SAP SECURITY INTERVIEW QUESTIONS & ANSWERS
Q) What are various user types ?
Dialog user 'A'
Individual system access (personalized) Logon with SAPGUI is possible. The user is therefore interaction-capable with the SAPGUI. Expired or initial passwords are checked. Users have the option of changing their own passwords. Multiple logon is checked. Usage: For individual human users (also Internet users)
System user 'B'
System-dependent and system-internal operations Logon with SAPGUI is not possible. The user is therefore not interaction-capable with the SAPGUI. The passwords are not subject to the password change requirement, that is, they cannot be initial or expired. Only an administrator user can change the password. Multiple logon is permitted. Usage: Internal RFC, background processing, external RFC (for example, ALE, workflow, TMS, CUA)
Communication user 'C'
Individual system access (personalized) Logon with SAPGUI is not possible. The user is therefore
Not interaction-capable with the SAPGUI. Expired or initial passwords are checked but the conversion of the password change requirement that applies in principle to all users depends on the caller (interactive/not interactive). (*) Users have the option of changing their own passwords.
Usage: external RFC (individual human users)
Service user 'S'
Shared system access (anonymous) Logon with SAPGUI is possible. The user is therefore
Interaction-capable with the SAPGUI. The passwords are not subject to the password change requirement, that is, they cannot be initial or expired. Only a user administrator can change the password. Multiple logon is permitted. Usage: Anonymous system access (for example, public Web services)
Reference user 'L'
Authorization enhancement No logon possible. Reference users are used for authorization assignment to other users. Usage: Internet users with identical authorizations
Q) What is the difference between Template role & Derive role ?
Template role is nothing but a default role provided by SAP. This template role might be a single or composite or derived role. Template roles are not generated profiles or authorizations nor assigned to users and org levels are not maintained.
Derived role is nothing but a single role and it’s derived from a Master role and can restrict org levels and can assign them to users.
Q) What is the advantage of CUA from a layman/manager point of view ?
CUA - Central User Administration
Advantage of CUA is to lessen the time by creating users in one single system, and distribute it to the respective systems (where the user id is requested) Helps in avoiding logging to each individual systems
Q) What is the procedure for deleting a role ?
You can't delete the role in Production System.
First you have to delete the role from development system.
In DEV system Go to PFCG give the role name which one you want to delete, create a transport request, don’t release. After creating transport request. Delete the role from PFCG in DEV system. Transport the request number to Testing, Production system. Roles delete from there also, after transport the request with success.
1) Create transport request to the role but don’t release
2) Delete the role from the system
3) Release the transport request.
Q) If we delete a Role can we transport it, if yes then how ?
Yes, add that role to a transport request first and then delete it from dev system. After deletion transport it to QA and prod system
Q) In creating a role what should we write over there, and what does your company follows ?
Description of role defines, the role related activity in short. Just seeing the description of the role, one can easily know the role details, like Role belongs to which SAP module(MM/PP/FICO) The Company code/Org level values Restricted values can also be mentioned there Activity performed after assigning that particular role.
Q) Can you tell me some of the password related parameters ?
Password related parameters are:
login/min_password_lng (Defines minimum lengh for pwd)
login/password_expiration_time, these are the main parameters - which can be maintained via t-code RZ10
Q) What is the use of CUA ?
CUA: Central User Administration
1. Using CUA, U can reset the password globally (Means: in single shot u can reset the password for all child systems or individual system also reset the password through CUA)
2. No password reset tag in individual systems
3. Using CUA, you can unlock and lock the users.
4. Using CUA, you can assign the roles to particular system
5. Using CUA, you can add systems to particular user
Q) What are the types of requests ? And which we create for transportation ?
Generally there are two types of transport request.
1) Workbench Request: Client independent, used generally in CUA where change made are transported to cross client tables.
2) Customizing Request: Client dependent.
Q) I want to reset the passwords of 100 users. How do you do it ?
Mass Password resetting is the easiest task. Login into LSMW t-code. Create a project, which is very easy. Record a batch input session. And run it. It hardly takes 2 mins. OR SECATT script