Answer / lucky

).what is the diff b/w adding the tcode in s_tcode
authorization object and addind the tcode inmenu tab of
pfcg?

When you add Tcode in S_tcode, assign that role to user.
and try to login, you will see that you have access to
transaction
but you cannot see the name and desc in SAP User menu

4) What is the difference between Owner, Controller and
Administrator in Firefighter?

Owner: persson responsible for FF id
Controller: Check what activity done by the particulcar id
Adminisrtra: Admin work( Ex: lock/unlock or Check logs )

2) Can you tell me why do you use S_TABU_DIS authorization
object?

You can use this authorization object to limit users’
access authorization
users with authorization for the se16 transaction (that
is, for all Data Dictionary objects)
can only access data of the table entries defined using
this authorization object.
You can also deny system administrators specific access to
application data, for example. As soon as you have set up
this authorization object, you can edit or change only the
table entries for which corresponding authorization has
been granted explicitly by S_TABU_DIS.


3) Explain How do you restrict a particular table acces
then?
TABU_DIS _CLNT




6)Which job will update all user master records?

PFUD,PFCG_TIME_DEPENDNCY

7)What will happen whenever we execute a t-code?

a system program makes various checks to
ensure that the user has the appropriate authorization.

Is the transaction code valid? (table TSTC check).

Is the transaction locked by the system administrator?
(table
TSTC check).

Is the user authorized to call the transaction?


The authorization object S_TCODE (call transaction)
contains the
field TCD (transaction code).

The user must have an authorization with a value for the
selected
transaction code.



8)What is the purpose of the report RSUSR006?

Report RSUSR006 provides a list of all users that have been
locked
as a result of entering incorrect password in the system.

9) Lets say a user is locked by admin? What value will you
see in USR02 table and in UFLAG column?

SE16N-USR02

Wecan find the value 64 in usr02 table, UFLAG field the
user is locked , if the value is 0 the user is not locked


10) What will you do if the user complains that he is not
able to access a t-code?

Check that if he has access to that TCODE

Report SU53


11)why we have to delete users ?

Its a two question , its depends upon the process that if
we have to delete the user or not.

As per my understanding we can lock the user and not-used
(in logon tab ).


12)a. What is Direct role assignment and indirect role
assignment?

Direct assignment - SU01 Assign role

Indirect assignment - ORg level and Postion level( HR
system PO13-BOO7 sttribute)

b. What is the process of adding a t-code to an existing
role?

Execute the t_code PFCG and select what ever the role you
have then edit.

In the menu tab Click on transaction. Then add the t_code
for the role.

Base on the requirement manage the authorization. (Check in
the
authorization TAB)


c. If client asked you to modify a role directly in
PRODUCTION for emergency? Is it possible? What you will
do in that situation?

It is not recommended as per SAP Standard.
Depends upon the critcal issue of the customer.



d. What is the purpose of customized Transaction codes?
Have you
created any custom t-codes?

Go to SE93 transaction code.
Enter the transaction code (Z or Y transaction code
Double-click the program which has been associated with the
transaction code.
Click Find button in the program screen.
This will display all the strings that have Auth included.
Find out the lines
that display “Authority check” statement and identify the
authorization object.
Note: You can double-click on the line to view the specific
lines in the program.Enter “auth” in the Find text box,
select “In main program” option and click Execute.
Incase, if you don’t find any authorization objects, check
for the string “Transaction” instead of “Auth
When the program is calling another transaction, follow the
steps mentioned below:
Double-click the transaction code in the main program.
Click Find button.
Enter “auth” as the string and look for the authorization
objects associated.
Record the list of authorization objects that are used by
the call-in transaction code and ensure to include all of
them in the current role.
Parameter transaction codes
Tables in the SAP environment are treated as critical and
hence direct maintenance is not allowed in the production
systems using SM30 or SM31 transaction codes.
When a custom table (Z or Y table) requires periodic
modification by the business, a Z transaction code is
created, which is controlled via a parameter transaction,
which will call SM30 or SM31 internally and skips the
initial screen, or the application program.
They are further protected by an authorization group. The
same will be maintained using S_TABU_DIS, and S_TABU_LIN
objects.

Identifying the authorization group (S_TABU_DIS)
When the custom transaction code is a parameter
transaction, the authorization group for table should be
added to the role. Below are the steps which will help you
to identify the authorization group:
Go to SE93, and enter the tcode.
Scroll down and copy the view name:

Answer / karunakar

Hi Rav,
This is karunakar,
As per my knowledge i am able to answer some of the
questions , If you find complete answers please mail to my
id m.karna99@gmail.com.
1. The difference is if you add the T code in s_tcode the
user will access to that t code only , To restrict the user
to specific tcode we use s_tcode.
2. We use this object to restrict the autorization groups
s_tabu_dis
7. when we execute a T code , first it will check the user
is having the access to that Tcode in S_TCODE,
9. If we find the value 64 in usr02 table, UFLAG field the
user is locked , if the value is 0 the user is not locked.
10. If user complaints that he is not accessed to tcode ,
ask the user to send his su53 report , login as user with
his user id and password check his authorizations wether he
has the accessed to that t-code or not, get the balck &
white approval from you senior authorities and assign the
missing authorizations to that t code.

Answer / ravkadi

Sorry guys in ibm i have faced the interview for an hour and
in which i could not answer these questions so please give
me the answers.

thanks in advance
rav

what are the common idoc issues in a cua environment.how do you solve?

1 Answers   iGate,

---

When would you update a sap table directly? What precautions would you taje?

0 Answers  

---

How to add custon t-code to a role and how to find the auth obj of custom t-code.if the custom t-code doesnt have auth obj, will you save and generate the role?

0 Answers  

---

What are the 5 things you'll do if you have sap system to maintain (Sap securiy)

1 Answers   Accenture, Ernst Young,

---

SAP SECURITY Training in Hyderbad,contact 7893255000. R3 SEC,BW/BI Sec,HR SEC,SRM SEC,EP SEC,VIRSA and GRC Tools.

3 Answers  

---

---

What is sap cryptographic library?

0 Answers  

---

In which table you can see authorization group for table and which table to see authorization group for program?

8 Answers   Cap Gemini,

---

Hi I cleared all rounds of Accenture but my preffered location was Gurgaon, as they dint had anything for me in Delhi /NCR they have put me on hold. I am worried will they call me again. please help

2 Answers  

---

What is the maximum number of authorization objects in a role?

1 Answers  

---

if user enters a tcode how the system knows what action should be done ?

3 Answers   Deloitte, Pranav Systtech,

---

Giving fire call access and extending fire call access by using VIRSA’s VFAT tool? can u brief give the explanation

0 Answers   IBM,

---

Differentiate between usobx_c and usobt_c

0 Answers  

---