Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
If any authorization object has been modified in SU24, how it will be effected in the system? Question If u has issue like add one AO in 50 roles what would u do? (If all 50 are single roles)? What is rule? What kind of reports does perform at the R3 level?
Rank
Answer Posted By
Re: How to create a custom T-code tell me the procedure How to add an authorization object for that custom t-code If any authorization object has been modified in SU24, how it will be effected in the system? If u has issue like add one AO in 50 roles what would u do? (If all 50 are single roles)? What is rule? What kind of reports does perform at the R3 level? Answer 1) Using SE93 tcode, we can # 1 create the custom code,
Normally ABAP or Functional team will create custom T-Code and will associate Reports or Table. 2)Using SU24, you can maintain auth object towards the custom tcode as well.
I
Question PFCG,PFCG_TIME_DEPENDENCY&PFUD??? Question Submitted By :: Kandula.padma I also faced this Question!! Re: what is the difference between PFCG,PFCG_TIME_DEPENDENCY&PFUD??? Answer PFCG is used to create maintain # 1 and modify the roles. 2 Uma Rank Answer Posted By
PFCG_TIME_DEPENDENCY is a background job of PFUD. PFUD is used for mass user comparison but the difference
is if you set the background job daily basis it will do mass user comparison automatically
23 Yes 1 No
Re: what is the difference between PFCG,PFCG_TIME_DEPENDENCY&PFUD??? Answer PFCG is used to create maintain # 2 and modify the roles. 0 Uday Kiran
PFCG_TIME_DEPENDENCY is a background job of PFUD. PFUD is used for mass user comparison but the difference is
2 Yes 2 No
Question why fire fighter id is using in the production system ? Question Submitted By :: Keerachinnu009 I also faced this Question!! Answer Posted Rank By Re: why fire fighter id is using in the production system ? Answer Production system is the system 0 # 1 where all business
Itsgaurav151 [TCS]
transactions are done. Thus it is required to monitor if anyone is assigned to perform some critical task in the system. Therefore in order to keep a log of all activities
performed in a FF login FF id is used in production system. Dev and QA systems are less or no critical for business.
6 Yes 0 No
Re: why fire fighter id is using in the production system ? Answer these fire fighter ids are # 2 emergency ids we can use this
ids in production system because these are meant for business purpose where necessary. we can give these ids through approval.
use of T-code SE63 Question Question Submitted By :: Karthik_sesha333 I also faced this Question!! Answer Posted By Rank
Answer #1
9 Y 3 No es
Question Difference between Change Mode and Expert Mode in PFCG? Question Submitted By :: Ashee182005 I also faced this Question!! Answer Posted Rank By Re: Difference between Change Mode and Expert Mode in PFCG? Answer Change mode : If a new t-code # 1 is added to a role it will pull
the auth obj corresponding to that t-code but not any of those which was deleted by us earlier, provided that obj is not related to newly added tcode. Or we can say that change mode will compare the auth in the role for newly added t-code with su24 and and will add all the necessary objects. Expert mode : it have three options . 1. Delete all auh and create new profile- it will delete all auth data except org level and we have to create new authorizations in role corresponding to all t-codes in role. 2.Edit old status - it will give u chance to edit last
saved authorizations only, no matter if u added any t-code to role. it will not pull the auth obj for new t-code from su24. 3. Edit old status and merge with he new - this will compare the auth of all t-codes in role with the records in su24 and will pull the objects corresponding to newly added tcode as well the missing object for any other t-code present in role and was deleted earlier.The newly pulled auth objects are marked as new and old ones are marked old.The auth objects in which auth values are added/changed gets the staus updated.
