SAP SECURITY Interviews Series – Part 5

Do checkout this commonly asked SAP Security Interviews Q/A Series and prepare for your interviews easily. This is Part 5 of 10 Part Series.

SAP SECURITY Interviews Questions with Answers

1. What is the concept behind risk management in SAP Security?

Ans: Risk Management in SAP Security is a very important factor to ensure that the SAP System is being safeguarded from multiple vulnerabilities and threats to the system.

It helps in protecting the integrity and confidentiality of data.
It involves incident response and disaster recovery plan to address security response and ensure business continuity, firmly.
Risk Analysis by including numerical values and descriptive scales to measure severity, potential loss, and probability of risk by qualitative and quantitative analysis.
Continuous monitoring and detecting incidents, in real time.
Identifying threats and vulnerabilities, to determine weakness in the system and potential threats to the system.
It also involves evaluating likelihood and impact to the SAP System.

2. How does Transport Management System contributes to SAP Security?

Ans: TMS – Transport Management System plays a very crucial role in SAP Security by making sure that all the changes done, all the custom development & system configurations done, are being moved to all the systems securely and in a controlled manner.

TMS controls the different versions of transport objects.
Administrators can easily revert back to the previous versions of the transported objects, thus maintaining system’s stability.
TMS provides detailed audit trials for systems auditing and compliance purpose.
TMS support SODs- Segregation of Duties to support conflict of Interests.
TMS helps in managing all the changes, through a structured approach which ensures reviewing, approving and testing of changes before it moved to the next level.

3. How to identify any unapproved alteration in SAP?

Ans: It is very important to identify any unapproved alterations in SAP to keep up with the auditing and compliance of SAP System. Here are the steps which could be taken to identify such alterations :

Change Documents can be used to capture the changes done to specific objects and datasets, which helps in identifying the alterations.
Period reviews and audit reviews also helps in ensuring users have appropriate accesses and authorizations to do the changes.
Regularly analyzing the accesses and authorizations of the users.
Developing custom ABAP reports and automated scripts to identifying an authorized changes.
Implementing SIEM Systems (Security Information & Event Management) for getting timely alerts on suspicious activities.

4. Explain the difference between role level security and field level security?

Ans: Role security and Field security are two most fundamental concept of SAP Security which helps in securing the SAP System, completely.

When it comes to field level security, then controlling the access to specific fields within a transaction is involved. Users can only access certain fields under this field level security.

Only certain users can edit or view the data when this level of security is being involved. Role level security is being involved when the access is being granted on the basis of certain roles.

These roles revolved around the job functions which are being assigned to the user.

PFCG and SU01 can be taken as an example for role level security whereas HR Authorization can be included in field level security.

5. What is the purpose of SAP User Group in SAP Security?

Ans: User groups in SAP Security are responsible for controlling and accessing the users access to multiple SAP systems.They have many major roles to play which includes:

Once at a time a role can be assigned to a user group, it will automatically assign the role to all the users exists in that user group, thus reducing the chance of human errors.
Users who are having similar access needs, can be assigned to a single user group, thus the access can be given to the user group instead of individual users one by one.
By grouping the users in a group, it is easier to track the users accesses and permissions, thus facilitating better audit and compliance management.
Maintenance of user authorizations becomes easier and if any changes needs to be done, updating the user group will make it easy.

Hope you like SAP Security Interviews Series PART – 5, Check out other parts of this series.