SAP Security Queries User Administration: 1. What are the mandatory fields to be filled while creating a User?

Roles Parameters Initial Password and Last Name of the User None of the above

While creating a User in SAP, Initial Password and Last Name are the mandatory fields. 2. Can a User with SU01 access, change his User Master Data using SU01? Yes No

User can never change his access using SU01. 3. How can we restrict changing other user access using Su01? User Groups Cant Restrict User Id None of the above

User Master Data change can be restricted using User Groups. 4. What is the transaction used for mass User creation? Su01 There is no separate transaction for mass user creation SU10 None of the above

Su10 is the transaction used for mass user creation.

TCS Confidential

5. Which are the user types in R/3? Dialog Batch Data Communication Background CPIC

Ans: All of the above 6. What is the transaction code for adding query groups to users in SAP? SQ03 SC01 SC03 SU01

SQ03 is used to create query groups. 7. Can functional teams be given SU01 access? Yes No

Functional teams cannot be given SU01 access

Role Maintenance and Inserting Missing Authorizations 8. What is the transaction for creating a profile in 3.1c Version? SU02 PFCG SU01 SPAD

SU02 is used to create profile 9. What is the difference between role and a profile?

TCS Confidential

Role and Profiles are same Role contains Profiles Profiles contain Roles None of the above

Ans: Role contains Profiles. Role and profile go hand in hand. Profile is bought in by a role. Role is used as a template, where you can add T-codes, reports..... Profile is one which gives the user authorization. When you create a role, a profile is automatically created. 10. How many fields can an authorization object have? 10 2 1 There is no limit for number of fields

Ans: 10

11. Authorization objects are Client dependent Client independent Both 1 & 2 None of the above

Ans: Client independent 12. Authority checks to the ABAP programs are applied through _________ Authorization objects Authorization fields Authorization role All of the above

TCS Confidential

Ans: Authorization objects 13. Should the authority check placed in the program be present in the authorization role Yes No

Ans: Yes, if not authorization error will be encountered by user. 14. User gets authorization to a transaction in SAP ______________ Through Role Through User Id Through Parameters None of the above

Ans: Through Role 15. What if the authority checks coded in program are not included in the user role? User still can execute the transaction successfully User gets invalid output User encounters an authorization error and cannot proceed with the concerned activity None of the above

Ans: User encounters an authorization error and cannot proceed with the concerned activity 16. What is the transaction code used to find the authority-check of the program? Se38 Sa38 Se11 None of the above

Ans: Se38

TCS Confidential

17. What are the tables to be loaded for PFCG? USOBX_C USOBT_C RSUSR100 Both 1 & 2

Ans: USOBX_C & USOBT_C 18. What is the transaction used for profile generation in 3.1 C version? Su02 PFCG SU01 SU03

Ans: Su02 19. Which parameter keeps profile generator active? auth/no_check_in_some_cases = Y auth/ check_in_some_cases = N auth/no_check_in_some_cases = Y auth/ check_in_some_cases = N

Ans: auth/no_check_in_some_cases = Y 20. Which among these are special or default users? SAP* DDIC Early Watch All of the above

Ans: All of the above 21. What are the default clients existing in SAP?

TCS Confidential

000 001 066 All of the above

Ans: All of the above 22. How many number of authorizations fit into a profile? 150 100 75 None of the above

Ans : 150

23. What is the restriction for the name of the profile? First position should not be an underscore Second position should not be an underscore No Restriction Both 1 & 2

Ans: Second position should not be an underscore 24. Apart from SU01 what is the other method of assigning a role to User? Go to SUIM and assign the Role to User In a profile generator, assign the user for a role and generate and perform a user compare. Both 1 & 2 None of the above

Ans: PFCG, IN BRIEF By In a profile generator, assign the user for a role and generate and perform a user compare.

TCS Confidential

25. What are the different methods to work with User Roles? Use SAP provided user role Copy and modify sap provided user role Create your own user role All of the above

Ans: All of the above 26. What does the color green indicates in a profile generator user tab? User is assigned the role At least one user has been assigned this role Role is correctly generated None of the above

Ans: At least one user has been assigned this role 27. What does the color red indicates in a profile generator user tab? Role is not created properly Role is not assigned to any users Users are not created properly None of the above Ans: Role is not assigned to any users

28. What does the color yellow indicates in a profile generator user tab? Users are yet to assign to a role Though users are assigned to the role, user comparison is not done Role is partially created None of the above

Ans: Though users are assigned to the role, user comparison is not done 29. While copying the SAP role, ------------------- should be unchecked

TCS Confidential

user comparison role assignment user assignment none of the above

Ans: user assignment 30. While changing the authorization objects in the PFCG, what does the color green indicate? All authorizations have been maintained Organization levels are not maintained Open authorization fields exist without values that are not organizational None of the above

Ans: All authorizations have been maintained 31. While changing the authorization objects in the PFCG, what does the color red indicate? All authorizations have been maintained Organization levels are not maintained Open authorization fields exist without values that are not organizational None of the above

Ans: Organization levels are not maintained 32. While changing the authorization objects in the PFCG, what does the color yellow indicate? All authorizations have been maintained Organization levels are not maintained Open authorization fields exist without values that are not organizational None of the above

Ans: Open authorization fields exist without values that are not organizational 33. What are the different ways to assign a transaction to a role?

TCS Confidential

Entering it directly Selecting it from the SAP menu Selecting it from an existing activity group Selecting it from an area menu

Ans : All of the above 34. Can wildcards be used in authorizations? Authorization values may contain wildcards; however, the system ignores everything after the wildcard. 35. What does the PFCG_TIME_DEPENDENCY clean up? The 'PFCG_TIME_DEPENDENCY' background report only cleans up the profiles (that is, it does not clean up the roles in the system).

