How to create a custom T-code tell me the procedure How to add an authorization object for that custom t-code

If any authorization object has been modified in SU24, how it will be effected in the system? Question If u has issue like add one AO in 50 roles what would u do? (If all 50 are single roles)? What is rule? What kind of reports does perform at the R3 level?

Question Submitted By :: Vasu3311 I also faced this Question!!

Rank

Answer Posted By

Re: How to create a custom T-code tell me the procedure How to add an authorization object for that custom t-code If any authorization object has been modified in SU24, how it will be effected in the system? If u has issue like add one AO in 50 roles what would u do? (If all 50 are single roles)? What is rule? What kind of reports does perform at the R3 level? Answer 1) Using SE93 tcode, we can # 1 create the custom code,

Normally ABAP or Functional team will create custom T-Code and will associate Reports or Table. 2)Using SU24, you can maintain auth object towards the custom tcode as well.
I

Question PFCG,PFCG_TIME_DEPENDENCY&PFUD??? Question Submitted By :: Kandula.padma I also faced this Question!! Re: what is the difference between PFCG,PFCG_TIME_DEPENDENCY&PFUD??? Answer PFCG is used to create maintain # 1 and modify the roles. 2 Uma Rank Answer Posted By

what is the difference between

PFCG_TIME_DEPENDENCY is a background job of PFUD. PFUD is used for mass user comparison but the difference

is if you set the background job daily basis it will do mass user comparison automatically
23 Yes 1 No

Is This Answer Correct ?

Re: what is the difference between PFCG,PFCG_TIME_DEPENDENCY&PFUD??? Answer PFCG is used to create maintain # 2 and modify the roles. 0 Uday Kiran

PFCG_TIME_DEPENDENCY is a background job of PFUD. PFUD is used for mass user comparison but the difference is
2 Yes 2 No

Is This Answer Correct ?

Question why fire fighter id is using in the production system ? Question Submitted By :: Keerachinnu009 I also faced this Question!! Answer Posted Rank By Re: why fire fighter id is using in the production system ? Answer Production system is the system 0 # 1 where all business

Itsgaurav151 [TCS]

transactions are done. Thus it is required to monitor if anyone is assigned to perform some critical task in the system. Therefore in order to keep a log of all activities

performed in a FF login FF id is used in production system. Dev and QA systems are less or no critical for business.
6 Yes 0 No

Is This Answer Correct ?

Re: why fire fighter id is using in the production system ? Answer these fire fighter ids are # 2 emergency ids we can use this

ids in production system because these are meant for business purpose where necessary. we can give these ids through approval.

use of T-code SE63 Question Question Submitted By :: Karthik_sesha333 I also faced this Question!! Answer Posted By Rank

Answer #1

Re: use of T-code SE63 4 Karthik_sesha333 To change

the short description of the role

Is This Answer Correct ?

9 Y 3 No es

Re: use of T-code SE63 Answer #2

For translation of initial screen

Question Difference between Change Mode and Expert Mode in PFCG? Question Submitted By :: Ashee182005 I also faced this Question!! Answer Posted Rank By Re: Difference between Change Mode and Expert Mode in PFCG? Answer Change mode : If a new t-code # 1 is added to a role it will pull

the auth obj corresponding to that t-code but not any of those which was deleted by us earlier, provided that obj is not related to newly added tcode. Or we can say that change mode will compare the auth in the role for newly added t-code with su24 and and will add all the necessary objects. Expert mode : it have three options . 1. Delete all auh and create new profile- it will delete all auth data except org level and we have to create new authorizations in role corresponding to all t-codes in role. 2.Edit old status - it will give u chance to edit last

saved authorizations only, no matter if u added any t-code to role. it will not pull the auth obj for new t-code from su24. 3. Edit old status and merge with he new - this will compare the auth of all t-codes in role with the records in su24 and will pull the objects corresponding to newly added tcode as well the missing object for any other t-code present in role and was deleted earlier.The newly pulled auth objects are marked as new and old ones are marked old.The auth objects in which auth values are added/changed gets the staus updated.
Is T

