SAP Security Interviews

SAP SECURITY Interviews Series – Part 6

Do checkout this commonly asked SAP Security Interviews Q/A Series and prepare for your interviews easily. This is Part 6 of 10 Part Series.

SAP SECURITY Interviews Series

QA – 1

1. How will you add a missing authorization? 

Ans: To add a missing authorization in SAP Security, first we have to identify which authorization is missing. This could be done by multiple ways which includes error analysis, which involves understanding error message, using SU53 Tcode to check the last failed authorization check message. 

Here, we can figure out the failed object name.  

We can also use ST01 Tcode to check all the system traces to find the missing authorizations. After that, we have to update the user role. 

This needs to be done via transaction PFCG where roles are being maintained.  

Then we have to enter the role that needs to be maintained.  

Next, go to authorization -> update authorization -> regenerate the role.  Last but not the least, we have to assign the role to the user via SU01 Tcode. Test the authorizations and the changes.

QA – 2

2. Which table is there, where illegal passwords are being stored in SAP Security?

Ans: All the illegal passwords in SAP Security are being stored in USR40 table. This helps in ensuring the security of the system as users will not set easily detectable passwords or which are easy to guess.

QA – 3

3. Explain the concept behind profile version?

Ans: Profile version revolves around tracking of the changes made to the profiles.

It helps in easy auditing and compliance of the users and their profiles. SAP tracks all the changes done to any user profile authorizations, through this profile version concept.

In case of any issues with the latest changes done to the system, it can be roll back easily using the concept of profile version. All the profile versions can be maintained and viewed in SU02 Tcode.

Profile version ensures security, accountability and efficiency of the SAP System.

QA – 4

4. Why PFCG Tcode is so important in SAP Security?

Ans: PFCG Is the profile generator, which plays a very crucial role in managing roles and authorizations in SAP System.

It also supports creation of composite roles along with single roles, available in the centralized manner.  Authorization data can also be managed which helps in defining what activities a user has having permission for. It also helps in tracking of the changes in the roles and users, through profile version concept. 

Directly roles can be assigned to the users using the PFCG Tcode, even mass user change or mass role assignment is also possible through PFCG Tcode. It extends it support to compliance with the security policy and operational efficiency into the system.

QA – 5

5. Explain the concept behind SAP_ALL authorization?

Ans: SAP_ALL is the profile which grants all the unrestricted access to a user to access all the SAP Systems. 

It is one of the standard SAP Authorization profile which provides extensive access across all the systems. It provides superuser access, basically. 

But is is associated with multiple security risks which includes breaching of data, instability of the systems, malicious modifications etc as all the accesses are given to user’s profile.

Regular review and auditing is required to check all the malicious activities a user can do, if he has SAP_ALL access. 

Hope you like SAP Security Interviews Series PART – 6

SAP SECURITY Interview Check out other parts at my website : https://acorporateguy.com/