| Back to Questions Page |
| |
| Question |
Hi ,
Currently i am working in an MNC company as an SAP
Security tier1 member , we will take care of User
Administration , Profile/authorization administration
activities .Could any one tell me , is i am eligible to
apply for an SAP Security job for 2 years experience .
Could any one tell me about SOD , SOX Audit and Virsa tool ,
i have never worked before .
Prakash |
Rank |
Answer Posted By |
|
Question Submitted By :: Prakash |
|
I also faced this Question!! |
© ALL Interview .com |
| Answer | Hi Prakash,
If you are very strong in Security you can apply for
Security job for 2years..If you are not please dont
experiment in new company it wil a big problem for you.
And for SOD and SOX is very Important topic. SOD
Sagregation of Duty Analysis is fully automated tool which
is used for auditing.
SOD and SOX is very huge topic. You cannot understand until
you read relevant books and start practice  |
| Geethu |
| |
| |
| Answer | SOD and SOX are used for SAP Audit purposes in the company
and Virsa tool is a 3rd party tool integrated with SAP,used
for finding of the risks before applying the roles (new) to
a user.  |
| Shiva |
| |
| |
| Question |
What are the issues will face while creating user in the
system ? |
Rank |
Answer Posted By |
|
Question Submitted By :: Prakash T |
| This Interview Question Asked @ Accenture |
|
I also faced this Question!! |
© ALL Interview .com |
| Answer | While creating user the security admin should get approval
to create that user from the Project Manger. The
particulars like lastname of the user, type of user,
validity dates etc are required. Now u can create user.  |
| Venkat |
| |
| |
|
|
| |
| Answer | first thing, u need to have access su01 transaction.
if the system in which we r creating user, is connected to
CUA, then it is necessary to check if we can create user in
child. while assigning roles, in role tab, progi,e for that
role should be generated and user comparision should be done  |
| Shubhada |
| |
| |
| Answer | While creating the user we have to know the following
details:
1. System
2. Approval from linemanager
3. Type of user (Dialog or service etc.)
4. Roles to be assigned.
5. Validity of th user.  |
| Karthik |
| |
| |
| Question |
Hi This is Prakash .
Can any one tell me what is the use of SU24 and SU25
transaction code exactly |
Rank |
Answer Posted By |
|
Question Submitted By :: Prakash T |
| This Interview Question Asked @ Accenture |
|
I also faced this Question!! |
© ALL Interview .com |
| Answer | Every Tcode has list of authorization objects which are
maintained in roles. when a Tcode is executed that objects
will refered in roles, if an object is not maintained in
role then it is an authorisation error which can be seen
through SU53 tcode. This list of maintianed auth. object
of Tcode can be checked through SU24.  |
| Purushoth Ak |
| |
| |
| Answer | SU25: A transaction that copies SAP defaults from USBOT &
USOBX to USOBT_C and USOBX_C.
USOBT, is a table that consists of transactions and
authorisation objects. It stores default values of
authorisation from authorisation objects.
USOBX, is a table that defines the necessary authorisation
checks that needs to be performed within a transaction.
Initially both tables USOBT and USOBX consists of default
values. These two tables are then used for fill up of the
customer tables USBOT_C and USOBT_X through the transaction
SU25.
SU24: A transaction that maintains the assignment of
authorisation objects in the customer tables USOBT_C and
USOBX_C.  |
| Uma |
| |
| |
| Question |
What is the differrence b/w Copy Roles and Derived Roles ? |
Rank |
Answer Posted By |
|
Question Submitted By :: Prakash T |
| This Interview Question Asked @ Accenture |
|
I also faced this Question!! |
© ALL Interview .com |
| Answer | temp role is a default sap provided role...and a copy role
is one we customize from a temp role...
Derived role:- Is a role which is derived from the parent role
Parent role can be either a customised role r temp role  |
| Ramu |
| |
| |
| Answer | in derived role, all the transactions of parent role r
copied but not the org structure and auth.
and we cant add more transactions in derived role.
in copy roles all the transactions with auth r copied  |
| Shubhada |
| |
| |
| Question |
Hello!!!
We are asked to generate a report/collect data on users
concurrently accessed to the system and what operations
they performed with their concurrent access. Apart from
they want info on the duration of thier concurrent/normal
session (date, time etc).
