7/16/2014 SAP Security Interview Questions, Tips and Tricks | Shiva Blog

http://www.shivasoft.in/blog/others/sap/sap-security-interview-questions-tips-and-tricks/ 1/5
SAP Security Interview Questions, Tips and Tricks
1 . How many fields can be present in one Authorization object?
Ans : 10 fields.
2 . Which Authorization Objects are Checked in Role Maintenance ?
Ans:
The role maintenance functions (and the profile generator) check the following authorization objects.
[table 4 not found /]
3 . Which T-Codes are used to see overview of the Authorization Object and Profile details?
Ans:
SU03 overview of any authorization Object
SU02 to see the details of profiles.
SU21 also provides the same editing structure as SU03 but we can create a new authorization object using
SU21. Here, we need to click on Display Object Documentation button to see the documentation for the
authoriztion Object and we need to click on Permitted activity values to see the list of permitted
activities for the fields.
These details are fetched from table TACT.
4. How to restrict the user access to one particular table in display mode ?
Ans : If the system is BASIS 700, we can use the authorization object S_TABU_NAM. In this auth. Object, we
can maintain the values for required activity and the table name.
If the system version is lower than 700, and the table is z* table then
7/16/2014 SAP Security Interview Questions, Tips and Tricks | Shiva Blog
http://www.shivasoft.in/blog/others/sap/sap-security-interview-questions-tips-and-tricks/ 2/5
Create a new authorization Group using SE54.
Assign the table in question to the newly created authorization Group in table TDDAT using SM30.
If the table is SAP standard table then we can restrict user access by creating new tcode in SE93.
5.How to check the table Logs ?
Ans:
First, we need to check if the logging is activated for table using tcode SE13. If table logging is enabled then
we can see the table logs in t-code SCU3.
6. Whats the basic difference in between SU22 & SU24 ?
Ans:
SU22 displays and updates the values in tables USOBT and USOBX, while SU24 does the same in tables
USOBT_C and USOBX_C. The _C stands for Customer. The profile generator gets its data from the _C tables. In
the USOBT and USOBX tables the values are the SAP standard values as shown in SU24. With SU25 one can
(initially) transfer the USOBT values to the USOBT_C table.
7. What is the difference between USOBX_C and USOBT_C ?
Ans:
The table USOBX_C defines which authorization checks are to be performed within a transaction and which
not (despite authority- check command programed). This table also determines which authorization checks
are maintained in the Profile Generator.
The table USOBT_C defines for each transaction and for each authorization object which default values an
authorization created from the authorization object should have in the Profile Generator.
8. What does user compare do ?
Ans:
If you are also using the role to generate authorization profiles, then you should note that the generated
profile is not entered in the user master record until the user master records have been compared. You can
automate this by scheduling report PFCG_TIME_DEPENDENCY on a daily or by executing the t-code PFUD.
9. Can we convert Authorization field to Organizational field ?
Ans:
Authorization field can be changed to Organization field using PFCG_ORGFIELD_CREATE or
ZPFCG_ORGFIELD_CREATE.
7/16/2014 SAP Security Interview Questions, Tips and Tricks | Shiva Blog
http://www.shivasoft.in/blog/others/sap/sap-security-interview-questions-tips-and-tricks/ 3/5
Use SE38 or SA38 to run the above report.
Organizational level fields should only be created before you start setting up your system. If you create
organizational level fields later, you might have to do an impact analysis. The authentication data may
have to be post processed in roles.
The fields Activity, ACTVT and Transaction code, TCD cannot be converted into an
organizational level field.
In addition, all affected roles are analyzed and the authorization data is adjusted. The values of the
authorization field which is now to become the organizational level field are removed and entered into the
organizational level data of the role.
Note: Table for Organizational Element- USORG. Refer to Note 323817 for more detail.
10. What is user buffer ?
Ans :
When a user logs on to the SAP R/3 System, a user buffer is built containing all authorizations for that user.
Each user has their own individual user buffer. For example, if user Smith logs on to the system, his user
buffer contains all authorizations of role USER_SMITH_ROLE. The user buffer can be displayed in transaction
SU56.
A user would fail an authorization check if:
The authorization object does not exist in the user buffer
The values checked by the application are not assigned to the authorization object in the user buffer
The user buffer contains too many entries and has overflowed. The number of entries in the user
buffer can be controlled using the system profile parameter auth/number_in_userbuffer.
11. How to remove duplicate roles with different start and end date from user master ?
Ans:
You can use PRGN_COMPRESS_TIMES to do this. Please refer to note 365841 for more info.
This entry was posted in SAP, Tech Tips and tagged SAP on November 20, 2011
[http://www.shivasoft.in/blog/others/sap/sap-security-interview-questions-tips-and-tricks/] by Santosh
Karemore.
About Santosh Karemore
Consultant in Cognizant Pune with a proven track record of excellence in SAP Authorizations and Security
administration.
7/16/2014 SAP Security Interview Questions, Tips and Tricks | Shiva Blog
http://www.shivasoft.in/blog/others/sap/sap-security-interview-questions-tips-and-tricks/ 4/5
View all posts by Santosh Karemore
Related posts
How to set up Central User Administration (CUA) in SAP
S_TABU_NAM: An advanced authorization object for generic table access
SAP R/3 Security Interview Questions
Introduction to Central User Administration (CUA) SAP
How to change SAP tables without coding or debugging
SAP R/3 Audit Review Checklist
Source code for Display All Objects in SAP ABAP
SAP Tips and Tricks CCMS COMPUTING CENTER MANAGEMENT SYSTEM MONITORING
Applying the Support Packs in SAP System
Problems with parallel RFC servers in SAP
7/16/2014 SAP Security Interview Questions, Tips and Tricks | Shiva Blog
http://www.shivasoft.in/blog/others/sap/sap-security-interview-questions-tips-and-tricks/ 5/5
Salesforce Interview Question Part 14
1 comment a year ago
RKR Just now i have finished going
through all the Questions.Thanks a lot for
your Help.and when can we
Pagination, Searching and Sorting of
Data Table using AngularJS
2 comments 5 months ago
JitendraZaa Thanks Harshit, Its good
idea.
Apex Interview Question Salesforce
Part 16
2 comments a year ago
JitendraZaa We can follow Singleton
Design Pattern to achieve this.
JQuery Based Raffle in Salesforce
3 comments a year ago
Amit Dhawan Thanks @JItendraZaa!!!
ALSO ON SHIVA BLOG
0 Comments Shiva Blog Login
Sort by Best Share
Start the discussion
Be the first to comment.
WHAT'S THIS?
Subscribe Add Disqus to your site
Favorite