Is T
Question Difference between Standard and Manual objects? Question Submitted By :: Ashee182005 I also faced this Question!! Answer Posted Rank By Re: Difference between Standard and Manual objects? Answer Standard Objects: The # 1 Authorization object pulled for
SU24 settings againast the T-Code in to the PFCG Manual Objects: Authorization objects added manually in PFCG
Question Difference between S_tcode and Menu tab transactions? Question Submitted By :: Ashee182005 I also faced this Question!! Answer Posted Rank By Re: Difference between S_tcode and Menu tab transactions? Answer S_tcode--IT IS THE 0 # 1 AUTHORIZATION OBJECT WHERE THE
Shankar
ALL TRANGACTIONS ARE RESIDE HERE. MENU TAB--WHERE WE ADDED ALL TRANZACTIONS HERE
3 Yes 2 No
Re: Difference between S_tcode and Menu tab transactions? Answer when add t-code in role 0 # 2 menu,there will authorization
check will done in SU24 and T-Code relevent A.O,field values will reflet in Profile Generator. When u add T-Code in s_tcode a.o,there will no auth.check in SU24,There is no field values reflected in PFCG.SO user is not authorized to acess this particular T-Code.
5 Yes 0 No
Karunakar
codes
1 Yes 0 No
Re: Difference between S_tcode and Menu tab transactions? Answer @ Karunakar : Yes user can # 4 access those t-codes if he/she
have all chack objects maintained in Su24 along with appropriate values in his user buffer.
Question Roles in PFCG and assign it to Users? Question Submitted By :: Ashee182005 I also faced this Question!!
Rank
Answer Posted By
Re: Red, Yellow, Green in PFCG significance? Can we generate red Roles in PFCG and assign it to Users? Answer Red-org values are not 0 Abc # 1 maintained.
Re: Red, Yellow, Green in PFCG significance? Can we generate red Roles in PFCG and assign it to Users? Answer yes we can generate red roles . 0 Abc # 2 But according to business you
will be generating where as if your practising in ides system there wont be much problem you can generate and assign to the users where as when you talk about non-ides system you need to have a proper approval with business document you cannot take a own decision to genarate and assign to the user. Thanks abc
3 Yes 0 No
Re: Red, Yellow, Green in PFCG significance? Can we generate red Roles in PFCG and assign it to Users? Answer Red : Not maintained # 3 Yellow : Partially maintained
Question used to know that which users are lockdown? Question Submitted By :: Ashee182005 I also faced this Question!!
Rank
Answer Posted By
Re: Users are lockdown from past 3 -4 months. Which table is used to know that which users are lockdown? Answer RSUSR200 0 Parthu #1
or T-code SUIM : Users -> Click on By Logon Date and password change -> Give * in user and give 90 days in No.days since last logon and check Locked users and then EXECUTE
8 Yes 1 No
Re: Users are lockdown from past 3 -4 months. Which table is used to know that which users are lockdown? Answer Use USR02 Table as below 0 Prakash #2
and execute
Last Logon Date: Date range between 3- 4 months User lock: 64,32,128
4 Yes 0 No
Re: Users are lockdown from past 3 -4 months. Which table is used to know that which users are lockdown? Answer in se16 open table usr02 and # 3 copy users with lock status
othr than 0 .then give this users in change documents and execute in that select latest date and difference between the date of execution gives no. of days users locked then select users locked for more than 90 days
In SU53 screenshot , there are missing authorization. How you come to know that these are the relevant Roles in which we have to add these objects? Decision not SUIM
Re: In SU53 screenshot , there are missing authorization. How you come to know that these are the relevant Roles in which we have to add these objects? Decision not SUIM Answer #1
We need to study the documentation of said object and its object class and include it in a role that contains related functions. This should be done consulting the key users
related to that module. Having said this, it should be properly check beforehand that indeed the missing authorization is the real reason for an authorization failure
Question Can we delete a Role and transport it?Explain How? Question Submitted By :: Ashee182005 I also faced this Question!! Answer Posted Rank By Re: Can we delete a Role and transport it?Explain How? Answer To delete a role across 0 # 1 landscapes, in dev system we
Abcsecurity
first add the role to a transport request and then delete the role in pfcg(first screen). Transport should be released and moved to QA/ PROD to ensure removal of the role from these systems.
10 Yes 0 No
Re: Can we delete a Role and transport it?Explain How? Answer To delete a role across # 2 landscapes, in dev system we
first add the role to a transport request and then delete the role in pfcg(first screen). Transport should be released and moved to QA/ PROD to ensure removal of the role from these systems.
Question Difference between SE01, SE10 & SE09? Question Submitted By :: Ashee182005 I also faced this Question!!
