Do checkout this commonly asked SAP Security Interviews Q/A Series and prepare for your interviews easily. This is Part 8 of 10 Part Series.
SAP SECURITY Interviews Series
1. If a user enters a Tcode, how the system knows what action needs to be done?
Ans: When a user enters a Tcode, the system follows certain sequence which are as given:
User Enters the Tcode. SAP Kernel determines if the tcode is valid or not.
Then, system determines if the user is having the authorization to execute the tcode or not.
Afterwards, system retrieves the tcode in TSTC Table repository which is basically a transaction repository and retrieves various details such as program name, screen number etc.
System then launches the program associated with the tcode.
Initial screen is being showcased then.
Afterwards processing of the logics happen which involves reading & writing of the ABAP programs and calling other functions as required.
2. How can you lock all the users at a time in SAP?
Ans: Locking all users once at a time can be done by mass user maintenance screen which uses the Tcode SU10. There we have to login to the Tcode, select all the users which we want to lock, specify the criterias and lock the users. Ensure that critical users should not be locked or informed before mass locking.
3. Explain briefly about authorization concept implementation process?
Ans: Authorization concept implementation deals with confirming to ensure that users have all the required access rights on the basis of their responsibilities and roles. First we have to define the authorization processes and SODs relevant to it, to prevent conflicts of interest and reduction of fraud risks.
Afterwards role creation is being done. After defining authorizations, roles are being assigned to the users. At the end, testing and validation is done and this is the whole concept for authorization. Major tcodes used are PFCG, SU01, SUIM, ST01, SU53.
4. Why indirect role assignment is being used?
Ans: Indirect role assignment helps in automatic assignment of roles to the users based on certain criteria. If we are using this, then manually assigning the roles to the users are not required. This process is majorly used in large organizations and saves a lot of time and efforts. Users are assigned to roles based on their positions in the organizations.
Though the roles assignments are indirect but they are also based on certain rules & conditions. Indirect roles assignments reduces burden from the administration thus increasing efficiency, consistency and compliance security in SAP System.
5. What is SAP User Master?
Ans: SAP User Master is an important component in SAP Security which contains all the crucial details about the users and their authorization rights.It contains users data in the form of user ID and personal information. Authentication details are required in terms of passwords and SSO – Single Sign On.Authorizations, profiles and roles details are also there in the user master data set.It also contains the validity period as well as lock and unlock status for the users account.
SU01 and SU10 are the major tcodes which are used to manage the users master data in SAP Security.
Hope you like SAP Security Interviews Series PART – 8
SAP SECURITY Interview Check out other parts:
- SAP Security Part 1
- SAP Security Part 2
- SAP Security Part 3
- SAP Security Part 4
- SAP Security Part 5
- SAP Security Part 6
- SAP Security Part 7
- SAP Security Part 8
- SAP Security Part 9
- SAP Security Part 10