Can anyone help us to know any particular transactions (as
of our knowledge STAT & STAD can render certain segment of
data), reports available with SAP to collect the above
requested info. |
Rank |
Answer Posted By |
|
Question Submitted By :: Patchipala |
| This Interview Question Asked @ Cap-Gemini |
|
I also faced this Question!! |
© ALL Interview .com |
| Answer | Try STAT and if the info in that is not enough, enable audit  |
| Ravi |
| |
| |
| Question |
In 4.7 EE, we have an option as User -> Settings ->
Automatic Comparison at Save.
Is it right if i say that this option checked will
automatically prompt for User cpompare when we simply save
the data after entering the users to the role?
But whether the option is checked or not i did not get any
prompt for User compare on saving the data after entering
Users info in the role.
My another doubt is whats the difference between User and
Complete Compare options. If i dont do complete Compare,
wiill that effect? Is it right if i say that User compare
assigns the users to the role and Complete Compare updates
the user master recoirds , i.e., User master record
comparison is current. |
Rank |
Answer Posted By |
|
Question Submitted By :: Sumeith_Kumar |
|
I also faced this Question!! |
© ALL Interview .com |
| Answer | When we assign roles and save user profile it will not ask
for user conparision...
we need to go to role tab and double click on the role
which you have assigned recently then it will navigate to
PFCG screen then click on user tab if it is yellow we need
to do user comparision... if it is in green we need not to
do user comparision.. if it is yellow then click on user
comparision then complete comparision then that role will
reflect in to user buffer list..
But this role comparision will be done when we create
role..if we miss there then we will do when user will get
authorization error.. reason is role not yet stored in user
buffer list.
We can do mass comparision by using tcode PFUD.  |
| Shanti.s |
| |
| |
| Answer | If you schedule the below mention sap default job in
background periodic every day or hourly basis no need to
compare manually.
PFG_TIME_DEPENDENCY (This Is a ABAP program)  |
| Ravi [SCSL] |
| |
| |
| Question |
After maintaining authorization fields, we save and
generate the profile. But it prompts for the profile name
right when we click on 'Save' icon. So what is the basic
difference between Saving and Profile Generating? |
Rank |
Answer Posted By |
|
Question Submitted By :: Sumeith_Kumar |
|
I also faced this Question!! |
© ALL Interview .com |
| Answer | this is rajesh. ya, after maintaining authorization fields
u need to save and generate the profile b'coz, it is like
tht wht ever fileds ur going to fill is correct and their is
no change so tht ur going to save. after tht ur going to
generate the prolie means it is ready to assign to the
respective user for tht u need confirmation from r/3 tht
this profile is in r/3 db. after tht this profile is
assiging to user.  |
| Kumar |
| |
| |
| Answer | hai this is jagadish
if you not generate profile name before u chage the
authorization then it ask a profile name when u save and
generate in authorization tab. and when we generating the
profile after save then the profile is save with the given
authorizations and activities and et... in database. One
thing u understand that any authorization or activities are
stored in a profiles and when we assign them then the
profile name takes place in user master records. ok
if i am wrong in this correct me any of this group
byeee
jagadish  |
| Jagadish [SCSL] |
| |
| |
| Answer | If we do any modifications or If we create any role and
maintain authorization fields and values we will save those
changes. That means wht changes we have made that will be
saved. If we generate profile means it wil generate
profiles according to tcode and authorizaion objects you
have maintained in that role.That profiles wil remain in
user master records...
Thanks
Shanti.  |
| Shanti.s [SCSL] |
| |
| |
| Answer | When we save a profile that we only save the values
whatever changes made in authorization object but still it
is not working due to non activation of authoriztion
profile.
A generate button used to activate all values and create a
authorization profiles.
Because we can't assign authorization directly to the user
that's why we generate a authorization profile.  |
| Bishnu Lal Sahu [SCSL] |
| |
| |
| Question |
how to get ticket from end user? |
Rank |
Answer Posted By |
|
Question Submitted By :: Ragavreddy |
| This Interview Question Asked @ Accenture |
|
I also faced this Question!! |
© ALL Interview .com |
| Answer | thorugh mail or tool like remedy .....  |
| Knreddy |
| |
| |
| Answer | Generally tickets are raised by the end users or clients.
each organization having a separate tool box for the purpose
of tickets and then the team leader allot the tickets to
corresponding person through mail.  |
| Koteswararao |
| |
| |
| Answer | Generally user asks queries through chat or mail.