Rank
Answer Posted By
Re: Difference between SE01, SE10 & SE09? Answer SE09 (workbench organizer) # 1 Registration of modification 0 Ashuta
done on client independent object SE10 (customizing organizer) Registration of modification done on client specific object SE01 (Transport organizer) can do both functions of se09 and se10
Is This Answer Correct ?
1 Yes 3 No
Re: Difference between SE01, SE10 & SE09? Answer Change requests can be # 2 transportable or local.
Transportable change requests correspond to the consolidation requests in transaction SE01. Local requests are new. They can be edited in transaction SE01, but not created there. This ensures that transactions SE01 and SE09 are fully compatible. You call the initial screen of the Transport Organizer with Transaction SE09 or SE10. You can also access the request overview of the Transport Organizer from all ABAP Workbench transactions
Question If user says he dont have authorization then how to proceed? Question Submitted By :: Ashee182005 I also faced this Question!! Answer Posted Rank By Re: If user says he dont have authorization then how to proceed? Answer Simply ask him to raise a # 1 ticket asking for the required
auth along with the approval mail from concerned approver. Then based on approval mail, we have to create auth restricting to specified level using auth objects like
s_tabu_dis, s_tcode, s_tabu_cli .. and assing to that user and execute user comparison. Ask user to log off and login to find the assigned auth.
Question What do you mean by Role Remediation? Question Submitted By :: Ashee182005 I also faced this Question!!
Rank
Answer Posted By
Re: What do you mean by Role Remediation? Answer role remediation is one of the # 1 risk resolution strategy
which is used for modifying the content at rolelevel it means that we are removing the sod confilicts
Question SU25 Step6 How Roles are created through Profiles? Question Submitted By :: Ashee182005 I also faced this Question!! Answer Posted Rank By Re: SU25 Step6 How Roles are created through Profiles? Answer If you do decide to use SU25 # 1 Step 6 to convert the Manual
profiles to activity groups, you will need to watch out for the following gotchas: Naming convention (T_500yyyyy_previous name) All activity groups created before SU25 is run, are renamed to T_500yyyyy_previous name.
See OSS note 156196 for additional information and procedures to rename the activity groups back to their original names using program ZPRGN_COPY_T_RY_ARGS. Carefully review information regarding the loss of links between profiles and user master records.
Question If we delete a Role can we transport it, if yes then how? Question Submitted By :: Ashee182005 I also faced this Question!! Answer Posted Rank By Re: If we delete a Role can we transport it, if yes then how? Answer Yes, add that role to a # 1 transport request first and
then delete it from dev system. After deletion transport it to qa and prod system
stion
1).what is the diff b/w adding the tcode in s_tcode authorization object and addind the tcode inmenu tab of pfcg? 4) What is the difference between Owner, Controller and Administrator in Firefighter? 2) Can you tell me why do you use S_TABU_DIS authorization object? 3) Explain How do you restrict a particular table acces then? 5)In RAR ,What are the default Back ground Jobs? 6)Which job will update all user master records? 7)What will happen whenever we execute a t-code? 8)What is the purpose of the report RSUSR006? 9) Lets say a user is locked by admin? What value will you
see in USR02 table and in UFLAG column? 10) What will you do if the user complains that he is not able to access a t-code? 11)why we have to delete users ? 12)a. What is Direct role assignment and indirect role assignment? b. What is the process of adding a t-code to an existing role? c. If client asked you to modify a role directly in PRODUCTION for emergency? Is it possible? What you will do in that situation? d. What is the purpose of customized Transaction codes? Have you created any custom t-codes? 13)
Rank
Answer Posted By
Re: 1).what is the diff b/w adding the tcode in s_tcode authorization object and addind the tcode inmenu tab of pfcg? 4) What is the difference between Owner, Controller and Administrator in Firefighter? 2) Can you tell me why do you use S_TABU_DIS authorization object? 3) Explain How do you restrict a particular table acces then? 5)In RAR ,What are the default Back ground Jobs? 6)Which job will update all user master records? 7)What will happen whenever we execute a t-code? 8)What is the purpose of the report RSUSR006? 9) Lets say a user is locked by admin? What value will you see in USR02 table and in UFLAG column? 10) What will you do if the user complains that he is not able to access a t-code? 11)why we have to delete users ? 12)a. What is Direct role assignment and indirect role assignment? b. What is the process of adding a t-code to an existing role? c. If client asked you to modify a role directly in PRODUCTION for emergency? Is it possible? What you will do in that situation? d. What is the purpose of customized Transaction codes? Have you created any custom t-codes? 13) Answer Sorry guys in ibm i have faced 0 Ravkadi # 1 the interview for an hour and [Z-role]
