January 23, 2013

SAP SECURITY INTERVIEW QUESTIONS & ANSWERS -1



SAP SECURITY  INTERVIEW QUESTIONS & ANSWERS

Q.SAP Security T-codes
A.Frequently used security T-codes
SU01 Create/ Change User SU01 Create/ Change User
PFCG Maintain Roles
SU10 Mass Changes
SU01D Display User
SUIM Reports
ST01 Trace
SU53 Authorization analysis

Q.How to create users?
A.Execute transaction SU01 and fill in all the field. When creating a new user, you must enter an initial password for that user on the Logon data tab. All other data is optional. Click here for turotial on creating sap user id.

Q.What is the difference between USOBX_C and USOBT_C?
A.The table USOBX_C defines which authorization checks are to be performed within a transaction and which not (despite authority-check command programmed ). This table also determines which authorization checks are maintained in the Profile Generator.
The table USOBT_C  defines for each transaction and for each authorization object which default values an authorization created from the authorization object should have in the Profile Generator.

Q.What authorization are required to create and maintain user master records?

A.The following authorization objects are required to create and maintain user master records:
•S_USER_GRP: User Master Maintenance: Assign user groups
•S_USER_PRO: User Master Maintenance: Assign authorization profile
•S_USER_AUT: User Master Maintenance: Create and maintain authorizations

Q.List R/3 User Types
A.1.Dialog users are used for individual user. Check for expired/initial passwords Possible to change your own password. Check for multiple dialog logon
2.A Service user - Only user administrators can change the password. No check for expired/initial passwords. Multiple logon permitted
3.System users are not capable of interaction and are used to perform certain system activities, such as background processing, ALE, Workflow, and so on.
4.A Reference user is, like a System user, a general, non-personally related, user. Additional authorizations can be assigned within the system using a reference user. A reference user for additional rights can be assigned for every user in the Roles tab.

Q What is a derived role?

A.•Derived roles refer to roles that already exist. The derived roles inherit the menu structure and the functions included (transactions, reports, Web links, and so on) from the role referenced. A role can only inherit menus and functions if no transaction codes have been assigned to it before.
•The higher-level role passes on its authorizations to the derived role as default values which can be changed afterwards. Organizational level definitions are not passed on. They must be created anew in the inheriting role. User assignments are not passed on either.
•Derived roles are an elegant way of maintaining roles that do not differ in their functionality (identical menus and identical transactions) but have different characteristics with regard to the organizational level.

Q.What is a composite role?

A.•A composite role is a container which can collect several different roles. For reasons of clarity, it does not make sense and is therefore not allowed to add composite roles to composite roles. Composite roles are also called roles.
•Composite roles do not contain authorization data. If you want to change the authorizations (that are represented by a composite role), you must maintain the data for each role of the composite role.
•Creating composite roles makes sense if some of your employees need authorizations from several roles. Instead of adding each user separately to each role required, you can set up a composite role and assign the users to that group.
•The users assigned to a composite role are automatically assigned to the corresponding (elementary) roles during comparison.

Q.What does user compare do?
A.If you are also using the role to generate authorization profiles, then you should note that the generated profile is not entered in the user master record until the user master records have been compared. You can automate this by scheduling report FCG_TIME_DEPENDENCY on.

Q.How do I change the name of master / parent role keeping the name of derived/child role same? I would like to keep the name of   derived /child role same and also the profile associated with the child roles.
A.First copy the master role using PFCG to a role with new name you wish to have. Then you have to generate the role. Now open each derived role and delete the menu. Once the menus are removed it will let you put new inheritance. You can put the name of the new master role you created. This will help you keep the same derived role name and also the same profile name. Once the new roles are done you can transport it. The transport automatically includes the Parent roles.

Q.What is the difference between C (Check) and U (Unmentioned)?

A.Background:
When defining authorizations using Profile Generator, the table USOBX_C defines which authorization checks should occur within a transaction and which authorization checks should be maintained in the PG. You determine the authorization checks that can be maintained in the PG using Check Indicators. It is a Check Table for Table USOBT_C.
In USOBX_C there are 4 Check Indicators.
•CM (Check/Maintain)
-An authority check is carried out against this object.
-The PG creates an authorization for this object and field values are displayed for changing.
-Default values for this authorization can be maintained.
•C (Check)
-An authority check is carried out against this object.
-The PG does not create an authorization for this object, so field values are not displayed.
-No default values can be maintained for this authorization.
•N (No check)
-The authority check against this object is disabled.
-The PG does not create an authorization for this object, so field values are not displayed.
-No default values can be maintained for this authorization.
•U (Unmaintained)
-No check indicator is set.
-An authority check is always carried out against this object.
-The PG does not create an authorization for this object, so field values are not displayed.
-No default values can be maintained for this authorization..

