Top Latest SAP Security Interview Question and Answers 2013,2014,2015
Q. What does the different color light denote in profile generator?
There are three colors (like traffic lights) in profile generator:
Red – It means that some organizational value has not been maintained in org field in profile generator.
Yellow – It means that there are some or all fields in certain authorization instances which are blank (not maintained)
Green – It means that all the authorization fields are maintained (values are assigned).
Q. What is the difference between Role and Profile?
A
Role is like a container which contains authorization objects,
transaction codes etc. A profile contains authorizations. When a role
is generated using PFCG, a profile is generated which contains
authorizations (instances of authorization objects).
PFCG_TIME_DEPENDENCY is
a report which is used for user master comparison. It should be a
practice to do user master comparison after every role change and
profile generation so that the user’s master record gets updated with
the correct authorization. This report also cleans up the expired
profiles from user-master record. Role name still remains in the SU01
tab of the user. Transaction code PFUD can also be used to directly
execute this report.
Q. What important authorization objects are required to create and maintain user master records?
Following are some important authorization objects which are required to create and maintain user master records:
• S_USER_GRP: User Master Maintenance: Assign user groups
• S_USER_PRO: User Master Maintenance: Assign authorization profile
• S_USER_AUT: User Master Maintenance: Create and maintain authorizations
• S_USER_GRP: User Master Maintenance: Assign user groups
• S_USER_PRO: User Master Maintenance: Assign authorization profile
• S_USER_AUT: User Master Maintenance: Create and maintain authorizations
Q What is the difference between USOBX_C and USOBT_C?
USOBX_C and USOBT_C are tables which are used for SU24 transaction code.
The table USOBX_C defines the status of authorization checks for authorization objects, i.e. whether the “check indicator” is set to yes or no. It also defines the proposal status, i.e. whether the authorization check values are being maintained in SU24 or not.
The table USOBT_C defines the “values” which are maintained for check-maintained authorization objects.
The table USOBX_C defines the status of authorization checks for authorization objects, i.e. whether the “check indicator” is set to yes or no. It also defines the proposal status, i.e. whether the authorization check values are being maintained in SU24 or not.
The table USOBT_C defines the “values” which are maintained for check-maintained authorization objects.
Q. How can we convert Authorization Field to Org Field?
The report PFCG_ORGFIELD_CREATE is used for converting an Authorization Field to Org Level Field. It can be executed using SA38/SE38 tcode.
There is a bit of caution involved here. Make sure that whatever change related to this conversion is made is done in the initial stage of security role design/system setup. In case this task is performed at a later stage, there is a risk that this will impact lots of existing roles. All those roles would require analysis and authorization data will have to be adjusted.
NOTE : Authorization fields TCD (Tcode) and ACTVT (Activity) cannot be converted to org level fields.
There is a bit of caution involved here. Make sure that whatever change related to this conversion is made is done in the initial stage of security role design/system setup. In case this task is performed at a later stage, there is a risk that this will impact lots of existing roles. All those roles would require analysis and authorization data will have to be adjusted.
NOTE : Authorization fields TCD (Tcode) and ACTVT (Activity) cannot be converted to org level fields.
Q. How do we find all activities in SAP?
All Activities in SAP are stored in table TACT. All valid activities are stored in table TACTZ. The tables can be accessed via SE16 tcode.
Q. Which table is used to store illegal passwords?
Table USR40 is used to store illegal passwords. It can be used to store patterns of words which cannot be used as passwords.
Q. Explain the concept of “Status Text for Authorizations” – Standard, Changed, Maintained and Manual.
Standard – It means that all values in authorization field of an authorization instance is unchanged from the SAP default value (i.e. the values which are getting pulled from SU24)
Maintained – It means that at least one of the field values in an authorization instance was blank when it was pulled from SU24 (i.e. SAP default value) and that blank field has been updated with some value. Other fields already having some value have not been touched.
Changed – It means that the proposed value in at least one of the fields in an authorization instance has been changed.
Manual – It means that at least one authorization field has been manually added, i.e. it was not proposed by profile generator.