in which i could not answer these questions so please give me the answers. thanks in advance rav
0 Yes 0 No
Re: 1).what is the diff b/w adding the tcode in s_tcode authorization object and addind the tcode inmenu tab of pfcg? 4) What is the difference between Owner, Controller and Administrator in Firefighter? 2) Can you tell me why do you use S_TABU_DIS authorization object? 3) Explain How do you restrict a particular table acces then? 5)In RAR ,What are the default Back ground Jobs? 6)Which job will update all user master records? 7)What will happen whenever we execute a t-code? 8)What is the purpose of the report RSUSR006? 9) Lets say a user is locked by admin? What value will you see in USR02 table and in UFLAG column? 10) What will you do if the user complains that he is not able to access a t-code? 11)why we have to delete users ? 12)a. What is Direct role assignment and indirect role assignment? b. What is the process of adding a t-code to an existing role? c. If client asked you to modify a role directly in PRODUCTION for emergency? Is it possible? What you will do in that situation? d. What is the purpose of customized Transaction codes? Have you created any custom t-codes? 13) Answer Hi Rav, 0 Karunakar # 2 This is karunakar,
As per my knowledge i am able to answer some of the questions , If you find complete answers please mail to my id m.karna99@gmail.com. 1. The difference is if you add the T code in s_tcode the user will access to that t code only , To restrict the user to specific tcode we use s_tcode. 2. We use this object to restrict the autorization groups s_tabu_dis 7. when we execute a T code , first it will check the user is having the access to that Tcode in S_TCODE, 9. If we find the value 64 in usr02 table, UFLAG field the user is locked , if the value is 0 the user is not locked. 10. If user complaints that he
is not accessed to tcode , ask the user to send his su53 report , login as user with his user id and password check his authorizations wether he has the accessed to that t-code or not, get the balck & white approval from you senior authorities and assign the missing authorizations to that t code.
2 Yes 1 No
Re: 1).what is the diff b/w adding the tcode in s_tcode authorization object and addind the tcode inmenu tab of pfcg? 4) What is the difference between Owner, Controller and Administrator in Firefighter? 2) Can you tell me why do you use S_TABU_DIS authorization object? 3) Explain How do you restrict a particular table acces then? 5)In RAR ,What are the default Back ground Jobs? 6)Which job will update all user master records? 7)What will happen whenever we execute a t-code? 8)What is the purpose of the report RSUSR006? 9) Lets say a user is locked by admin? What value will you see in USR02 table and in UFLAG column? 10) What will you do if the user complains that he is not able to access a t-code? 11)why we have to delete users ? 12)a. What is Direct role assignment and indirect role assignment? b. What is the process of adding a t-code to an existing role? c. If client asked you to modify a role directly in PRODUCTION for emergency? Is it possible? What you will do in that situation? d. What is the purpose of customized Transaction codes? Have you created any custom t-codes? 13) Answer ).what is the diff b/w adding # 3 the tcode in s_tcode
authorization object and addind the tcode inmenu tab of pfcg? When you add Tcode in S_tcode, assign that role to user. and try to login, you will see
that you have access to transaction but you cannot see the name and desc in SAP User menu 4) What is the difference between Owner, Controller and Administrator in Firefighter? Owner: persson responsible for FF id Controller: Check what activity done by the particulcar id Adminisrtra: Admin work( Ex: lock/unlock or Check logs ) 2) Can you tell me why do you use S_TABU_DIS authorization object? You can use this authorization object to limit users access authorization users with authorization for the se16 transaction (that is, for all Data Dictionary objects) can only access data of the table entries defined using this authorization object. You can also deny system administrators specific access to application data, for example. As soon as you have set up this authorization object, you can edit or change only the table entries for which corresponding authorization has been granted explicitly by S_TABU_DIS.
