SAP Security is the key module in the SAP System where administrators need to maintain and develop the user rights on SAP products. According to the research, there is a huge demand for the SAP Security developers in this tech world. So you have an excellent opportunity to move ahead in your career as an SAP Security developer. Tekslate offers you the Best SAP Security Interview Questions for freshers and experienced, which helps you to clear the interview. Our experts categorized the SAP Interview Questions from basic to advanced, so it allows you to clear your SAP Security Certification exam.
In this article, we will cover the following:
Ans: Security is one of the prominent modules in SAP. It provides right access to the business users/clients with respective authorities and responsibilities that they hold. Permissions are given according to their roles in any department of the firms.
Ans: In SAP Security, the term roles are referred to as a transactional code nothing but T-codes. These transactional codes are assigned to carry out the primary business tasks. Each role or t-code in SAP requires specific privileges to carry out the function in SAP, which is known as Authorizations.
Ans: Following are the key differences between USOBX_C and USOBT_C:
USOBX_C |
USOBT_C |
USOBX_C gives individual data about which specific approval checks need execution inside the transaction, and which approval check doesn’t need. |
USOBT_C table gives data concerning the proposal information of the approval that incorporates the information identified with approval which is helpful for transactions.
|
This table additionally takes a look at the checks which are available in the profile generator. |
It takes as a default of set qualities which should be available in the profile generator.
|
Ans: By executing transaction code EWZ5 in SAP Security module, all users can lock at a time while doing a specific task.
Ans: Following are the prerequisites that should consider everyone before assigning SAP_all to the user even they have authorization controllers approval:
Ans: First and foremost, you need to understand the importance of the Authorization object and Authorization object class.
The Authorization object is only the gatherings of the field of approval which takes care of the capacity of a particular action. Authorization is correlated with a particular activity just while the field of authorization takes care of security management. It helps in the design of the specific qualities in any activity which is required.
It is an umbrella term under which the authorization object is contemplated. These are placed into bunches by certain departments which includes HR, accounting, finance and many more.
Ans: Following are the certain steps which are possible to delete the numerous role from the production systems, QA, DEV:
Want to acquire industry skills and gain complete knowledge of SAP BASIS? Enrol in Instructor-Led live SAP BASIS Training to get Job Ready! |
Ans: In SAP Security module, a role can have 312 maximum number of profiles and 150 maximum number of objects.
Ans: There are a couple of things that should be done before executing the Run framework. You need to follow the CPIC or the client id, at that point preceding executing the Run framework, then one needs to ensure that they said ID is given to somebody that is either SAP_new or SAP_all. This must be done on the grounds that they ensure one can execute the work without checking the failure by the authorization.
Ans: The key difference between Single role and Derived role is the transactional code.
In Single role, users can add or delete the transactional code easily. But in the Derived role, users cannot add or delete the transactional code.
Ans: Following are the two transactional codes that go through the summary of the authorization profile and object details.
Ans: SM01 transaction code is used for locking the transaction from execution.
Ans: In SAP Security, SOD stands for Segregation of Duties which is implemented to prevent and detect the business transaction errors.
Ans: In the Sap Security module, the Profile parameter is used to control the excess of entries in the user buffer. Following the path is used auth/auth_number_in_userbuffer.
Ans: A user buffer contains all authorizations of a user, which means whenever a user login to the SAP R/3 system, it builts user buffer where it is associated with the user authorizations. So each user will have their own use buffer.
Let us consider an instance:
If user X login to the SAP R/3 system, then it built a user buffer that would have all user authorization with the name of USER_X_ROLE. If in case, user X may fail to log in to the system due to the following scenarios:
Ans: AGR_AGRS SAP table can determine the single role that is assigned to the composite role in SAP Security module.
Ans: AL08 transaction code is used to display the user buffer in SAP
Ans: To display the transaction code text, users can use the TSTCT table.
Q19) How to delete all old security audit logs in Sap Security?Ans: Using the SM-18 transaction code, a user can delete all old security audit logs in SAP.
Q20) Explain about reports or programs that can be used to regenerate all SAP profiles?Ans: To regenerate all SAP profiles users should follow the path: AGR_REGENERATE_SAP_ALL.
Checkout our Blog on SAP Security Tutorial |
Ans: Following are various tabs which play a key role in PFCG:
1. Description Tab:
This is the basic and important tab in PFCG which helps to describe the changes that are made in such as authorization objects, the details that are related to roles, and removing or deleting the transaction codes.
2. Menu Tab:
This tab is used to design the user menus such as the addition of transaction codes.
3. Authorization Tab:
This tab is used for maintaining the authorized data and authorized profiles.
4. User Tab:
This tab is used for regulating the user records and assigning users to their particular roles.
Ans: The PFCG time dependency is the only report which is ordinarily utilized for comparing the client report. The PFCG Time dependency likewise makes a point to wipe away any profiles from the principle record which appear to have lapsed and are of no utilization. There is additionally a transactional code that can be utilized so as to execute this specific activity. The transactional code, which is utilized to do this is PFUD.
Ans: The role of user comparison in SAP is to help the comparison of the master records of the client and which helps to create authorized profiles by using the master records.
Ans: A maximum of 14000 transaction codes can be assigned to a role in SAP.