Question Difference between Standard and Manual objects? Question Submitted By :: Ashee182005 I also faced this Question!! Answer Posted Rank By Re: Difference between Standard and Manual objects? Answer Standard Objects: The # 1 Authorization object pulled for

SU24 settings againast the T-Code in to the PFCG Manual Objects: Authorization objects added manually in PFCG

Question Difference between S_tcode and Menu tab transactions? Question Submitted By :: Ashee182005 I also faced this Question!! Answer Posted Rank By Re: Difference between S_tcode and Menu tab transactions? Answer S_tcode--IT IS THE 0 # 1 AUTHORIZATION OBJECT WHERE THE

Shankar

ALL TRANGACTIONS ARE RESIDE HERE. MENU TAB--WHERE WE ADDED ALL TRANZACTIONS HERE
3 Yes 2 No

Is This Answer Correct ?

Re: Difference between S_tcode and Menu tab transactions? Answer when add t-code in role 0 # 2 menu,there will authorization

check will done in SU24 and T-Code relevent A.O,field values will reflet in Profile Generator. When u add T-Code in s_tcode a.o,there will no auth.check in SU24,There is no field values reflected in PFCG.SO user is not authorized to acess this particular T-Code.
5 Yes 0 No

Sree4grc [L&T INFOTECH]

Is This Answer Correct ?

Re: Difference between S_tcode and Menu tab transactions?

Answer sree # 3 user can access to those T-

Karunakar

codes
1 Yes 0 No

Is This Answer Correct ?

Re: Difference between S_tcode and Menu tab transactions? Answer @ Karunakar : Yes user can # 4 access those t-codes if he/she

have all chack objects maintained in Su24 along with appropriate values in his user buffer.

Question Roles in PFCG and assign it to Users? Question Submitted By :: Ashee182005 I also faced this Question!!

Red, Yellow, Green in PFCG significance? Can we generate red

Rank

Answer Posted By

Re: Red, Yellow, Green in PFCG significance? Can we generate red Roles in PFCG and assign it to Users? Answer Red-org values are not 0 Abc # 1 maintained.

Yellow-partially maintained. Green-full authorization. thanks abc

4 Yes 0 No

Is This Answer Correct ?

Re: Red, Yellow, Green in PFCG significance? Can we generate red Roles in PFCG and assign it to Users? Answer yes we can generate red roles . 0 Abc # 2 But according to business you

will be generating where as if your practising in ides system there wont be much problem you can generate and assign to the users where as when you talk about non-ides system you need to have a proper approval with business document you cannot take a own decision to genarate and assign to the user. Thanks abc
3 Yes 0 No

Is This Answer Correct ?

Re: Red, Yellow, Green in PFCG significance? Can we generate red Roles in PFCG and assign it to Users? Answer Red : Not maintained # 3 Yellow : Partially maintained

Green : Fully maintained

Question used to know that which users are lockdown? Question Submitted By :: Ashee182005 I also faced this Question!!

Users are lockdown from past 3 -4 months. Which table is

Rank

Answer Posted By

Re: Users are lockdown from past 3 -4 months. Which table is used to know that which users are lockdown? Answer RSUSR200 0 Parthu #1

or T-code SUIM : Users -> Click on By Logon Date and password change -> Give * in user and give 90 days in No.days since last logon and check Locked users and then EXECUTE
8 Yes 1 No

Is This Answer Correct ?

Re: Users are lockdown from past 3 -4 months. Which table is used to know that which users are lockdown? Answer Use USR02 Table as below 0 Prakash #2

SE16 -> USR02

and execute

Last Logon Date: Date range between 3- 4 months User lock: 64,32,128
4 Yes 0 No

Is This Answer Correct ?

Re: Users are lockdown from past 3 -4 months. Which table is used to know that which users are lockdown? Answer in se16 open table usr02 and # 3 copy users with lock status

othr than 0 .then give this users in change documents and execute in that select latest date and difference between the date of execution gives no. of days users locked then select users locked for more than 90 days

Question Question Submitted By :: Ashee182005

In SU53 screenshot , there are missing authorization. How you come to know that these are the relevant Roles in which we have to add these objects? Decision not SUIM

I also faced this Question!!