But when they need something to do from our end..
please ask them to raise ticket ,say for example. if they
user wants to change the password or create a user id or
role changes.
Tell them to raise a ticket to security/Authorization team
with necessary info such as system name,client number.If
any error ask for SU53.
Each ticket counts your productivity.
Cheers
Prasath  |
| Selva Prasath |
| |
| |
| Question |
which ticketing tool you are using?
|
Rank |
Answer Posted By |
|
Question Submitted By :: Ragavreddy |
| This Interview Question Asked @ Accenture , WIPRO |
|
I also faced this Question!! |
© ALL Interview .com |
| Answer | A 3rd party tool called AHD  |
| Shiva |
| |
| |
| Answer | Clarify Tool....From HP  |
| Naveen |
| |
| |
| Answer | Remedy  |
| Giridhar |
| |
| |
| Answer | HP open view, remedy,mail(Microsoft Outlook),Lotus
Notes,Magic  |
| Selvaprasath |
| |
| |
| Answer | Solution Manager. It can be used as centralised system to
raise tickets from any system(R3, BIW,APO, CRM etc..)  |
| Purushoth Ak |
| |
| |
| Question |
what are various user types
|
Rank |
Answer Posted By |
|
Question Submitted By :: Ragavreddy |
| This Interview Question Asked @ Accenture |
|
I also faced this Question!! |
© ALL Interview .com |
| Answer | dilog user, syste user, trns por use, like that 5 type of
users  |
| Knreddy |
| |
| |
| Answer | dialog, reference, communication, services, system  |
| Tapan |
| |
| |
| Answer | Dialog user 'A'
Individual system access (personalized)
Logon with SAPGUI is possible. The user is therefore
interaction-capable with the SAPGUI.
Expired or initial passwords are checked.
Users have the option of changing their own passwords.
Multiple logon is checked.
Usage: For individual human users (also Internet users)
System user 'B'
System-dependent and system-internal operations
Logon with SAPGUI is not possible. The user is therefore
not interaction-capable with the SAPGUI.
The passwords are not subject to to the password change
requirement, that is, they cannot be initial or expired.
Only an administrator user can change the password.
Multiple logon is permitted.
Usage: Internal RFC, background processing, external RFC
(for example, ALE, workflow, TMS, CUA)
Communication user 'C'
Individual system access (personalized)
Logon with SAPGUI is not possible. The user is therefore
not interaction-capable with the SAPGUI.
Expired or initial passwords are checked but the conversion
of the password change requirement that applies in
principle to all users depends on the caller
(interactive/not interactive). (*)
Users have the option of changing their own passwords.
Usage: external RFC (individual human users)
Service user 'S'
Shared system access (anonymous)
Logon with SAPGUI is possible. The user is therefore
interaction-capable with the SAPGUI.
The passwords are not subject to the password change
requirement, that is, they cannot be initial or expired.
Only a user administrator can change the password.
Multiple logon is permitted.
Usage: Anonymous system access (for example, public Web
services)
Reference user 'L'
Authorization enhancement
No logon possible.
Reference users are used for authorization assignment to
other users.
Usage: Internet users with identical authorizations  |
| Giridhar |
| |
| |
| Question |
how to transport roles?
|
Rank |
Answer Posted By |
|
Question Submitted By :: Ragavreddy |
| This Interview Question Asked @ Accenture |
|
I also faced this Question!! |
© ALL Interview .com |
| Answer | to transport a role follow these steps:
1.to transport the role between the two systems,RFC MUST BE
ENABLED (REMOTE FUNCTION CALL)
2.login into a user goto pfcg specify a role which is
already created click on the send transport icon.
3.after sending the request the user who had sent the role
to particular user should release the request by se10
4.in order to check the other user has recieved or not he
should go for transcation scc1 for checking wether he has
recieved of not.  |
| Rajesh Dadi |
| |
| |
| Answer | 1.Create a transport request in SE10.
