Interested to Buy Any Domain ? << Click Here >> for more details...
1).what is the diff b/w adding the tcode in s_tcode
authorization object
and addind the tcode inmenu tab of pfcg?
4) What is the difference between Owner, Controller and
Administrator
in Firefighter?
2) Can you tell me why do you use S_TABU_DIS authorization
object?
3) Explain How do you restrict a particular table acces then?
5)In RAR ,What are the default Back ground Jobs?
6)Which job will update all user master records?
7)What will happen whenever we execute a t-code?
8)What is the purpose of the report RSUSR006?
9) Lets say a user is locked by admin? What value will you
see in USR02
table and in UFLAG column?
10) What will you do if the user complains that he is not
able to access a
t-code?
11)why we have to delete users ?
12)a. What is Direct role assignment and indirect role
assignment?
b. What is the process of adding a t-code to an existing role?
c. If client asked you to modify a role directly in
PRODUCTION for
emergency? Is it possible? What you will do in that situation?
d. What is the purpose of customized Transaction codes? Have you
created any custom t-codes?
13)
- 3 Answers
- 19080 Views
- IBM, I also Faced
- E-Mail Answers
Answer Posted / lucky
).what is the diff b/w adding the tcode in s_tcode
authorization object and addind the tcode inmenu tab of
pfcg?
When you add Tcode in S_tcode, assign that role to user.
and try to login, you will see that you have access to
transaction
but you cannot see the name and desc in SAP User menu
4) What is the difference between Owner, Controller and
Administrator in Firefighter?
Owner: persson responsible for FF id
Controller: Check what activity done by the particulcar id
Adminisrtra: Admin work( Ex: lock/unlock or Check logs )
2) Can you tell me why do you use S_TABU_DIS authorization
object?
You can use this authorization object to limit users’
access authorization
users with authorization for the se16 transaction (that
is, for all Data Dictionary objects)
can only access data of the table entries defined using
this authorization object.
You can also deny system administrators specific access to
application data, for example. As soon as you have set up
this authorization object, you can edit or change only the
table entries for which corresponding authorization has
been granted explicitly by S_TABU_DIS.
3) Explain How do you restrict a particular table acces
then?
TABU_DIS _CLNT
6)Which job will update all user master records?
PFUD,PFCG_TIME_DEPENDNCY
7)What will happen whenever we execute a t-code?
a system program makes various checks to
ensure that the user has the appropriate authorization.
Is the transaction code valid? (table TSTC check).
Is the transaction locked by the system administrator?
(table
TSTC check).
Is the user authorized to call the transaction?
The authorization object S_TCODE (call transaction)
contains the
field TCD (transaction code).
The user must have an authorization with a value for the
selected
transaction code.
8)What is the purpose of the report RSUSR006?
Report RSUSR006 provides a list of all users that have been
locked
as a result of entering incorrect password in the system.
9) Lets say a user is locked by admin? What value will you
see in USR02 table and in UFLAG column?
SE16N-USR02
Wecan find the value 64 in usr02 table, UFLAG field the
user is locked , if the value is 0 the user is not locked
10) What will you do if the user complains that he is not
able to access a t-code?
Check that if he has access to that TCODE
Report SU53
11)why we have to delete users ?
Its a two question , its depends upon the process that if
we have to delete the user or not.
As per my understanding we can lock the user and not-used
(in logon tab ).
12)a. What is Direct role assignment and indirect role
assignment?
Direct assignment - SU01 Assign role
Indirect assignment - ORg level and Postion level( HR
system PO13-BOO7 sttribute)
b. What is the process of adding a t-code to an existing
role?
Execute the t_code PFCG and select what ever the role you
have then edit.
In the menu tab Click on transaction. Then add the t_code
for the role.
Base on the requirement manage the authorization. (Check in
the
authorization TAB)
c. If client asked you to modify a role directly in
PRODUCTION for emergency? Is it possible? What you will
do in that situation?
It is not recommended as per SAP Standard.
Depends upon the critcal issue of the customer.
d. What is the purpose of customized Transaction codes?
Have you
created any custom t-codes?
Go to SE93 transaction code.
Enter the transaction code (Z or Y transaction code
Double-click the program which has been associated with the
transaction code.
Click Find button in the program screen.
This will display all the strings that have Auth included.
Find out the lines
that display “Authority check” statement and identify the
authorization object.
Note: You can double-click on the line to view the specific
lines in the program.Enter “auth” in the Find text box,
select “In main program” option and click Execute.
Incase, if you don’t find any authorization objects, check
for the string “Transaction” instead of “Auth
When the program is calling another transaction, follow the
steps mentioned below:
Double-click the transaction code in the main program.
Click Find button.
Enter “auth” as the string and look for the authorization
objects associated.
Record the list of authorization objects that are used by
the call-in transaction code and ensure to include all of
them in the current role.
Parameter transaction codes
Tables in the SAP environment are treated as critical and
hence direct maintenance is not allowed in the production
systems using SM30 or SM31 transaction codes.
When a custom table (Z or Y table) requires periodic
modification by the business, a Z transaction code is
created, which is controlled via a parameter transaction,
which will call SM30 or SM31 internally and skips the
initial screen, or the application program.
They are further protected by an authorization group. The
same will be maintained using S_TABU_DIS, and S_TABU_LIN
objects.
Identifying the authorization group (S_TABU_DIS)
When the custom transaction code is a parameter
transaction, the authorization group for table should be
added to the role. Below are the steps which will help you
to identify the authorization group:
Go to SE93, and enter the tcode.
Scroll down and copy the view name:
| Is This Answer Correct ? | 8 Yes | 0 No |
Post New Answer View All Answers
A person has different user ids in different systems and you want to manage their authorizations centrally. Is it possible? How would you do it?
what is user base in sap security?
what are the pre-requisites that should be taken before assigning sap_all to a user even there is an approval from authorization controllers?
As a SAP security consultant what is the most challenged you faced in previous company?
can you please send me SAP Security upgrade documents and guide for CRM 5 and CRM 7 and what are the differeces between crm 5 AND crm 7 according to sap security point of view.
What are the steps involved in SAP Security upgradation projects and also in SAP security impletation projects
how to do Restricting nodes and Hierarchies through characteristic values and authorization objects
Attributes in SE01?
what is centralize FFID?
You want to configure the local and global setting of cua. Where would you do that? What would happen if you have inconsistent settings?
You wan to transport user groups from transaction sugr? Would this impact the groups tab in su01? What would you do?
What is the use of tmssup* rfc destinations?
What appears as the last sentence in sap note 587410?
What is the use of Personalization tab in SU01?
Can wildcards be used in authorizations?