3) Explain How do you restrict a particular table acces then? TABU_DIS _CLNT
6)Which job will update all user master records? PFUD,PFCG_TIME_DEPENDNCY 7)What will happen whenever we execute a t-code? a system program makes various checks to ensure that the user has the appropriate authorization. Is the transaction code valid? (table TSTC check). Is the transaction locked by the system administrator? (table TSTC check). Is the user authorized to call the transaction? The authorization object S_TCODE (call transaction) contains the field TCD (transaction code). The user must have an authorization with a value for the
8)What is the purpose of the report RSUSR006? Report RSUSR006 provides a list of all users that have been locked as a result of entering incorrect password in the system. 9) Lets say a user is locked by admin? What value will you see in USR02 table and in UFLAG column? SE16N-USR02 Wecan find the value 64 in usr02 table, UFLAG field the user is locked , if the value is 0 the user is not locked 10) What will you do if the user complains that he is not able to access a t-code? Check that if he has access to that TCODE Report SU53 11)why we have to delete users ? Its a two question , its
depends upon the process that if we have to delete the user or not. As per my understanding we can lock the user and not-used (in logon tab ). 12)a. What is Direct role assignment and indirect role assignment? Direct assignment - SU01 Assign role Indirect assignment - ORg level and Postion level( HR system PO13-BOO7 sttribute) b. What is the process of adding a t-code to an existing role? Execute the t_code PFCG and select what ever the role you have then edit. In the menu tab Click on transaction. Then add the t_code for the role. Base on the requirement manage the authorization. (Check in the authorization TAB) c. If client asked you to modify a role directly in
PRODUCTION for emergency? Is it possible? What you will do in that situation? It is not recommended as per SAP Standard. Depends upon the critcal issue of the customer.
d. What is the purpose of customized Transaction codes? Have you created any custom t-codes? Go to SE93 transaction code. Enter the transaction code (Z or Y transaction code Double-click the program which has been associated with the transaction code. Click Find button in the program screen. This will display all the strings that have Auth included. Find out the lines that display Authority check statement and identify the authorization object. Note: You can double-click on the line to view the specific lines in the program.Enter auth in the Find text box, select In main program option and click Execute. Incase, if you dont find any authorization objects, check for the string Transaction instead of Auth When the program is calling
another transaction, follow the steps mentioned below: Double-click the transaction code in the main program. Click Find button. Enter auth as the string and look for the authorization objects associated. Record the list of authorization objects that are used by the call-in transaction code and ensure to include all of them in the current role. Parameter transaction codes Tables in the SAP environment are treated as critical and hence direct maintenance is not allowed in the production systems using SM30 or SM31 transaction codes. When a custom table (Z or Y table) requires periodic modification by the business, a Z transaction code is created, which is controlled via a parameter transaction, which will call SM30 or SM31 internally and skips the initial screen, or the application program. They are further protected by an authorization group. The same will be maintained using S_TABU_DIS, and S_TABU_LIN objects. Identifying the authorization group (S_TABU_DIS) When the custom transaction code is a parameter transaction, the authorization
group for table should be added to the role. Below are the steps which will help you to identify the authorization group: Go to SE93, and enter the tcode. Scroll down and copy the view name:
Question How to transport a T-code into Production? Question Submitted By :: Ravkadi I also faced this Question!!
Rank
Answer Posted By
0 2 Yes 2 No
Anishi Kuma
Re: How to transport a T-code into Production? Answer as per my knowledge we can not # 2 transport the t code
directly , we have to create a role add the t code to that role and transport that role to production through stms, please correct me if i am wrong
Question what is the difference between copied and derived role? Question Submitted By :: Jyoti I also faced this Question!! Rank Answer Posted
By Re: what is the difference between copied and derived role? Answer We can get org.levels from 0 # 1 copied role.But we can't get
Sunil Reddy
Re: what is the difference between copied and derived role? Answer copied role we get the all the 0 # 2 t codes and org levels what
Karunakar
ever we copied from role , we can make changes in both roles one will never effect another , Derived role , we get the t codes but we did not get the org levels we have to maintain according to the requirement , we can not make changes in derive role we have to make changes in master role at the time of generation we will get one option adjust derive role . please correct me if i am wrong
2 Yes 0 No
Answer Copied Role: In this is just we # 3 copy the role from existing
role but in further any changes in the role is not effect to copied Role. Derived Role: It also derived from Parent Role (already existed)to a child role(derived role) after that when we make changes in parent role changes will effect to derived role that's why instead of role copy we prefer the derived concept.