Q.What does user compare do?
A.Comparing the user master: This is basically updating profile information into user master record. So that users are allowed to execute the transactions contained in the menu tree of their roles, their user master record must contain the profile for the corresponding roles.
You can start the user compare process from within the Profile Generator (User tab and User compare pushbutton). As a result of the comparison, the profile generated by the Profile Generator is entered into the user master record. Never enter generated profiles directly into the user master record (using transaction SU01, for example)! During the automatic user compare process (with report pfcg_time_dependency, for example), generated profiles are removed from the user masters if they do not belong to the roles that are assigned to the user.
If you assign roles to users for a limited period of time only, you must perform a comparison at the beginning and at the end of the validity period. You are recommended to schedule the background job pfcg_time_dependency in such cases

Q.Can wildcards be used in authorizations?
A.Authorization values may contain wildcards; however, the system ignores everything after the wildcard. Therefore, A*B is the same as A*.

Q.What does the PFCG_TIME_DEPENDENCY clean up?
A.The 'PFCG_TIME_DEPENDENCY' background report only cleans up the profiles (that is, it does not clean up the roles in the system). Alternatively, you may use transaction 'PFUD'.

Q.Authorization object needed for PFCG access
A.S_USER_AGR
ACT_GROUP= * (You can restrict by role, if proper naming convention is used)
ACTVT=01, 02, 03, 64 other fields below
01   Create or Generate
02   Change
03   Display
06   Delete
08   Display change documents
21   Transport
22   Enter, Include, Assign
36   Extended maintenance
59   Distribute
64   Generate
68   Model
78   Assign
79   Assign Role to Composite Role
DL   Download
UL   Upload

S_USER_GRP
CLASS= 
ACTVT=22; 03  
Other activity
01        Create or Generate
02        Change
03        Display
05        Lock
06        Delete
08        Display change documents
22        Enter, Include, Assign
24        Archive
68        Model
78        Assign
S_USER_TCD
TCD=   * (Transaction in role)
S_USER_PRO
PROFILE= *
ACTVT=01, 06  
Other activity
01        Create or Generate
02        Change
03        Display
06        Delete
07        Activate, generate
08        Display change documents
22        Enter, Include, Assign
24        Archive
S_TCODE
TCD=PFCG;




67 comments:

  1. good guidence and the following of the content is so helpfull and usefull. SAP SECURITY TRAINING

    ReplyDelete
    Replies
    1. Yes. This is really great guidance to help who all seeking job and searching for SAP interviews. Thank you for your great effort.

      Informatica Training in Chennai | Informatica Training institute in Chennai

      Delete
  2. That's great to know about the interesting topic about sap..Thanks for sharing the question and answers..
    wordpress Training institute in Chennai

    ReplyDelete
  3. Great post....thanks for sharing this profitable data.
    Sympathetic see my web journal Best Dot Net Training in Chennai

    ReplyDelete
  4. Thank you for the nice article on SAP based questions. It will help a lot. And please keep updating like this articles.

    SAP Training in Chennai

    ReplyDelete
  5. I am very much thankful for this site for presenting valuable and useful information.SAP Simple Finance Training in Pune

    ReplyDelete
  6. SAP HANA training in hyderabad,This is the best path You can Learn COmplete Course with full fledge knowledge of SAP.
    SAP HANA online training

    ReplyDelete
  7. Sap security interview questions nice posts..

    Hadoop training in hyderabad.All the basic and get the full knowledge of hadoop.
    hadoop training in hyderabad


    ReplyDelete
  8. Thank you for sharing in this article, I can learn a lot and could also be a reference, I hope to read the next your article updates.
    Regards,
    Wordpress Training in Chennai | Wordpress Training institutes in Chennai | Wordpress Training

    ReplyDelete
  9. I have read your blog its very Interesting. Thanks for sharing. ERP Providers in Chennai | ERP in Chennai

    ReplyDelete
  10. Thanks for sharing in this text, i'm able to analyze loads and can also be a reference, i'm hoping to read the next your article updates.
    Regards,
    oracle fusion procurement online training
    oracle fusion procurement training

    ReplyDelete
  11. Thank you for this valuable information. I have got some important suggestions from it. I'm working in Brave Technologies Private Limited. We provides lowest price of ERP Software for our clients. Contact us on info@bravetechnologies.in. ERP in Chennai

    ReplyDelete
  12. Its really a very nice article.Thanks for Share These valuable information. If you are looking for best Our Oracle fusion Online Training is one of the leading Online Training institute.
    Oracle fusion financials training

    ReplyDelete
  13. Thanks for sharing the useful information and good points were stated in this article which are very informative and for the further information visit us at
    Oracle Fusion Financials Training

    ReplyDelete
  14. CALFRE handles oracle fusion financials online training and its modules maintaining classroom based training with the self-paced videos. An expert having ten plus years of self-experience handles the training period through online and explains each and every point perfectly. We recently launched our institute in the USA and getting the best reputation over there.


