add all 100 roles as one single composite Role and Transfer the Composite role automatically the 100 Role will transfer to the target client (Using SCC1)

1. 21.   User reports that they lost the access. We check in SUIM and no change docs found...How do you trouble shoot?

Ans: may be user buffer full or role expired

1. 22.   What is the correct procedure for Mass Generation of Roles?

Ans: Using T.Code –SUPC

      32. What is the T.Code SQVI? What is the main usage of this SQVI?

Ans: SQVI -Quick View

     33. How can we maintain Organizational values? How can we create Organizational?

                Ans: PFCG_ORGFIELD_CREATE  in tcode SA38

    35. I want to see list of roles assigned to 10 different users. How do you do it?

Ans:

1. 1.       Goto se16 > agr_users   then mention the 10 users name
2. 2.       Goto SUIM > role by complex selection > type user names

  36.What do you mean by User Buffer? How it works with the user's Authorizations?

Ans: User buffer means user context it contain user related information i.e.) authorizations, parameters, reports, earlier acceded screens .We can see the user context using T.Code –SU56

     37. What is the advantage of CUA from a layman/manager point of view?

Ans: CUA used for maintain and manage the users centrally.

38. Values? What is the purpose of these Org. values?

Ans: Values: it’s used for restrict the user by values e.g. Sale order value (1-100) it means user can  create only 100 sales orders not more than that

40.What is the main purpose of Parameters Groups & Personalization tabs in SU01 and Miniapps in        PFCG?  

       Ans: 1.Parameter tab: its used to auto fills the some of the values during the creation of orders

2. Personalization tab is user to restrict the user in selection criteria E.g.: while selecting pay slip it will shows only last month pay slip by default. If u select the attendances it will shows current month by default

3. Miniapps- we can add some mini applications like calculator, calendar etc

42. How many maximum profiles we can assign to one user?

Ans:312
-------------------------------------------------------------