Below are some important SAP Security interview questions which are asked in most MNC company interviews for beginners or professionals.
1. How do I change the name of master / parent role keeping the name of derived/child role same? I would like to keep the name of derived /child role same and also the profile associated with the child roles.
A. First copy the master role using PFCG to a role with new name you wish to have. Then you have to generate the role. Now open each derived role and delete the menu. Once the menus are removed it will let you put new inheritance. You can put the name of the new master role you created. This will help you keep the same derived role name and also the same profile name. Once the new roles are done you can transport it. The transport automatically includes the Parent roles.
2. What is the difference between C (Check) and U (Unmaintained)?
A. Background:
When defining authorizations using Profile Generator, the table USOBX_C defines which authorization checks should occur within a transaction and which authorization checks should be maintained in the PG. You determine the authorization checks that can be maintained in the PG using Check Indicators. It is a Check Table for Table USOBT_C. In USOBX_C there are 4 Check Indicators.
· CM (Check/Maintain)
- An authority check is carried out against this object.
- The PG creates an authorization for this object and field values are displayed for changing.
- Default values for this authorization can be maintained.
· C (Check)
- An authority check is carried out against this object.
- The PG does not create an authorization for this object, so field values are not displayed.
- No default values can be maintained for this authorization.
· N (No check)
- The authority check against this object is disabled.
- The PG does not create an authorization for this object, so field values are not displayed.
- No default values can be maintained for this authorization.
·U (Unmaintained)
- No check indicator is set.
- An authority check is always carried out against this object.
- The PG does not create an authorization for this object, so field values are not displayed.
- No default values can be maintained for this authorization..
3. What does user compare do?
A. Comparing the user master: This is basically updating profile information into user master record.
So that users are allowed to execute the transactions contained in the menu tree of their roles, their user master record must contain the profile for the corresponding roles.
You can start the user compare process from within the Profile Generator (User tab and User compare pushbutton). As a result of the comparison, the profile generated by the Profile Generator is entered into the user master record. Never enter generated profiles directly into the user master record (using transaction SU01, for example)! During the automatic user compare process (with report pfcg_time_dependency, for example), generated profiles are removed from the user masters if they do
not belong to the roles that are assigned to the user.
If you assign roles to users for a limited period of time only, you must perform a comparison at the beginning and at the end of the validity period. You are recommended to schedule the background job pfcg_time_dependency in such cases
4. Can wildcards be used in authorizations?
A. Authorization values may contain wildcards; however, the system ignores everything after the wildcard. Therefore, A*B is the same as A*.
5. What does the PFCG_TIME_DEPENDENCY clean up?
A. The 'PFCG_TIME_DEPENDENCY' background report only cleans up the profiles (that is, it does not clean up the roles in the system). Alternatively, you may use transaction 'PFUD'.
1. How do I change the name of master / parent role keeping the name of derived/child role same? I would like to keep the name of derived /child role same and also the profile associated with the child roles.
A. First copy the master role using PFCG to a role with new name you wish to have. Then you have to generate the role. Now open each derived role and delete the menu. Once the menus are removed it will let you put new inheritance. You can put the name of the new master role you created. This will help you keep the same derived role name and also the same profile name. Once the new roles are done you can transport it. The transport automatically includes the Parent roles.
2. What is the difference between C (Check) and U (Unmaintained)?
A. Background:
When defining authorizations using Profile Generator, the table USOBX_C defines which authorization checks should occur within a transaction and which authorization checks should be maintained in the PG. You determine the authorization checks that can be maintained in the PG using Check Indicators. It is a Check Table for Table USOBT_C. In USOBX_C there are 4 Check Indicators.
· CM (Check/Maintain)
- An authority check is carried out against this object.
- The PG creates an authorization for this object and field values are displayed for changing.
- Default values for this authorization can be maintained.
· C (Check)
- An authority check is carried out against this object.
- The PG does not create an authorization for this object, so field values are not displayed.
- No default values can be maintained for this authorization.
· N (No check)
- The authority check against this object is disabled.
- The PG does not create an authorization for this object, so field values are not displayed.
- No default values can be maintained for this authorization.
·U (Unmaintained)
- No check indicator is set.
- An authority check is always carried out against this object.
- The PG does not create an authorization for this object, so field values are not displayed.
- No default values can be maintained for this authorization..
3. What does user compare do?
A. Comparing the user master: This is basically updating profile information into user master record.
So that users are allowed to execute the transactions contained in the menu tree of their roles, their user master record must contain the profile for the corresponding roles.
You can start the user compare process from within the Profile Generator (User tab and User compare pushbutton). As a result of the comparison, the profile generated by the Profile Generator is entered into the user master record. Never enter generated profiles directly into the user master record (using transaction SU01, for example)! During the automatic user compare process (with report pfcg_time_dependency, for example), generated profiles are removed from the user masters if they do
not belong to the roles that are assigned to the user.
If you assign roles to users for a limited period of time only, you must perform a comparison at the beginning and at the end of the validity period. You are recommended to schedule the background job pfcg_time_dependency in such cases
4. Can wildcards be used in authorizations?
A. Authorization values may contain wildcards; however, the system ignores everything after the wildcard. Therefore, A*B is the same as A*.
5. What does the PFCG_TIME_DEPENDENCY clean up?
A. The 'PFCG_TIME_DEPENDENCY' background report only cleans up the profiles (that is, it does not clean up the roles in the system). Alternatively, you may use transaction 'PFUD'.
More Questions & Answers :-
No comments:
Post a Comment