Answer Rank Posted By

Re: In SU53 screenshot , there are missing authorization. How you come to know that these are the relevant Roles in which we have to add these objects? Decision not SUIM Answer #1

We need to study the documentation of said object and its object class and include it in a role that contains related functions. This should be done consulting the key users

related to that module. Having said this, it should be properly check beforehand that indeed the missing authorization is the real reason for an authorization failure

Question Can we delete a Role and transport it?Explain How? Question Submitted By :: Ashee182005 I also faced this Question!! Answer Posted Rank By Re: Can we delete a Role and transport it?Explain How? Answer To delete a role across 0 # 1 landscapes, in dev system we

Abcsecurity

first add the role to a transport request and then delete the role in pfcg(first screen). Transport should be released and moved to QA/ PROD to ensure removal of the role from these systems.

Is This Answer Correct ?

10 Yes 0 No

Re: Can we delete a Role and transport it?Explain How? Answer To delete a role across # 2 landscapes, in dev system we

first add the role to a transport request and then delete the role in pfcg(first screen). Transport should be released and moved to QA/ PROD to ensure removal of the role from these systems.

Question Difference between SE01, SE10 & SE09? Question Submitted By :: Ashee182005 I also faced this Question!!

Rank

Answer Posted By

Re: Difference between SE01, SE10 & SE09? Answer SE09 (workbench organizer) # 1 Registration of modification 0 Ashuta

done on client independent object SE10 (customizing organizer) Registration of modification done on client specific object SE01 (Transport organizer) can do both functions of se09 and se10
Is This Answer Correct ?

1 Yes 3 No

Re: Difference between SE01, SE10 & SE09? Answer Change requests can be # 2 transportable or local.

Transportable change requests correspond to the consolidation requests in transaction SE01. Local requests are new. They can be edited in transaction SE01, but not created there. This ensures that transactions SE01 and SE09 are fully compatible. You call the initial screen of the Transport Organizer with Transaction SE09 or SE10. You can also access the request overview of the Transport Organizer from all ABAP Workbench transactions

Question If user says he dont have authorization then how to proceed? Question Submitted By :: Ashee182005 I also faced this Question!! Answer Posted Rank By Re: If user says he dont have authorization then how to proceed? Answer Simply ask him to raise a # 1 ticket asking for the required

auth along with the approval mail from concerned approver. Then based on approval mail, we have to create auth restricting to specified level using auth objects like

s_tabu_dis, s_tcode, s_tabu_cli .. and assing to that user and execute user comparison. Ask user to log off and login to find the assigned auth.

Question What do you mean by Role Remediation? Question Submitted By :: Ashee182005 I also faced this Question!!

Rank

Answer Posted By

Re: What do you mean by Role Remediation? Answer role remediation is one of the # 1 risk resolution strategy

which is used for modifying the content at rolelevel it means that we are removing the sod confilicts

Question SU25 Step6 How Roles are created through Profiles? Question Submitted By :: Ashee182005 I also faced this Question!! Answer Posted Rank By Re: SU25 Step6 How Roles are created through Profiles? Answer If you do decide to use SU25 # 1 Step 6 to convert the Manual

profiles to activity groups, you will need to watch out for the following gotchas: Naming convention (T_500yyyyy_previous name) All activity groups created before SU25 is run, are renamed to T_500yyyyy_previous name.

See OSS note 156196 for additional information and procedures to rename the activity groups back to their original names using program ZPRGN_COPY_T_RY_ARGS. Carefully review information regarding the loss of links between profiles and user master records.