2.PFCG - please specify the role name - press the transport
button(truck icon).
*** In case of mutiple roles,go to utilities-mass
transport**
3.there will be three info screens. give tick mark.
4.give the transport request number, which you created in
SE10.
5.Press ok.
6.To confirm the changes,go to se10 and see your request
number,right click and verify the roles are attached.  |
| Selvaprasath |
| |
| |
| Answer | 1. Go to PFCG, type role name in case of single role
transport and click on "execute".
or if you want to transport more than one roles,
a) go to Utilities->Mass Transport.
b) Click on Multiple Selection button, list the role
names that you want to transport and click on "Execute".
2. Click on "Transport" button (Truck icon).
3. It will ask for transport request number, then click on
"Create Request"
4. Give details of transport i.e. ticket number(if any),
name of requester of transport, date on which you are going
to release the transport request and then finally click
"continue".
5. now message will be displayed showing what all is added
into the transport request i.e. contents of this transport.
6. Then goto SE10/SE01 and select option "Modifiable" in
Section 'Transport requests', uncheck option "Released" and
click on "Display".This will show the transport request that
you have just created.
7. Expand the request and it will show you the task which is
under the request.Click on that task an press "Transport"
button (Truck icon). At the bottom line, it will show u
status of the task i.e. task is released or not.
8. Then click on Request no. and transport it. Hereby, your
transport request is released and roles have been transported.
In case of test systems, transports are automatic (varies
from project to project) and for Production system, they are
managed by BASIS team.
In case of auto-transport, you can login to test system and
check time interval by which "auto-import" job gets
triggered (this can be done in SM37). after it gets released
in nearest time interval (usually its between 15-30 min),
your transport request will be imported to that system and
hereby your roles will be transported to that system.  |
| Mrudula |
| |
| |
| Question |
how to adjust user master records?
|
Rank |
Answer Posted By |
|
Question Submitted By :: Ragavreddy |
| This Interview Question Asked @ Accenture |
|
I also faced this Question!! |
© ALL Interview .com |
| Answer | we have daily periodic job
PFCG_TIME -DEPENDENCY
 |
| Ragava Reddy |
| |
| |
| Answer | in pfcg use user compare and complete compare.if you are
using role to generate authorization profiles that should
not assigned in the user master records untill activate the
user compare and complete compare.in composite role have no
user compare and complete compare.  |
| Krishna.b |
| |
| |
| Question |
how to create new authorization object?
|
Rank |
Answer Posted By |
|
Question Submitted By :: Ragavreddy |
| This Interview Question Asked @ Accenture |
|
I also faced this Question!! |
© ALL Interview .com |
| Answer | su24/su25, su18/19  |
| Knredy |
| |
| |
| Answer | Using SU21 we can create the New Authorization Object  |
| Satish Kumar Ch. |
| |
| |
| Answer | 1)Type /nsu24 to attach authorisation object to a
transaction.
2)Select any transaction ex:me21n. F8(execute)
3)Click on the check indicator pencil to edit the
authorisation object.
4)Create a request to make changes on the pop up request box
5)Select the authorisation object you want to create and
ensure that you get the check/maintained green tick on.
6)Once done, save and to recheck get back to /nsu24 and
type in your transaction me21n and you could see whether
your new authorisation object is attached to the
transaction.
Note: To enable this authorisation object to work you need
to get to your role and reassign this transaction to the
role and maintain the authorisation table. Another way, you
could click on expert mode in the authorisation table and
select the 'Read Old Status & Merge with New' option and
maintain your authorisation table for the transaction with
the new authorisation object.  |
| Uma |
| |
| |
| Question |
what is temp role and copy role ? |
Rank |
Answer Posted By |
|
Question Submitted By :: Ragavreddy |
| This Interview Question Asked @ Accenture |
|
I also faced this Question!! |
© ALL Interview .com |
| Answer | temp role is a default sap provided role...and a copy role
is one we customize from a temp role...  |
| Sohail |
| |
| |
| Answer | temp role:-
it is the sap standard role, which is defined by sap.
copy role:- copy from a existing role is copy role.  |
| Rout |
| |
| |
|
| |
|
Back to Questions Page |