Sign Up Login


  1. Categories >> Software >> ERP CRM >> SAP >> SAP Security
  2. Suggest New Category

1).what is the diff b/w adding the tcode in s_tcode
authorization object
and addind the tcode inmenu tab of pfcg?
4) What is the difference between Owner, Controller and
Administrator
in Firefighter?
2) Can you tell me why do you use S_TABU_DIS authorization
object?

3) Explain How do you restrict a particular table acces then?
5)In RAR ,What are the default Back ground Jobs?
6)Which job will update all user master records?
7)What will happen whenever we execute a t-code?
8)What is the purpose of the report RSUSR006?
9) Lets say a user is locked by admin? What value will you
see in USR02
table and in UFLAG column?
10) What will you do if the user complains that he is not
able to access a
t-code?
11)why we have to delete users ?
12)a. What is Direct role assignment and indirect role
assignment?
b. What is the process of adding a t-code to an existing role?
c. If client asked you to modify a role directly in
PRODUCTION for
emergency? Is it possible? What you will do in that situation?
d. What is the purpose of customized Transaction codes? Have you
created any custom t-codes?
13)

Question Posted / lucky

Answer Posted / lucky

).what is the diff b/w adding the tcode in s_tcode
authorization object and addind the tcode inmenu tab of
pfcg?

When you add Tcode in S_tcode, assign that role to user.
and try to login, you will see that you have access to
transaction
but you cannot see the name and desc in SAP User menu

4) What is the difference between Owner, Controller and
Administrator in Firefighter?

Owner: persson responsible for FF id
Controller: Check what activity done by the particulcar id
Adminisrtra: Admin work( Ex: lock/unlock or Check logs )

2) Can you tell me why do you use S_TABU_DIS authorization
object?

You can use this authorization object to limit users’
access authorization
users with authorization for the se16 transaction (that
is, for all Data Dictionary objects)
can only access data of the table entries defined using
this authorization object.
You can also deny system administrators specific access to
application data, for example. As soon as you have set up
this authorization object, you can edit or change only the
table entries for which corresponding authorization has
been granted explicitly by S_TABU_DIS.


3) Explain How do you restrict a particular table acces
then?
TABU_DIS _CLNT




6)Which job will update all user master records?

PFUD,PFCG_TIME_DEPENDNCY

7)What will happen whenever we execute a t-code?

a system program makes various checks to
ensure that the user has the appropriate authorization.

Is the transaction code valid? (table TSTC check).

Is the transaction locked by the system administrator?
(table
TSTC check).

Is the user authorized to call the transaction?


The authorization object S_TCODE (call transaction)
contains the
field TCD (transaction code).

The user must have an authorization with a value for the
selected
transaction code.



8)What is the purpose of the report RSUSR006?

Report RSUSR006 provides a list of all users that have been
locked
as a result of entering incorrect password in the system.

9) Lets say a user is locked by admin? What value will you
see in USR02 table and in UFLAG column?

SE16N-USR02

Wecan find the value 64 in usr02 table, UFLAG field the
user is locked , if the value is 0 the user is not locked


10) What will you do if the user complains that he is not
able to access a t-code?

Check that if he has access to that TCODE

Report SU53


11)why we have to delete users ?

Its a two question , its depends upon the process that if
we have to delete the user or not.

As per my understanding we can lock the user and not-used
(in logon tab ).


12)a. What is Direct role assignment and indirect role
assignment?

Direct assignment - SU01 Assign role

Indirect assignment - ORg level and Postion level( HR
system PO13-BOO7 sttribute)

b. What is the process of adding a t-code to an existing
role?

Execute the t_code PFCG and select what ever the role you
have then edit.

In the menu tab Click on transaction. Then add the t_code
for the role.

Base on the requirement manage the authorization. (Check in
the
authorization TAB)


c. If client asked you to modify a role directly in
PRODUCTION for emergency? Is it possible? What you will
do in that situation?

It is not recommended as per SAP Standard.
Depends upon the critcal issue of the customer.



d. What is the purpose of customized Transaction codes?
Have you
created any custom t-codes?

Go to SE93 transaction code.
Enter the transaction code (Z or Y transaction code
Double-click the program which has been associated with the
transaction code.
Click Find button in the program screen.
This will display all the strings that have Auth included.
Find out the lines
that display “Authority check” statement and identify the
authorization object.
Note: You can double-click on the line to view the specific
lines in the program.Enter “auth” in the Find text box,
select “In main program” option and click Execute.
Incase, if you don’t find any authorization objects, check
for the string “Transaction” instead of “Auth
When the program is calling another transaction, follow the
steps mentioned below:
Double-click the transaction code in the main program.
Click Find button.
Enter “auth” as the string and look for the authorization
objects associated.
Record the list of authorization objects that are used by
the call-in transaction code and ensure to include all of
them in the current role.
Parameter transaction codes
Tables in the SAP environment are treated as critical and
hence direct maintenance is not allowed in the production
systems using SM30 or SM31 transaction codes.
When a custom table (Z or Y table) requires periodic
modification by the business, a Z transaction code is
created, which is controlled via a parameter transaction,
which will call SM30 or SM31 internally and skips the
initial screen, or the application program.
They are further protected by an authorization group. The
same will be maintained using S_TABU_DIS, and S_TABU_LIN
objects.

Identifying the authorization group (S_TABU_DIS)
When the custom transaction code is a parameter
transaction, the authorization group for table should be
added to the role. Below are the steps which will help you
to identify the authorization group:
Go to SE93, and enter the tcode.
Scroll down and copy the view name:

Is This Answer Correct ?    8 Yes 0 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

Can you explain protecting public keys?

808

Explain transport system-level security?

880

How to find ECC system, GRC system and BI system ?

994

What is the difference between role and a profile?

947

Explain x-glueb and its use in sap security.

1038

Explain protecting public keys?

881

how to do Restricting nodes and Hierarchies through characteristic values and authorization objects

2072

what are the issues you faced with UME?

2670

You want to create and maintain user master record. What authorization would you need?

920

How to run the daily background job s for virsa violations ? thabks in advance

3412

Why is it important to delete sap-new profile? What steps will you take to do this?

874

Tell me about derived role?

789

what is authorization object and authorization object class?

969

In pfcg where we can add customized t-codes. And where we can see customized t-codes

1437

How to do Role Design, Testing and Implementation

2236