Answer #1
Re: where do you find the manually added tcodes in role tables. Deepak Go to agr_1251 0 Popalkar table and
check the field value of Column "whether object is" select status "Manually" and since this question is to check for
manually added tcodes in roles so put object S_TCODE and its corresponding value TCD as any tcode for which you want to check it.
Is This Answer Correct ?
3 Y 0 No es
Re: where do you find the manually added tcodes in role tables. Answer #2
suim roles by authorization values give s_tcode enter particular fields give tcode execute
Question what is SOD? Question Submitted By :: Naresh Nelluri I also faced this Question!!
Rank
Answer Posted By
Naresh Nelluri
positions.
3 Yes 3 No
Re: what is SOD? Answer SOD stands for segregation of # 2 duties. 0 Krishna
It is a primary internal control to prevent the risk, identify a problem and take corrective action. It is achieved by assuring that no single user has control over all phases of business transactions. E.G.: The staff who creates a purchase order must not approve the same, there must be a different person to approve that.
15 Yes 0 No
Re: what is SOD? Answer It is an activity which is # 3 carried to determined who can
Question what is diff b/w su01 and su10? Question Submitted By :: Naresh Nelluri I also faced this Question!!
Rank
Answer Posted By
Re: what is diff b/w su01 and su10? Answer su01 is the we can maitain # 1 address tab. 0 Naresh Nelluri
su10 is we cannot maintain address tab. 2.su01 is reset the pwd is possible. but su10 we cannot maintain reset the pwd. 3.su01 is maintain personalization tab. su10 doesn't maintan personalization tab.
1 Yes 4 No
Re: what is diff b/w su01 and su10? Answer SU01 is the tcode for # 2 maintaining the user master 0 Krishna
record for a single user where as while using SU10 we can maintain user master record for many users. In SU01 we can maintian address, logon data, defaults, parameters, roles, profiles, groups, presentational and the license data for only a single user.
In SU10 we can maintain logon data, defaults, parameters, roles and profiles for several users. we can select the users based on address data and/or authorization data.
8 Yes 0 No
Re: what is diff b/w su01 and su10? Answer su01 is use to create single # 3 user
Question how to resolve role conflict Question Submitted By :: Sapbsreddy I also faced this Question!!
Rank
Answer Posted By
Re: how to resolve role conflict Answer Role conflict can be rsolved by # 1 SOD (GRC CC tool).
Question what is the use of CUA? Question Submitted By :: Ravi I also faced this Question!!
By Re: what is the use of CUA? Answer CUA: Central User # 1 Administration 0 Karun
1.Using CUA, U can reset the password globaly ( Means: in single shot u can reset the password for all child systems or individuval system also reset the password through CUA) 2.No password reset tag in individuval systems 3.Using CUA, U Can unlock and lock the users. 4.Using CUA, U Can assign the roles to particular system 5.Using CUA, U Can add to particular user
7 Yes 0 No
systems
Re: what is the use of CUA? Answer The advantage of administering # 2 assignments centrally is
that you no longer need to log onto each system in order to make system-specific assignments of roles and profiles,it is all managed at one location in the central system.
Question what is the rule set in GRC? Question Submitted By :: Ravi I also faced this Question!!
Rank
Answer Posted By
Re: what is the rule set in GRC? Answer Global Rule Set #1 5 Yes
Is This Answer Correct ?
Venu
5 No
Re: what is the rule set in GRC? Answer Collection of rules is nothing # 2 but rule set. There is a
Question what is use of su56? Question Submitted By :: Ravi I also faced this Question!!
