Do checkout this commonly asked SAP Security Interview Q/A Series and prepare for your interviews easily. This is Part 3 of 10 Part Series.
SAP SECURITY Technical Interviews Series
1. Would it be possible to mass delete roles without deleting the new roles in SAP?
Ans: Yes, this can be done using the Tcode PFCG or using the Mass Maintenance Tcode – SU10. We can also use the standard report ‘AGR_DELETE_ALL_AVTIVITY_GROUPS’ to delete multiple roles. Also, using Custom ABAP reports can also work.
2. What is the Difference between Authorization Object & Authorization Object Class?
Ans: These both are major SAP Security components, which are used to define and manage the users permissions.
Authorization Objects are basically the groupism of set of fields that represent various different aspects of the user’s authorization.
Fields and Values are its major components. Upto 10 fields, defining logical specific access rights are being included in it.
When the related authorization objects are being grouped together logically, then they are said to authorization object class.
It ensures that all the necessary functional areas are being assigned together.
3. What is SOD?
Ans: SOD Stands for Segregation of Duties.
It is a principal in SAP Security through which frauds and multiple errors are being prevented.
In this principal, the responsibilities and privileges are being distributed amongst multiple groups and individuals, but within the organization.
It enhances the internal control of the SAP Environment by introducing various checks and balances.
It identifies potential risks and helps in managing them.
4. What is the Difference Between and Object and a Profile in SAP Security?
Ans: In SAP Security, both profile and object are an integral part of SAP Security as they are used to manage the permission of the users and its access controls.
A profile is basically a group of authorizations that is used to grant users a complete set of permissions.
Through profiles, assigning and managing users access become easier.
They are used to assign specific set of permissions to users directly.
whereas
An authorization object is the one which define specific fields and values for the access control.
They are majorly includes in roles to define specific permissions.
They are used to control access to specific transactions and data sets.
5. Why Do We Require to Run System Trace?
Ans: System trace is also known as authorization trace.
It is basically a trace for security checks.
System trace always help in troubleshooting the authorization issues. Major uses of system trace includes: It helps in identifying and resolving access problems and user permission problems.
It helps in troubleshooting and debugging multiple user login issues.
It helps in performance monitoring and impact analysis within the system.
It helps in security audits and compliance. It helps in role testing and user role verification.
Hope you like SAP Security Interviews Series PART – 3
Check out other parts of the SAP security interview series. Where you will see the parts from 1 to 10.