36. What is the alternate transaction used for profile clean up? Ans: PFUD 37. What does the Profile Generator do? Ans: The Profile Generator creates roles. It is important that suitable user roles, and not profiles, are entered manually in transaction 'SU01'. The system should enter the profiles for this user automatically. 38. When PFCG proposes 3 activities but you only want 2, how do you fix this?Ans: modify your su24 data 39. What is the use of transaction PFUD? Ans: PFUD removes invalid profiles from user records 40. Is PFUD needed when saving in SU01 and does the user need to logoff and on again after changes? Ans: PFUD is not needed and the user needs to log off and back on again 41. How do you force a user to change their password and on which grounds would you do so?

TCS Confidential

Ans: SU01 -> Logon Data tab -> Deactivate password. I am not sure what grounds this would be necessary. I have never had to use it. 42. What is the difference between SU24 and SU22? Ans: In SU24 you maintain which authorization objects are checked in transactions and maintain the authorization proposals. 43. When an authorization check on S_BTCH_JOB fails, what happens? Ans: "You do not have authorization to perform whatever operation you are trying to perform." message. 44. Can you have more than one set of org-level values in one role? Ans: depending on the transactions inserted into the role menu, you could have more than one org level to maintain. Purchasing Org and Plant, Sales Org and Sales Division..... 45. Should RFC users have SAP_NEW and why? Ans: No. Just insert the transactions and necessary authorization objects into a role . 46. To have a shortcut for administrator to assign roles to user, what values should be inserted in role? Ans: Full authorizations to S_USER_PRO , S_USER_GRP, S_USER_AUT 47. Which transaction is used to manually copy activity groups between existing clients? Ans: SCC1 48. Activity groups entered in a transport request can be displayed using which transaction? Ans : SE10 49. What is a PFCG_TIME_DEPENDENCY? Ans : It is a report used to compare user master records of the activity groups concerned. 50. Which transaction is used for User Information System (in 4.6c version of SAP? SU01

TCS Confidential

 Ans:

SU02 SUIM PFCG SUIM.

51. Which transaction is used to find out the missing authorization for a user? Ans: /nSU53 /oSU53 SU53 None of the above. /nSU53.

52. Which of the below comparison is not available in SUIM (in 3.1i version of SAP)? Ans: User Names Profiles Authorization User Group User Group

53. Which transaction code / solution can be used to insert the missing authorization in a user id? SU01 SUIM SU53 Profile modification

Ans: SU01 and Profile modification. /nSU53 is used to find the missing authorization object and SUIM is used to find the role/profile for this missing authorization. But to insert the missing authorization, SU01 will be used (assigning a role / profile to user id). Also by modifying a profile (which user already has) the missing authorization can be provided. 54. In 4.6c SAP, is it possible to view SU53 information for other user s?

TCS Confidential

Yes No

Ans: Yes. We can view this information for other users. Go to /nSU53 transaction on your logon and select option Display for another user (F5). 55. Out of below, what are the fields you can find through transaction /nSU53 (more than 1 answer may be correct)? Ans: Authorization Object Name Authorization Object Class Missing Role Authorization Field and corresponding values All of the above None of the above a, b and d.

Tables 56. Which transaction can be used to display contents of a table? Ans: SE16 SE16n All of the above None of the above SE16 and SE16n.

57. Which keyboard shortcut is used to get possible (allowed) values for a field? Ans: F2 F3 F4 F5 F4.

TCS Confidential

58. Which table provides the information about user logon data? USR01 USR02 USR03 USR04

ANS: USR02. 59. Through which table you can get the user address data? USR01 USR02 USR03 USR04

ANS: USR03. 60. Which table provides the list of master role of a role? AGR_DEFINE AGR_1252 AGR_1251 None of the above

ANS: AGR_DEFINE 61. Which of the below information is wrong about table AGR_TCODES? This lists all the tcodes for a role. If a master role exists for the role, the table will not provide any data for derived role. If the role is independent role, the table will not list any data. All of the above are correct

ANS: C. The table displays the list of tcodes only if the role is Master role or an independent role (no master role). 62. Which table lists only the organization level and organization values for a role? AGR_1252

TCS Confidential

AGR_1251 AGR_1016 None of the above

ANS: AGR_1252 63. Which table lists all the authorization objects, authorization fields and authorization field values for a role? AGR_1252 AGR_1251 AGR_1016 None of the above

ANS: AGR_1251 64. Which table displays profiles for roles: AGR_1252 AGR_1251 AGR_1016 None of the above

ANS: AGR_1016 65. What is the difference between USOBT_C and USOBX_C tables? ANS: USOBX_C table provides only the authorization objects (only name) inside a t-code. While the USOBT_C table displays the authorization objects, auth fields and the field values assigned to a t-code. 66. Which table provides text description for all the activity values in SAP system? TACT TSTC TACTZ None of the above.

ANS : TACT. TACTZ lists the activity values for the objects. TSTC will list description of tcodes
TCS Confidential

67. Which table is used to provide access to billing blocks (in 3.1i version)? ANS: ZZFKS. 68. Which tcode is used for table maintenance? ANS: SM30 69. Which tcode is used for providing pop-up bar code access? ANS: OAC5 70. Which table will be updated for providing access to pop-up bar code? ANS: TOACM_B30 71. Under which routine change category, pop-up access request falls? SC01 SC02 SC03 SC04

ANS: SC04 72. Direct ..t-code : %PC 73. Which table holds the information of all the tables in SAP? DD02L & TDDAT table holds the information of all the other tables in SAP.

TCS Confidential