Question If we delete a Role can we transport it, if yes then how? Question Submitted By :: Ashee182005 I also faced this Question!! Answer Posted Rank By Re: If we delete a Role can we transport it, if yes then how? Answer Yes, add that role to a # 1 transport request first and

then delete it from dev system. After deletion transport it to qa and prod system

stion

1).what is the diff b/w adding the tcode in s_tcode authorization object and addind the tcode inmenu tab of pfcg? 4) What is the difference between Owner, Controller and Administrator in Firefighter? 2) Can you tell me why do you use S_TABU_DIS authorization object? 3) Explain How do you restrict a particular table acces then? 5)In RAR ,What are the default Back ground Jobs? 6)Which job will update all user master records? 7)What will happen whenever we execute a t-code? 8)What is the purpose of the report RSUSR006? 9) Lets say a user is locked by admin? What value will you

see in USR02 table and in UFLAG column? 10) What will you do if the user complains that he is not able to access a t-code? 11)why we have to delete users ? 12)a. What is Direct role assignment and indirect role assignment? b. What is the process of adding a t-code to an existing role? c. If client asked you to modify a role directly in PRODUCTION for emergency? Is it possible? What you will do in that situation? d. What is the purpose of customized Transaction codes? Have you created any custom t-codes? 13)

Question Submitted By :: Ravkadi I also faced this Question!!

Rank

Answer Posted By

Re: 1).what is the diff b/w adding the tcode in s_tcode authorization object and addind the tcode inmenu tab of pfcg? 4) What is the difference between Owner, Controller and Administrator in Firefighter? 2) Can you tell me why do you use S_TABU_DIS authorization object? 3) Explain How do you restrict a particular table acces then? 5)In RAR ,What are the default Back ground Jobs? 6)Which job will update all user master records? 7)What will happen whenever we execute a t-code? 8)What is the purpose of the report RSUSR006? 9) Lets say a user is locked by admin? What value will you see in USR02 table and in UFLAG column? 10) What will you do if the user complains that he is not able to access a t-code? 11)why we have to delete users ? 12)a. What is Direct role assignment and indirect role assignment? b. What is the process of adding a t-code to an existing role? c. If client asked you to modify a role directly in PRODUCTION for emergency? Is it possible? What you will do in that situation? d. What is the purpose of customized Transaction codes? Have you created any custom t-codes? 13) Answer Sorry guys in ibm i have faced 0 Ravkadi # 1 the interview for an hour and [Z-role]

in which i could not answer these questions so please give me the answers. thanks in advance rav
0 Yes 0 No

Is This Answer Correct ?

Re: 1).what is the diff b/w adding the tcode in s_tcode authorization object and addind the tcode inmenu tab of pfcg? 4) What is the difference between Owner, Controller and Administrator in Firefighter? 2) Can you tell me why do you use S_TABU_DIS authorization object? 3) Explain How do you restrict a particular table acces then? 5)In RAR ,What are the default Back ground Jobs? 6)Which job will update all user master records? 7)What will happen whenever we execute a t-code? 8)What is the purpose of the report RSUSR006? 9) Lets say a user is locked by admin? What value will you see in USR02 table and in UFLAG column? 10) What will you do if the user complains that he is not able to access a t-code? 11)why we have to delete users ? 12)a. What is Direct role assignment and indirect role assignment? b. What is the process of adding a t-code to an existing role? c. If client asked you to modify a role directly in PRODUCTION for emergency? Is it possible? What you will do in that situation? d. What is the purpose of customized Transaction codes? Have you created any custom t-codes? 13) Answer Hi Rav, 0 Karunakar # 2 This is karunakar,

As per my knowledge i am able to answer some of the questions , If you find complete answers please mail to my id m.karna99@gmail.com. 1. The difference is if you add the T code in s_tcode the user will access to that t code only , To restrict the user to specific tcode we use s_tcode. 2. We use this object to restrict the autorization groups s_tabu_dis 7. when we execute a T code , first it will check the user is having the access to that Tcode in S_TCODE, 9. If we find the value 64 in usr02 table, UFLAG field the user is locked , if the value is 0 the user is not locked. 10. If user complaints that he

is not accessed to tcode , ask the user to send his su53 report , login as user with his user id and password check his authorizations wether he has the accessed to that t-code or not, get the balck & white approval from you senior authorities and assign the missing authorizations to that t code.
2 Yes 1 No

Is This Answer Correct ?

