Interviews are always difficult and this is why it needs a good amount of preparation, knowing ahead the type of questions that might be asked. If you are preparing for an SAP security interview, this article will help you and give an idea of the most-commonly asked questions. Read on to know more about what type of questions can be asked in an SAP security interview.
SAP systems are loaded with critical information and sensitive data of financials, customers and employees of an organisation. Therefore, it is necessary for an SAP security mechanism to be in place so that there is no risk to the system. There are a lot of opportunities in this area as the number of skilled SAP security professionals are very few in the industry. If you want to improve your skills, you can go for a certification program in SAP.
Here’re some of the common SAP interview questions asked in an SAP security interview:
Q1. How to check table logs?
Ans. The first step is to check if logging is activated for a table using t-code SE13. If it is enabled then we can see the table logs with the t-code SCU3.
Q2. What is a ‘role’ in a SAP security?
Ans. Role refers to the group of t-codes which is assigned to execute particular tasks.
Q3. What is an ‘authorization’?
Ans. Each role in SAP requires privileges to execute a function, which is known as authorization.
Q4. How many fields can be in one authorization object?
Ans. There are 10 fields in one authorization object in SAP.
Q5. What is the difference between a role and a profile?
Ans. A role and profile go hand-in-hand. When a role is created, a profile is automatically created.
Q6. What is the difference between a single role and a composite role?
Ans. A single role is a container that collects transactions and generates an associated profile. A composite role is a container that collects different roles.
Also Read>> SAP Certification: All You Need to Know About
Q7. Differentiate between authorization object and authorization object class?
Ans. An authorization object is a group of authorization fields and is related to a particular activity, while authorization object class comes under authorization class and is grouped by function areas.
Q8. What is the maximum number of profiles and objects in a role?
Ans. In a role, the maximum number of profiles is 312 and the maximum number of objects is 170.
Q9. How to find out who has deleted users in the system?
Ans. To find out who has deleted users in the system, first debug or use RSUSR100 to find the info. Then run transaction SUIM and download the Change documents.
Q10. Can you change a role template? What are the three ways to work with a role template?
Ans. Yes. There are three ways to change a role template:
- Use it as they are delivered in SAP
- Modify them as per your needs through PFCG
- Create them from scratch
Also Read>> How to become a successful SAP Consultant!
Q11. What are the authorization objects required to create and maintain user records?
Ans. The following authorization objects are required to create and maintain user records:
- S_USER_GRP: to assign user groups.
- S_USER_PRO: to assign authorization.
- S_USER_AUT: create and maintain authorizations.
Q12. How can you delete multiple roles from QA, DEV and Production System?
Ans. The following steps should be taken to delete all the roles from QA, DEV and Production System:
- Place the roles to be deleted in a transport.
- Delete the roles.
- Push the transport through to QA and production.
Q13. What is the difference between USOBT_C and USOBX_C?
Ans. USOBT_C consists of the authorization tables which contains the authorization data which are relevant for a transaction. On the other hand, USOBX_C tells which authorization check is to be executed or not within a transaction.
Q14. Can you add a composite role to another composite role?
Ans. No, you cannot add a composite role to another composite role.
Q15. How can the password rules be enforced?
Ans. Password rules can be enforced using profile parameter.
Q16. What is a t-code in SAP?
Ans. A t-code (or transaction code) is used to access functions or a running program in an SAP application.
Q17. Which t-code can be used to delete old security audit logs?
Ans. The t-code SM-18 can be used to delete old security and audit logs.
Q18. What are the main tabs available in PFCG?
Ans. The main tabs available in PFCG are description, menu, authorization and user.
Q19. Which t-code is used to display the user buffer?
Ans. The t-code SU56 is used to display the user buffer.
Q20. What does a USER COMPARE do in SAP security?
Ans. USER COMPARE compared the user master record so that the produced authorization profile can be entered in the user master record.
The above questions and answers will give you a good hint of what you can expect in an SAP security interview. If you want to have high-level skills in SAP, then you can go for a professional course. Naukri Learning offers a variety of online courses in SAP which will help you to boost your career.