Do checkout this commonly asked SAP Security Interview Questions and answers Series and prepare for your interviews easily. This is Part 2 of 10 Part Series.
SAP SECURITY Interview Questions Series Part 2
1. Explain ‘Role’ & ‘Authorization’ in SAP Security?
Ans: Roles and Authorizations are used to control the access of the user in SAP Security.
A Role is basically a group of authorizations which contains some specific set of permissions for the users to use. Roles group the authorizations together logically.
PFCG Tcode is used for this purpose.
When a specific right has been given to the user to access a specific object, then it is said to be the authorization. What operations a user can execute and what data a user can view is specified using authorization.
2. Explain the difference between a ‘Single Role’, ‘Derived Role’ & a ‘Composite Role’?
Ans: There are 3 primary roles for each user and each role serves different and specific purpose.
1. Single Role: It contains a set of authorizations to the users, where they can perform specific tasks and functionalities.
They are directly assigned to the users and it itself contains the set of permissions and authorizations within the role.
2. Derived Role: Its other name is Child Role.
It inherit all the functions and the menu structure from the Parent Role. The authorizations required could be different though.
It is used when multiple users have to perform the same functionality but using different access on various datasets.
3. Composite Role: It is the group of single roles. No authorizations or permissions are required directly for this role. It inherits all the authorizations from its constituent single roles.
3. Explain the concept behind user buffer?
Ans: This concept is required for performance optimization of the system.
It stores all kind of authorization data for the user , once after the user login to the system.
Once this data is being stored, again and again fetching this data is not required and user authorization checks become optimized.
User buffer is basically a temporary storage space. Efficient authorization checks and performance optimizations are the main functions behind this concept.
SU56 is the Tcode which is used for this concept.
Using this concept, system performance is being improved. Authorization checks become faster and the load on the database have been reduced.
4. What is User Group & how to create a User Group in SAP Security?
Ans: User Groups are the logical group of users where users are being managed using specific criteria.
Using this concept, managing the administrative activities simplified, Organizing users becomes easier, reporting used for auditing and compliance purpose become easier.
Tcode SUGR is being used to create a new user group and SU01 is being used to add existing users to new user group.
5. Which Tcode you can use to lock the transaction in SAP?
Ans: SM01 is the Tcode which is used to lock the transactions in SAP.
Hope you like the SAP SECURITY Interview Series Part 2, now check out other part of this series:
- Top SAC Security Interview Questions Part 1
- Top SAC Security Interview Questions Part 2
- Top SAC Security Interview Questions Part 3
- Top SAC Security Interview Questions Part 4
- Top SAC Security Interview Questions Part 5
- Top SAC Security Interview Questions Part 6
- Top SAC Security Interview Questions Part 7
- Top SAC Security Interview Questions Part 8
- Top SAC Security Interview Questions Part 9
- Top SAC Security Interview Questions Part 10