Explain what is SAP security?
SAP security is providing correct access to business users concerning their authority or responsibility and permitting according to their roles.
Explain what is “roles” in SAP security?
“Roles” refers to a group of t-codes, that is assigned to execute a particular business task. Each role in SAP requires particular privileges to execute a function in SAP that is called AUTHORIZATIONS.
Explain how you can lock all the users at a time in SAP?
By executing the EWZ5 t-code in SAP, all the users can be locked at the same time in SAP.
Mention what are the prerequisites that should be taken before assigning Sap_all to a user even if there is approval from authorization controllers?
Pre-requisites follows like
Enabling the audit log- using sm 19 code
Retrieving the audit log- using sm 20 code
Explain what is authorization object and authorization object class?
Authorization Object: Authorization objects are groups of authorization field that regulates particular activity. Authorization relates to a particular action while the Authorization field relates to security administrators configuring specific values in that particular action.
Authorization object class: Authorization objects fall under authorization object classes, and they are grouped by function areas like HR, finance, accounting, etc.
What is the table name to see the authorization objects for a user?
USR12
What are the two main tables to maintain authorization objects?
USOBT, USOBX
How to secure tables in SAP?
Using Authorization group (S_TABU_DIS, S_TABU_CLI) in T.Code SE54
What is the user type for a background jobs user?
1 System User, 2. Communication User
What is the t-code used for locking the transaction from execution?
For locking the transaction from execution t-code SM01 is used.
Mention what is the main difference between a derived role and a single role?
For the single role, we can add or delete the t-codes while for a derived role you cannot do that.
Explain what is SOD in SAP Security?
SOD means Segregation of Duties; it is implemented in SAP to detect and prevent errors or fraud during the business transaction. For example, if a user or employee has the privilege to access bank account details and payment runs, it might be possible that it can divert vendor payments to his account.
Mention which t-codes are used to see the summary of the Authorization Object and Profile details?
SU03: It gives an overview of an authorization object
SU02: It gives an overview of the profile details
What is the use of role templates?
User role templates are predefined activity groups in SAP consisting of transactions, reports, and web addresses.
What is the difference between a single role & composite role?
A role is a container that collects the transaction and generates the associated profile. A composite role is a container which can collect several different roles
| Learn more information from the GoLogica “SAP ABAP Training“ |
Is it possible to change the role template? How?
Yes, we can change a user role template. There are exactly three ways in which we can work with user role templates
- we can use it as they are delivered in sap
- we can modify them as per our needs through PFC
- we can create them from scratch.
For all the above specified we have to use pfcg transaction to maintain them.
What is the difference between USOBX_C and USOBT_C?
The table USOBX_C defines which authorization checks are to be performed within a transaction and which are not (despite the authority-check command programmed ). This table also determines which authorization checks are maintained in the Profile Generator. The table USOBT_C defines each transaction and for each authorization object which default values an authorization created from the authorization object should have in the Profile Generator.
Execute transaction SU01 and fill in all the fields. When creating a new user, you must enter an initial password for that user on the Logon data tab. All other data is optional. Click here for a tutorial on creating a sap user ID.
Explain what is PFCG_Time_Dependency ?
PFCG_TIME_DEPENDENCY is a report that is used for user master comparison. It also clears up the expired profiles from the user master record. To directly execute this report PFUD transaction code can also be used.
Explain what USER COMPARE does in SAP security?
In SAP security, the USER COMPARE option will compare the user master record so that the produced authorization profile can be entered into the user master record.
How are authorization reports generated? The reports should include activity by object and be accessible to all users with access.
Run SUSR_SYNC_USER_TABLES and then try code SUIM/report RSUSR002. Enter your object in Object 1 and press enter. Follow the prompts.
Related Articles:
🎯 SAP VC Tutorial
🎯 What Is SAP BPC 11.0?
🎯 Features And Functionality – SAP BPC
🎯 Introduction To Financial Consolidation – SAP BPC
🎯 Crystal Reports Tutorial – GoLogica
🎯 A Complete Guide to SAP Variant Configuration
🎯 SAP BPC Tutorial for Beginners
🎯 SAP Simple Finance Interview Questions