Ans: USR40 table is used to accumulate illegal passwords and stores them in various arrangements and patterns of words that cannot be implemented while creating the passwords.
Ans: SU25 transaction code is used to copy the information from USBOT, USBOX to USOBT_C, USOBX_C tables.
Ans: The RSPFPAR transaction code is used to find the user-defined and security parameters for system default values.
Ans: SE10 Transaction code is used to check the transport requests that are created by the users.
Ans: Following are the steps that are involved in the process of creating the user group in SAP Security:
Ans: Using the SCC4 transaction code, a logical system is assigned to the user and checked before transferring to the user because it might alter the configurations in CUA.
Checkout our Blog on SAP BASIS Tutorial |
Ans: This role acquires menu structure and functions that are available in the reference role. They are acquiring the function by the roles which are just conceivable when no type of transaction code is allocated earlier. The functions at the most elevated level will give the approvals as a default to determining roles and can change this later on. Certain levels are not passed to the inferred roles, and should make them recently; this incorporates the authoritative definitions just as tasks of the client. Determined jobs are very much planned and have fixed usefulness which implies it has similar menus and exchanges. Be that as it may, the attributes are distinctive, taking everything into account.
Ans: rsau/no_of_filters is used to check the audit and maximum amount of filters in SM19.
Ans: A composite-level role resembles a major holder which can gather various composite roles. These sorts of roles don't have any information about approval. If there should arise an occurrence of any adjustments in the approval since composite roles are present in it, should keep the information concerning each part of each composite role. Formation of the composite roles is just valuable when a portion of the representatives in the association requires approval from different jobs. Thus, it can set the composite role and can appoint the client to that gathering. This is efficient instead of independently relegating each client to each unique role. At the point when a client is allocated to one composite role, at that point during the examination, they are precipitously doled out to other rudimentary roles.
Ans: The role templates are also known as activity clusters which are nothing predetermined. These activity clusters consist of transactions, web addresses, and reports.
Ans: Following are the most commonly used transaction codes in SAP Security:
Ans: Following are the various types of users in the SAP System:
Ans: Following are two types of users for background jobs:
Ans: The ST01 transaction code is used to troubleshoot the problem for background jobs.
Ans: T-code means transaction code that is used for running a program in an SAP application.
Ans: The SU25 transaction code is used to copy the information from one table to another table. For instance, the data is copied from USOBX and USOBT to USOBT_C and USOBX_C.
Q41) Explain the use of authorization objects S_TABU_LIN.
Ans: The authorization object is used to provide access to all row-level tables in SAP.
Ans: Users need to check if the logging function is active or not for a specific table, and this can be done by using SE13 transaction code. If the table log is already enabled for a specific table, then use SCU3 transaction code to check the table logs in SAP.
Ans: SM01 transaction code is used to lock the transaction execution in SAP System.
Ans: SE10 transaction code is used to check the transport checks in the SAP System. It will provide you with a text box to enter the user name information, and then it validates the information to check the transport requests that are created by other users.
Ans: The password rule is enforced if the user has a profile parameter for the same. If the user uses the parameter, then password rules are automatically applied.
Ans: SM12 transaction code is used to manage the lock entities in the SAP System.
Ans: The SM37 transaction code is used to check the background jobs.
Ans: SM04/AL08 transaction codes are used to get the user list in the SAP Security System.
Ans: Following are various layers that support security system in SAP:
Ans: Maximum 312 role can be assigned to the user in the SAP System.
Ans: Use SU01 transaction code to lock multiple users at a time in the SAP System.
Ans: Use SE54 transaction code to create authorization groups in the SAP System.
Ans: SU56 transaction code is used to display the current user buffer, which all authorizations are assigned in the user master record.
Ans: ST01 transaction code is used to trace the user authorizations in the SAP System.
Ans: There is a slight difference in role and profile. A role is used as a template where you can insert reports, transaction code and more. In comparison, profiles permit user authorization. In Sap, when you create a role, a profile is created automatically.
Ans: When you amend the existing parameter with the RZ10 transaction code, the existing parameter will update the version of the same profile automatically. This process is repeated whenever there are amends in the profile. And all these profiles are stored in the database.
Ans: Single role is also known as a container that stores all the information which are related to the business transactions, and with this information, it generates or maintains the profiles.
A composite role is also known as a container that contains information about different roles in the SAP System.
Ans: Following are some of the SAP Security transaction codes in the SAP System:
Ans: Following authorizations are required to create and maintain the user master records in the SAP System:
Ans: The SU53 transaction code helps the user to find the missing authorization and the PFCG transaction helps the user to insert the code into the profile.
Ans: Using AGR_DELETE_ALL_ACTIVITY_GROUPS to delete the mass roles without deleting the new roles in the SAP.
Ans: You can find this by debugging the system or using the RSUSR100 transaction code to find information.
Ans: Using the P_ORIGIN transaction code, you can see the values that are entered in a group of fields.
You liked the article?
Like: 0
Vote for difficulty
Current difficulty (Avg): Medium
TekSlate is the best online training provider in delivering world-class IT skills to individuals and corporates from all parts of the globe. We are proven experts in accumulating every need of an IT skills upgrade aspirant and have delivered excellent services. We aim to bring you all the essentials to learn and master new technologies in the market with our articles, blogs, and videos. Build your career success with us, enhancing most in-demand skills in the market.