Rank
Answer Posted By
Re: what is use of su56? Answer Displays the current users # 1 Authorization Profiles 0 C. Sugg
available ti the ID. Can also be used to reset their User buffer to pick up new roles and authorizations.
3 Yes 1 No
Re: what is use of su56? Answer Displayed the authorization # 2 data for the user
Question what is use of derived roles and where it is used? Question Submitted By :: Ravi I also faced this Question!! Answer Posted Rank By Re: what is use of derived roles and where it is used? Answer 1.U can change the Org # 1 (Eg:Company code,Business area, 0 Karun
Plant ... etc) values in Derived roles only. 2.Derived role have authorization Tab, in composite role no authorization tab.
4 Yes 4 No
Re: what is use of derived roles and where it is used? Answer The role menus are identical # 2 but the authorizations for the 0 Mani
menu actions are different in the derived role. The menu and authorizations of the derived role are identical, but the organizational levels are different in the derived role.
1 Yes 4 No
Re: what is use of derived roles and where it is used? Answer Derived roles are also called # 3 as Child Roles and Master
Roles are called as Parent Roles. Derived Roles refers to the roles that already exist. As name indicates Derived roles are derived from other role (Master Role). Derived ROles inherits the menu structure and functions included (transactions, reports, Weblinks and so on) from the role referenced. The default authorization values of the derived role are that of the inherited role. The Org Levels are to be maintained in the derived Role
Question how do we test security systems.what is the use of SU56 Question Submitted By :: Saraali I also faced this Question!! Answer Posted Rank By Re: how do we test security systems.what is the use of SU56 Answer Through Tcode SU56 ,We will 0 # 1 check the users buffer
Badal
4 Yes 0 No
Re: how do we test security systems.what is the use of SU56 Answer reset the user buffer and we # 2 are reset other user buffer
also
Question ST01, SUIM and ST22 Question Submitted By :: Udikiran@gmail.com I also faced this Question!!
Rank
Answer Posted By
Re: what Troubleshooting we get these transactions like SU53, ST01, SUIM and ST22 Answer SU53: Will give the screen shot # 1 last missing authorization
of the details for the user ID ST01: Some times SU53 will be wrong, using ST01 will perform the trace activity will check for authorization checks for user ID SUIM: This will used to pull out the authorization reports usually, we will use this tcode by analyzing the out put results of SU53 and ST01 and will be inputs for SUIM to pull out authorization reports
two company codes ex 1001,1002 and two users ,one user need to access both company codes and another user need to access Question only one company code need to access by giving same role (one role ) to both of them.how can give access or restrict company codes in one role?
Rank
Answer Posted By
Re: two company codes ex 1001,1002 and two users ,one user need to access both company codes and another user need to access only one company code need to access by giving same role (one role ) to both of them.how can give access or restrict company codes in one role? Answer Both users give different # 1 role.Give access or restrict
through Derived role.Always remember ORG value put in Derived role and Object vale in Master Role
Question how?
Rank
Answer Posted By
Re: Can we set any password limitations/exceptions in SAP? If yes, how? Answer There are many parameters anda # 1 table to manage password
limitations and exceptions. login/password_expiration_time login/min_password_lng login/failed_user_auto_unlock login/min_password_digits login/min_password_letters login/min_password_diff login/password_max_new_valid login/password_max_reset_valid and Table USR40 to insert
password exceptions
Question what is the difference between se16 and se16n ? Question Submitted By :: C.vamshikri I also faced this Question!! Answer Posted Rank By Re: what is the difference between se16 and se16n ? Answer SE16 and SE16N both # 1 transactions works same I mean 0 Deepak
use for table display. SE16N is new version of SE16. Difference could be display setting.So its my advice better execute both transactions then only you will come to know. So try it.
