SAP SECURITY INTERVIEW QUESTIONS & ANSWERS
1. Explain me about your SAP Career ?
Elaborate about your complete SAP experience and yes be true with them.
2. Tell me your daily monitoring jobs and most of them you worked on ?
As a part of my daily job being a SAP Security consultant i have to take care of tickets monitoring and assigning them within the team. I have to take care of critical incidents and emphasize them on high priority for their faster resolution. I have to troubleshoot different authorization issues that come across in daily work with the users.
3. Which version of SAP are you working on ? Is it a java stack or ABAP stack ?
You have to check this with your systems.
4. Tell me about derived role ?
Derived roles. To restrict the user access based on organizational level values. Derived role will be inherited by master role and inherit all the properties except org level values.
5. What is the main difference between single role and a derived role ?
Main difference--we can add/delete the T-codes for the single roles but we can’t do it for the derived roles.
6. Does S_TABU_DIS org level values in a master role gets reflected in the child role ?
If we do the adjusted derived role in the master role while updating the values in the master role than values will be reflected in the child roles.
7. Tell me the steps to configure CUA ?
Steps to Set Up the CUA
1. Create Administrator
2. Specify Logical systems
3. Assign logical systems to client
4. Create system users
5. Create RFC destinations
6. Create CUA
7. Set field distributor parameters
8. Synchronization of company addresses
9. Transfer Users
8. Is RAR a java stack or Abap Stack ?
RAR is Java stack. It was ABAP when it was called as Complance Calibrator.
9. What is the report which states the critical T-codes ?
10. What is the T-code to get into RAR from R/3 ?
11. Explain about SPM ?
SPM can be used to maintain and monitor the super user access in an SAP system. This enables the super-users to perform emergency activities and critical transactions within a completely auditable environment. The logs of the SPM user IDs helps auditors in easily tracing the critical transactions that have been performed by the Business users
12. What is the difference between Execution and Simulation in GRC RAR ?
Simulation: It will simulate the existing access with additional access before assigning the roles and provides the SOD's report after assigning the roles
Execution: will execute the user existing access and provides the report SOD reports for user existing access. It will be 2 option ignore mitigation yes and ignore mitigation no.
13. Difference between User Group in “Logon Data” and “Groups” tab in SU01 ?
The difference between Logon data group you can map one user with only one group. But in groups you can map one user with multiple groups.
The group that are showing in logon data is identification of user which group he is belongs to and the group tab is to add that user in multiple groups...like ex:- If i am a basis employee we will group him at logon tab... And we want to add this guy into more groups we will add those at group tab......
14. Security admin kept trace on a user. But while analyzing it is showing that "zero records" found. Then what to do ?
In General, the production system will be running on multiple application servers, check whether the user and the security admin are logged in to the same application server or not? Through the transaction code SM51.
Before switch on the trace please take care of below things.
1. User should log on to same server.
2. Go to SM04 / Al08 to check the server details which users logged in and confirm that both should logged into same server
3. Select the appropriate option ex: authorization kernel check. So that it will check for authorization which users going to run...
15. What is the difference between SU24, SU22, and SU21 ?
SU24: Authorization check under Transaction. SU24 can access customized tables USOBX_C and USOBT_C
SU22: Authorization objects in transactions. SU22 can access standard tables USOBX and USOBT
SU21: Maintain authorization Object