SAP Security Interview

SAP SECURITY Interview Series – Part 4

Do checkout this commonly asked SAP Security Interview Q/A Series and prepare for your interviews easily. This is Part 4 of 10 Part Series.

SAP SECURITY Interview Series

QA – 1

1. Explain the type of user lock values in SAP Security?


Ans: In SAP Security, User Lock values are used to manage the access of the user in SAP System. Here, the access is controlled and managed using user lock concept and it has various different values to get identified the type of user lock.
-> Value 256 : The password is locked. Either the password is expired or needs to be changed.
-> Value 128 : User exceeds the allowed number of logon attempts incorrectly. Now the password needs to be reset.
-> Value 64 : User is inactive for a specific amount of time frame and now, deactivation of their accounts could be done.
-> Value 32 : The lock is applied by the system administrator for a user due to certain reason. This lock could be temporary or permanent, depends on the situation.

QA – 2


2. Should RFC Users have SAP_NEW and if so, why?


Ans: No, Generaly RFC users should not have SAP_NEW Profile.
SAP_NEW provides enormous amount of authorizations for the changes which are either new or changed recently.
– RFC Users use to perform specific tasks only which only require few authorizations and permissions.
– This can be done by creating custom roles for them, with specific permissions for limited tasks.
– Also extensive permissions can lead to certain data breaches and unauthorized actions.
– Also, providing RFC Users ALL Permission may sometimes lead to compliance issue as well.

QA – 3


3. How can you find the list of clients available in the SAP in SAP Security?

Ans: To find the list of clients, available in SAP We can use certain TCODES and Tables to get them:
-> Tcode SCC4 – Can see list of clients as well as detailed information about each client.
-> Table T000 – Store all type of client information.
-> Tcode SCC0 – To manage and create copies of all the available SAP Clients.


QA – 4


4. What is CUA – Central User Administration in SAP Security?

CUA is basically a central user administartion, which is basically a inbuilt tool in SAP where all the user accounts are being managed as well as authorization db are being kept, across whole SAP SYSTEM.
All the user account details can be managed here.
Multiple authorizations and roles are being managed here.
A Single point of control for all the actions for security sap.
This place is responsible for distributing the changes to the connected SAP Systems.

QA – 5


5. Explain the concept behind SSO – Single Sign On?

Ans: SSO – Single Sign On is one of the most important security concept in SAP. Here, the users can login once only and access multiple SAP Systems without login again. Without any authentication, the users can login again and can access multiple SAP Systems. This helps in user convinience and increasing productivity as well as security. It helps in simplifies the login process thus by increasing the operational efficiency of the user.


Users have to do a initial login once through their credentials. Once login, as SSO token will be generated. When the user will try to login to other Systems, the same SSO token will be used for authentication instead of new login. The other system validates that token i.e the secondary system.

This SSO configuration could be done using various protocols including Kerberos, SAML Security Assertion Markup Lnaguage, SSO Tokens etc.
Kerberos and SAML both are security protocols, design for strong authentication and exchange of authorization of data between identity provider and service provider.

Hope you like SAP Security Interview Series PART - 4
SAP SECURITY Interview

Check out other parts at my website : https://acorporateguy.com/