4 Yes 6 No
Re: what is the difference between se16 and se16n ? Answer Hi, #2 0 PrabhuGanesh
SE16 - SAPLSETB - Data Browser SE16N - RK_SE16N - General Table Display SE16: ** SE16 is a data browse and it is used to view the contents of the table and we cannot change or append new fields to the existing structure of the table as we cannot view the structure level
display using the SE16 . SE16N: ** The transaction code SE16N (general table display) is an improved version of the old data browser (SE16). It has been around for some time, but is not widely known amongst consultants and end users of SAP. It looks a bit different to the old data browser functionality (SE16). ** Once you have entered your table name, type "&SAP_EDIT" without the quotation marks into the transaction code. This enables editing functionality on SE16N and allows you to make table changes. This allows you to access both configuration and data tables which may be otherwise locked in a production environment. ** Whilst this may appear to be a short cut and allow you to access a back door which is normally shut, this hidden feature should be used with caution in any SAP client especially a live or production system. New Features of SE16N: ** The new transaction has a number of distinct advantages over SE16. ** You no longer have a maximum of 40 fields to select in the output.
** There are fewer steps involved in executing a number of functions, whether it be outputting the results, maintaining the values in a table etc. ** Exporting the data into Excel is far easier and quicker ** ALV functionality is available as standard ** The user is not restricted by having a maximum width of 1023 saved as a default in the user settings. Limitations of SE16N: **You can only output one table at a time. If you wish to output more than one table you can use the available reporting tools or the QuickViewer (transaction code SQVI) functionality within SAP. Cheers Friends, Prabhu.S
8 Yes 1 No
Re: what is the difference between se16 and se16n ? Answer Mr. Prabhu explain a complete # 3 list of the difeerences , I
It is possible to find all changes executed by transaction SE16N on the following tables: SE16N_CD_KEY -> Table Display: Change Documents Header SE16N_CD_DATA - > Table Display: Change Documents Data There is a new security note that block the function &SAp_edit note CO-OM tools: SE16N: Deactivating &SAP_EDIT
Question how v Check SOD conflicts through VRAT Question Submitted By :: Surekha.ks I also faced this Question!!
Rank
Answer Posted By
Re: how v Check SOD conflicts through VRAT Answer First execute the tcode # 1 versa/Zvrat, in that we are 0 Satya Prasad
enterning user name in user field and the roles which ever we want to add to the user and click on the simulation mode. It checks whether there is any conflicts or not. If we got any conflicts then we have to mitigate. After mitigating we can assign all roles to the user. After that we need to execute the simlation mode. same as above.
1 Yes 2 No
Re: how v Check SOD conflicts through VRAT Answer 1.Goto : /n/virsa/zvrat -> # 2 execute (F8)
2.Select Roles check box -> Copy all( Parent and derived roles) roles in role box. 3.Checked the check box: Mitigating Controls 4.Click the Simulate tab 5.Here U got one Popup window. 6.Here Click the Transaction box (Enter all tcodes) 7.Checked the check box: Risks from Simulation Only 8.Execute (F8)
uestion
whts the differents between SoX ,SoD??????wht kind of work Sox do as wel .....SoD do? whts is virsa??????? and VRAT,,,,VFAT,, how it workin security.
Rank
Answer Posted By
Re: whts the differents between SoX ,SoD??????wht kind of work Sox do as wel .....SoD do? whts is virsa??????? and VRAT,,,,VFAT,, how it workin security. Answer SoX - refer to Sarbanes OXley 0 Aichik_am # 1 act in the earlier 2000+-.
Where it impact all US companies either they operated in US or outside (on other countries). Some people think
this act is significant, after fall down of big companies such as Enron etc.. SoD - refer to Segregation of Duties. Basically one person cannot have access to the whole process. The task need to be segregated so that there is check and balance. VIRSA - is one of third party tools used to check for SoX compliance in a company. Other then this, there are also other product such as APPROVA and SecurInfo. Nowadays VIRSA have been brougt by SAP, and rebrand it as GRC (Governance, Risk and Control).
4 Yes 0 No
Re: whts the differents between SoX ,SoD??????wht kind of work Sox do as wel .....SoD do? whts is virsa??????? and VRAT,,,,VFAT,, how it workin security. Answer Segaration of duty, as a # 2 security principle, has as its
primary objective the prevention of fraud and errors. This objective is achieved by disseminating the tasks and associated privileges for a specific business process among multiple users. This principle is demonstrated in the traditional example of
separation of duty found in the requirement of two signatures on a cheque.With the concept of SoD, business critical duties can be categorized into four types of functions: authorization, custody, record keeping, and reconciliation.