SAP SECURITY QUESTIONS

I have one year experience in SAP Security and only two in Basis, so flame on......... I swear I didn't use google or any of my systems for reference!

1) When PFCG proposes 3 activities but you only want 2, how do you fix this? Best answer is to modify your su24 data.

2) What is the use of transaction PFUD at midnight? removes invalid profiles from user records

3)Is PFUD needed when saving in SU01 and does the user need to logoff and on again after changes? PFUD is not needed and the user needs to log off and back on again

4)How are web services represented in authorizations of users who are not logged on? ??

5)How do you force a user to change their password and on which grounds would you do so? SU01 -> Logon Data tab -> Deactivate password. I am not sure what grounds this would be necessary. I have never had to use it.

6)What is the difference between SU24 and SU22? What is "orginal data" in SU22 context? SU22 you maintain authorization objects???? Su24 you maintain which authorization objects are checked in transactions and maintain the authorization proposals.

7)When an authorization check on S_BTCH_JOB fails, what happens? "You do not have authorization to perform whatever operation you are trying to perform." message. HAHA

8)Can you have more than one set of org-level values in one role? I might be misinterpreting this question. But yes. Depending on the transactions inserted into the role menu, you could have more than one org level to maintain. Purchasing Org and Plant, Sales Org and Sales Division.....

9)Should RFC users have SAP_NEW and why? No. Just insert the transactions and necessary

authorization objects into a role. S_RFC for one.

10) What is an X-glueb command and where do you use it in SAP security? ???

11) What is the disadvantage of searching for AUTHORITY-CHECK statements in ABAP OO coding and how does SU53 deal with this? Disadvantage? I can think of an advantage. My ABAPer shows me his programs and we work out what authority checks should be performed.

12) In which tables can you make customizing settings for the security administration and name one example of such a setting which is usefull but not SAP default? ???

13) Can you use the information in SM20N to build roles and how? You could, I guess. Not a good practice though. Build roles based on business processes.

14) If the system raises a message that authorizations are missing but you have SAP_ALL, what do you do? Regenerate SAP_ALL which reconciles new authorization objects from SAP_NEW

15) Name any one security related SAP note and explain it's purpose or solution. Don't know the number off hand, but I was looking at it yesterday. Program Z_DEL_AGR to allow deletion of more than one role at a time. There is no mechanism in SAP to achieve this currently.

16) What are the two primary difference between a SAML token profile and a Logon ticket in SAP? ??? I know what these are but have no experience with it.