SAP Security Interview

SAP SECURITY Interviews Series – Part 10

Do checkout this commonly asked SAP Security Interview Q/A Series and prepare for your interviews easily. This is Part 10 of 10 Part Series

SAP SECURITY Interviews Questions and Answers Series

1. If a user enters a Tcode, how the system knows what action needs to be done?

Ans: When a user enters a Tcode, the system follows certain sequence which are as given:

  • User Enters the Tcode.
  • SAP Kernel determines if the tcode is valid or not.
  • Then, system determines if the user is having the authorization to execute the tcode or not.
  • Afterwards, system retrieves the tcode in TSTC Table repository which is basically a transaction repository and retrieves various details such as program name, screen number etc.
  • System then launches the program associated with the tcode. 
  • Initial screen is being showcased then. 
  • Afterwards processing of the logics happen which involves reading & writing of the ABAP programs and calling other functions as required.

2. What is RGC (Traffic Signals) in a role?

Ans: RGC is the concept which is related to role management and authorization in SAP System. Basically, it used red, yellow and green light to indicate the health of the system, their status and health.

So, if red light is there then it means the error or issue is critical such as either missing authorization, conflict detection or complaince violations. Yellow light always detects warnings such as potential issues, incomplete data or pending changes. Green light always says the status is OK.

The system is fully configured, no issues have been detected and the system is completely operations. 

3. What are highly critical objects, from SAP Security point of view?

Ans: Highly critical objects refers to the objects in SAP Security, that have significant potential to impact the operations in the SAP System.

These objects are very critical because they have extensive priviledge to perform any action, if this access was misused, it may lead to data breaches, frauds, or severe operational disruptions.  Authorization objects such as tcodes, tables, customizing tools etc.

Critical data elements and tables such as USR02, T000,  Other includes BASIS administartion objects, audit logs and change managements.

4. What is the use of Emergency Access Management in SAP GRC  Security?

Ans: EAM – Emergency Access Management is also known as Fire Fighter ID in SAP Security, which is very critically required, when it comes to providing emergency access to SAP Systems. Temporary elevated access to SAP Systems have been provided but it required higher elevated access to perform various tasks.

Users who have to work on some urgent tasks can assign with a fire fighter id and then they don’t need to get those high level access permanently.  Temporary access with comprehensive monitoring & auditing will be taken care Emergency Access Management.

5. What is role template in SAP Security and can we change a role template?

Ans: In SAP Security, a role template serves as a predefined framework that outlines a set of authorizations and permissions tailored for specific job functions or activities within the SAP system. Role templates are used to streamline the creation and assignment of roles by providing a standardized starting point that can be customized to meet the specific needs of an organization

Hope you like SAP Security Interviews Series PART – 10

SAP Interview Check out other parts at SAP Security Interview Series From Part 1 to 10.