SAP Security Interview Questions #sap

preview_player
Показать описание
SAP Security Interview Questions and Answers

Daily tasks -
Monitoring, Daily meetings/ shift handovers/ meetings with clients

What is SAP Security?
SAP is used by organizations to store critical data or assets. In order to protect this data against unauthorized access originating from internal and external threats. It must be protected using SAP Security.

SAP security is all about giving business users right access amd permissions based on their roles and authority=

Explain what is role and it’s types -
Single roles, derived and composite roles

What are the layers of Security in SAP?
Authentication: Only authorized user should be permitted access to SAP system
Authorization: Authorization is based on the roles and profiles that we assign to the specific user
Integrity: It is vital to ensure the integrity (Validity, accuracy and consistency) of data
Privacy: It keeps data safe
Obligation: Securing the company’s liability and legal obligations

What are the types of users
Dialog user: End users
System user: Background processing, Application link enabling, workflows. Multiple logins are allowed
Service user: represent a larger user community and allow. Ability to connect guest access. Multiple logins are allowed
Communication user: Dialogue free interaction between systems. We cannot login with this user type
Reference user
SAP security t-codes
SU01, SU10, PFCG, PFUD, SE16, SUIM, ST01/ STAUTHTRACE, SU24, SU21, SM01, EWZ5, RZ10 and RZ11, SM37

How to troubleshoot if the user is facing some authorization issues
You’ll ask user for SU53 screenshot and if this not helps then you will turn on the trace.

Explain the concept of roles and authorization.
Roles and Authorizations are the mechanisms that allows user to execute transaction in a secure way. Each role in SAP requires authorization in order to execute a function. There are several different types of standard role in SAP for different modules and scenarios.

What are types of roles?
Single role, derived role and composite role.

Is there a way to add a missing authorization?
Will ask user for SU53 screenshot for missing authorizations. Then I’ll look for a role from SUIM tcode. If there is no role available then we can create a new role if the same user needs that access in Production as well.

Difference between role and profile.
A role is essentially a combination of transactions and authorizations stored in a profile. Profiles associated with a role can vary in number depending on the number of transactions and authorizations that are contained with the role. As soon as you generate a role, it automatically creates a profile.

Maximum number of profiles in a role and maximum number of objects in a role
A role can have max 312 profiles and 170 objects
Рекомендации по теме