SAP SECURITY INTERVIEW QUESTIONS & ANSWERS
1.Please explain the personalization tab within a role.
Personalization is a way to save information that could be common to users, I meant to a user role... E.g. you can create SAP queries and manage authorizations by user groups. Now this information can be stored in the personalization tab of the role. (I supposed that it is a way for SAP to address his ambiguity of its concept of user group and roles: is "usergroup" a grouping of people sharing the same access or is it the role who is the grouping of people sharing the same access)
2.Is there a table for authorizations where I can quickly see the values entered in a group of fields?
In particular I am looking to find the field values for P_ORGIN across a number of authorization profiles, without having to drill down on each profile and authorization.
AGR_1251 will give you some reasonable info.
3.How can I do a mass delete of the roles without deleting the new roles ?
There is a SAP delivered report that you can copy, remove the system type check and run. To do a landscape with delete, enter the roles to be deleted in a transport, run the delete program or manually delete and then release the transport and import them into all clients and systems.
It is called: AGR_DELETE_ALL_ACTIVITY_GROUPS.
To used it, you need to tweak/debug & replace the code as it has a check that ensure it is deleting SAP delivered roles only. Once you get past that little bit, it works well.
4.Someone has deleted users in our system, and I am eager to find out who. Is there a table where this is logged?
Debug or use RSUSR100 to find the info's.
Run transaction SUIM and down its Change documents.
5.How to insert missing authorization?
su53 is the best transaction with which we can find the missing authorizations.and we can insert those missing authorization through pfcg.
6.What is the difference between role and a profile?
Role and profile go hand in hand. Profile is bought in by a role. Role is used as a template, where you can add T-codes, reports..Profile is one which gives the user authorization. When you create a role, a profile is automatically created.
7.What profile versions?
Profile versions are nothing but when u modifies a profile parameter through a RZ10 and generates a new profile is created with a different version and it is stored in the database.
8.What is the use of role templates?
User role templates are predefined activity groups in SAP consisting of transactions, reports and web addresses.
9.What is the different between single role & composite role?
A role is a container that collects the transaction and generates the associated profile. A composite roles is a container which can collect several different roles
10.Is it possible to change role template? How?
Yes, we can change a user role template. There are exactly three ways in which we can work with user role templates
- we can use it as they are delivered in sap
- we can modify them as per our needs through pfcg
- we can create them from scratch.
For all the above specified we have to use pfcg transaction to maintain them.
1.Please explain the personalization tab within a role.
Personalization is a way to save information that could be common to users, I meant to a user role... E.g. you can create SAP queries and manage authorizations by user groups. Now this information can be stored in the personalization tab of the role. (I supposed that it is a way for SAP to address his ambiguity of its concept of user group and roles: is "usergroup" a grouping of people sharing the same access or is it the role who is the grouping of people sharing the same access)
2.Is there a table for authorizations where I can quickly see the values entered in a group of fields?
In particular I am looking to find the field values for P_ORGIN across a number of authorization profiles, without having to drill down on each profile and authorization.
AGR_1251 will give you some reasonable info.
3.How can I do a mass delete of the roles without deleting the new roles ?
There is a SAP delivered report that you can copy, remove the system type check and run. To do a landscape with delete, enter the roles to be deleted in a transport, run the delete program or manually delete and then release the transport and import them into all clients and systems.
It is called: AGR_DELETE_ALL_ACTIVITY_GROUPS.
To used it, you need to tweak/debug & replace the code as it has a check that ensure it is deleting SAP delivered roles only. Once you get past that little bit, it works well.
4.Someone has deleted users in our system, and I am eager to find out who. Is there a table where this is logged?
Debug or use RSUSR100 to find the info's.
Run transaction SUIM and down its Change documents.
5.How to insert missing authorization?
su53 is the best transaction with which we can find the missing authorizations.and we can insert those missing authorization through pfcg.
6.What is the difference between role and a profile?
Role and profile go hand in hand. Profile is bought in by a role. Role is used as a template, where you can add T-codes, reports..Profile is one which gives the user authorization. When you create a role, a profile is automatically created.
7.What profile versions?
Profile versions are nothing but when u modifies a profile parameter through a RZ10 and generates a new profile is created with a different version and it is stored in the database.
8.What is the use of role templates?
User role templates are predefined activity groups in SAP consisting of transactions, reports and web addresses.
9.What is the different between single role & composite role?
A role is a container that collects the transaction and generates the associated profile. A composite roles is a container which can collect several different roles
10.Is it possible to change role template? How?
Yes, we can change a user role template. There are exactly three ways in which we can work with user role templates
- we can use it as they are delivered in sap
- we can modify them as per our needs through pfcg
- we can create them from scratch.
For all the above specified we have to use pfcg transaction to maintain them.