    Oracle fusion Financials Online Training in Ameerpet

    Oracle Fusion Financials Training in Ameerpet

    ReplyDelete
  15. This blog is very informative about the concepts for application development and its scope in future. Interesting concepts on its architectute and syllabus which are covered by Ios application development training in Chennai that is functioning effectively.

    ReplyDelete
  16. wow very nice. i got some information about SAP interview questions..vey useful to me how will face interview in SAP techniques.
    Web Designing Training Institute in Chennai | No.1 Web Designing and Developing Training in Chennai| Best Web Designing Training in Velachery

    ReplyDelete
  17. Awesome Blog with informative concept. Really I feel happy to see this useful blog, Great tips and its so easy to understand. Best Web Design Training in Chennai | Angular JS Training in Chennai | Best CMS Training in Chennai

    ReplyDelete
  18. http://www.basismaterials.com/2013/01/sap-security-interview-questions-answers_23.html?showComment=1488441943928#c6205686257937818631

    ReplyDelete
  19. This comment has been removed by the author.

    ReplyDelete
  20. Thanks a lot for sharing this with all of us, I like it and we can communicate. Do you need buy app ratings and reviews. To boost app ranking and double app downloads now.

    ReplyDelete
  21. Your website content nice nice and interesting to observe.
    Programmierung in Lüdenscheid

    ReplyDelete
  22. Useful information. i am looking SAP HANA Online Training with real time project.

    ReplyDelete
  23. Thanks for your informative article. Your post helped me to understand the future and career prospects. Keep on updating your blog with such awesome article.
    MSC Project Center in Chennai | MSC Project Center in Velachery

    ReplyDelete
  24. I have to voice my passion for your kindness giving support to those
    people that should have guidance on this important matter.


    java training in chennai


    java training in bangalore

    ReplyDelete
  25. September 8, 2015 at 3:25 am
    it’s really nice and meaningful. it’s really cool blog. Linking is very useful thing.you have really helped lots of people who visit blog and provide them useful information.
    Best Graphics DesigningTraining Institute in Chennai | Photoshop Training Institute in Chennai

    ReplyDelete
  26. Great post.Thanks for one marvelous posting! I enjoyed reading it;The information was very useful.Keep the good work going on!


    white label website builder

    mobile website builder

    ReplyDelete
  27. I believe there are many more pleasurable opportunities ahead for individuals that looked at your site.
    aws training in Chennai

    ReplyDelete

  28. Your website content nice nice and interesting to observe.
    jobbörse Neunkirchen

    ReplyDelete
  29. I have read your article and i got a very useful and knowledgeable information from your blog.You have done a great job.
    No.1 Summer Training Courses in Porur | Best Summer Courses for Hardware Networking in Chennai

    ReplyDelete
  30. Great post.Thanks for one marvelous posting! I enjoyed reading it;The information was very useful.Keep the good work going on!
    Summer Camp Training in Chennai | Summer Courses in Pallikaranai | Summer Classes in Pallikaranai

    ReplyDelete
  31. Awesome Post with unique content. I really get interest to read this post. I hope this article help many of them…
    C,C++ Summer Course training Institute in Chennai|C,C++ Summer Course training Institute in Velachery

    ReplyDelete
  32. I have read your post and I got some knowledgeable information through this blog. Really useful blog. Keep update your blog.
    No.1 Vacation Classes for Multimedia in Chennai | Perfect Summer Courses for IT in Chennai

    ReplyDelete
  33. Those guidelines additionally worked to become a good way to
    recognize that other people online have the identical fervor like mine
    to grasp great deal more around this condition.

    digital marketing training in chennai

    seo training in chennai

    ReplyDelete
  34. Great post. wonderful information and really very much useful. Thanks for sharing and keep updating.
    Hardware and Networking Certifications in Chennai | No.1 Networking in Perungudi

    ReplyDelete
  35. Your training is really useful.I got some useful information after reading your blog.As the demand of sap programming application keeps on increasing.....
    CompTIA A+ Certifications Center in Chennai | A+ Exams in Perungudi

    ReplyDelete
  36. its great news about Facebook likes buy or not. its creating improvement of knowledge. thanks for sharing.
    Cisco Certifications Exam Center in Chennai | Best Cisco Course in Thiruvanmiyur

    ReplyDelete
  37. I am reading your post from the beginning, it was so interesting to read & I feel thanks to you for posting such a good blog, keep updates regularly.
    Comptia Network+ Certification Courses in Chennai | Best N+ Courses in Tambaram

    ReplyDelete
  38. Great article... have read your post and I got some knowledgeable information through this blog. Really useful blog. Keep update your blog..Android Certifications Exam Center in Chennai | Best Android Exam in Mandaveli

    ReplyDelete
  39. Great Article its very useful.
    Best Cottages in ooty
    http://ecorganicstays.com/

    ReplyDelete