Professional Documents
Culture Documents
New Sap Security and GRC Interview Questions
New Sap Security and GRC Interview Questions
Ans:
We have 5 types of user types
Dialog, Service, Communication, System and Reference Types. Generally all
the users (End users and IT users will be created with dialog type)
System accounts we used for background jobs scheduling, also for RFC
connections
All the FF ID’s would be created with service type.
Ans:
Tables can be restricted through authorization objects S_TABU_DIS or
S_TABU_NAM
3) Where we can find the table which is belongs which auth group?
Ans : TDDAT
4) How to adjust user master records after importing the roles to production?
Ans: we have a background job running on daily basis, which will update the user
master data comparison
Programs: PFCG_TIME_DEPENDENCY
RHAUTUPD_NEWt
Ans: An authorization Object S_USER_GRP with ACTVT 05 will give access to lock
and reset the password of users in SAP. I will create a new role with above access
and grant this new role to Service Desk Team.
Ans: User group tab perform authorization check and also we can mention
only one group where as in groups we can assign multiple groups. Groups tab
is reference purpose like user belongs to which group
Ans: Master role Maintained All the Transaction codes and related
authorization objects. whereas in derived role we only maintain organization
levels. Derived roles mainly used to restrict the plant and company code
levels. If Business has multiple locations/branches, Master and Derived role
concept is useful.
If you want to add any new tcode to a role, then if we add in Master role, it
would be updated in derived roles as well.
11) What is the difference between Change Mode and Expert mode while
generating an authorization profile using with PFCG?
Ans: Whenever we are creating a new role, there is no difference between both
options. If we are updating any existing role, it recommended to go with expert
mode with read old status and merge with new data option. It will brings the SU24
updates of old tcodes existed in the roles.
whenever we do su24 changes we go for expert mode and select read old
status and merger with new data
GRC
24) What is the difference between firefighter owner and firefighter controllers
Ans: FFOWNER: Responsible for maintaining the FFID and assignment to
firefighters
FF CONTROLLER: Responsible to review the FF Logs