SAP Security Interview Questions - SAP Security Interview Questions


	R/3 Security
	BW Security
	Enterprise Portal
	CUA
	Single Sign On
	SOX/ SoD
	OSS
	HR Security
	Other SAP Apps
	Solution Manager
	Interview Questions

SAP Security Interview Questions

Q. Can we convert Authorization field to Org, field
A. Authorization field can be changed to Organization field using PFCG_ORGFIELD_CREATE or ZPFCG_ORGFIELD_CREATE
Use SE38 or SA38 to run the above report.

Organizational level fields should only be created before you start setting up your system. If you create organizational level fields later, you might have to do an impact analysis. The authentication data may have to be postprocessed in roles.

The fields "Activity", "ACTVT" and "Transaction code", "TCD" cannot be converted into an organizational level field.

In addition, all affected roles are analyzed and the authorization data is adjusted. The values of the authorization field which is now to become the organizational level field are removed and entered into the organizational level data of the role.
Note: Table for Org Element- USORG
Refer to Note 323817 for more detail.

Q. How many profiles can be assigned to any user master record.
A. Maximum Profiles that can be assigned to any user is ~ 312. Table USR04 (Profile assignments for users). This table contains both information on the change status of a user and also the list of the profile names that were assigned to the user.
The field PROFS is used for saving the change flag (C = user was created, M = user was changed), and the name of the profiles assigned to the user. The field is defined with a length of 3750 characters. Since the first two characters are intended for the change flag, 3748 characters remain for the list of the profile names per user. Because of the maximum length of 12 characters per profile name, this results in a maximum number of 312 profiles per user.

Q. Can you add a composite role to another composite role?
A. No

Q. How to reset SAP* password from oracle database.
A. Logon to your database with orasid as user id and run this sql
delete from sapSID.usr02 where bname='SAP*' and mandt='XXX';
commit;

Where mandt is the client.

Now you can login to the client using sap* and password pass

Q. What is difference between role and profile.
A. A role act as container that collect transaction and generates the associated profile. The profile generator (PFCG) in SAP System automatically generates the corresponding authorization profile. Developer used to perform this step manually before PFCG was introduced bySAP. Any maintenance of the generated profile should be done using PFCG.

Q. What is user buffer?
A. When a user logs on to the SAP R/3 System, a user buffer is built containing all authorizations for that user. Each user has their own individual user buffer. For example, if user Smith logs on to the system, his user buffer contains all authorizations of role USER_SMITH_ROLE. The user buffer can be displayed in transaction SU56.

A user would fail an authorization check if:

The authorization object does not exist in the user buffer
The values checked by the application are not assigned to the authorization object in the user buffer
The user buffer contains too many entries and has overflowed. The number of entries in the user buffer can be controlled using the system profile parameter auth/number_in_userbuffer.

Previous Page Next Page

SAP Help | SAP Service Market Place | SAP SDN