Following are the SAP Security FAQ's:
1. What is the user type for a background jobs user?
Ans: 1 System User, 2. Communication User
2. How to troubleshoot problems for background user?
Ans: using system Trace ST01
3. There are two options in the PFCG while modifying a role. One change authorizations and another expert mode-what is the difference between them?
Ans: Change authorization: This option we will use when we create new role and modify old role
Expert mode: i. Delete and recreate authorizations and profile
(All authorizations are recreated. Values which had previously been maintained, changed or entered manually are lost. Only the maintained values for organizational levels remain.)
ii. Edit old status(The last saved authorization data for the role is displayed. This is not useful if transactions in the role menu have been changed.)
iii. Read old data and merge with new data(If any changes happen in SU24 Authorizations we have to use this)
4. If we give Organizational values as * in the master role and want to restrict the derived roles for a specific country, how do we do?
Ans: We have to maintain org level for the country based on the plant and sales area etc in the derived Role.
5. What is the table name to see illegal passwords?
6. What is the table name to see the authorization objects for a user?
7. What are two main tables to maintain authorization objects?
Ans: USOBT, USOBX
8. How to secure tables in SAP?
Ans: Using Authorization group (S_TABU_DIS, S_TABU_CLI) in T.Code SE54
9. What are the critical authorization objects in Security?
Ans:S_user_obj,s_user_grp, s_user_agr , s_tabu_dis, s_tabu_cli , s_develop ,s_program
10. Difference between USOBT and USOBX tables?
Ans: 1.USOBT-Transaction VS Authorization objects
2. USOBX- Transaction VS Authorization objects check indicators
11. Use of Firefighter application
Ans: Whenever the request coming from the user for new authorization .the request goes to firefighter owner. FF owner proved the FF ID to normal user then the user (security admin) will assign the authority to those users (end user)
12. Where do we add the FF ids to the SAP user ids?
Ans:Go to Tcode /n/virsa/vfat >>goto fireFighter tab the give the ffID to firefighter with validity
13. How to create FF ids?
14. Different types of users
Ans: 1.Diolag user 2.service user 3.system user 4.communication user 5.refrences user
15. Different types of roles?
Ans: 1.Single role 2.Composite role 3.Derived role
16. Can a single role be used as a master role?
17. How to create derived role?
Ans:Go to PFCG type the Role name starting with Z .click on create role icon.Then right side you will find derived from here types the parent Role name
18. HR Security: How to create structural authorizations in HR
19. HR Security: What are the objects for HR and what is the importance of each HR object
Ans: P_PERNR object is used by a Person to see data related to his Personal Number
P_ORGXX HR: Master Data - Extended Check
20. How to copy 100 roles from a client 800 to client 900?
Ans: Add all 100 roles as one single composite Role and Transfer the Composite role automatically the 100 Role will transfer to the target client (Using SCC1)
21. User reports that they lost the access. We check in SUIM and no change docs found. How do you troubleshoot
Ans: Maybe user buffer full or role expired
22. What is the correct procedure for Mass Generation of Roles?
Ans: Using T.Code –SUPC
23. What is the T.Code SQVI? What is the main usage of this SQVI?
Ans: SQVI -Quick View
24. How can we maintain Organizational values? How can we create Organizational?
Ans: PFCG_ORGFIELD_CREATE in t-code SA38
25. I want to see the list of roles assigned to 10 different users. How do you do it?
- Goto se16 > agr_users then mention the 10 users name
- Goto SUIM > role by complex selection > type user names
26. What do you mean by User Buffer? How its works with the user's Authorizations?
Ans: User buffer means user context it contains user related information i.e.) authorizations, parameters, reports, earlier acceded screens .We can see the user context using T.Code –SU56
27. What is the advantage of CUA from a layman/manager point of view?
Ans: CUA used for maintaining and manage the users centrally.
28. What is the purpose of these Org. values?
Ans: Values: it’s used for restrict the user by values e.g. Sale order value (1-100) it means user can create only 100 sales orders not more than that
29. What is the main purpose of Parameters Groups & Personalization tabs in SU01 and Miniapps in PFCG?
- Parameter tab: its used to auto fills the some of the values during the creation of orders
- Personalization tab is user to restrict the user in selection criteria E.g.: while selecting pay slip it will show only last month pay slip by default. If u select the attendances it will show current month by default
- Miniapps- we can add some mini applications like calculator, calendar etc
30. How many maximum profiles we can assign to one user?