Re: 1).what is the diff b/w adding the tcode in s_tcode authorization object and addind the tcode inmenu tab of pfcg? 4) What is the difference between Owner, Controller and Administrator in Firefighter? 2) Can you tell me why do you use S_TABU_DIS authorization object? 3) Explain How do you restrict a particular table acces then? 5)In RAR ,What are the default Back ground Jobs? 6)Which job will update all user master records? 7)What will happen whenever we execute a t-code? 8)What is the purpose of the report RSUSR006? 9) Lets say a user is locked by admin? What value will you see in USR02 table and in UFLAG column? 10) What will you do if the user complains that he is not able to access a t-code? 11)why we have to delete users ? 12)a. What is Direct role assignment and indirect role assignment? b. What is the process of adding a t-code to an existing role? c. If client asked you to modify a role directly in PRODUCTION for emergency? Is it possible? What you will do in that situation? d. What is the purpose of customized Transaction codes? Have you created any custom t-codes? 13) Answer ).what is the diff b/w adding # 3 the tcode in s_tcode

authorization object and addind the tcode inmenu tab of pfcg? When you add Tcode in S_tcode, assign that role to user. and try to login, you will see

that you have access to transaction but you cannot see the name and desc in SAP User menu 4) What is the difference between Owner, Controller and Administrator in Firefighter? Owner: persson responsible for FF id Controller: Check what activity done by the particulcar id Adminisrtra: Admin work( Ex: lock/unlock or Check logs ) 2) Can you tell me why do you use S_TABU_DIS authorization object? You can use this authorization object to limit users access authorization users with authorization for the se16 transaction (that is, for all Data Dictionary objects) can only access data of the table entries defined using this authorization object. You can also deny system administrators specific access to application data, for example. As soon as you have set up this authorization object, you can edit or change only the table entries for which corresponding authorization has been granted explicitly by S_TABU_DIS.

3) Explain How do you restrict a particular table acces then? TABU_DIS _CLNT

6)Which job will update all user master records? PFUD,PFCG_TIME_DEPENDNCY 7)What will happen whenever we execute a t-code? a system program makes various checks to ensure that the user has the appropriate authorization. Is the transaction code valid? (table TSTC check). Is the transaction locked by the system administrator? (table TSTC check). Is the user authorized to call the transaction? The authorization object S_TCODE (call transaction) contains the field TCD (transaction code). The user must have an authorization with a value for the

selected transaction code.

8)What is the purpose of the report RSUSR006? Report RSUSR006 provides a list of all users that have been locked as a result of entering incorrect password in the system. 9) Lets say a user is locked by admin? What value will you see in USR02 table and in UFLAG column? SE16N-USR02 Wecan find the value 64 in usr02 table, UFLAG field the user is locked , if the value is 0 the user is not locked 10) What will you do if the user complains that he is not able to access a t-code? Check that if he has access to that TCODE Report SU53 11)why we have to delete users ? Its a two question , its

depends upon the process that if we have to delete the user or not. As per my understanding we can lock the user and not-used (in logon tab ). 12)a. What is Direct role assignment and indirect role assignment? Direct assignment - SU01 Assign role Indirect assignment - ORg level and Postion level( HR system PO13-BOO7 sttribute) b. What is the process of adding a t-code to an existing role? Execute the t_code PFCG and select what ever the role you have then edit. In the menu tab Click on transaction. Then add the t_code for the role. Base on the requirement manage the authorization. (Check in the authorization TAB) c. If client asked you to modify a role directly in

PRODUCTION for emergency? Is it possible? What you will do in that situation? It is not recommended as per SAP Standard. Depends upon the critcal issue of the customer.

d. What is the purpose of customized Transaction codes? Have you created any custom t-codes? Go to SE93 transaction code. Enter the transaction code (Z or Y transaction code Double-click the program which has been associated with the transaction code. Click Find button in the program screen. This will display all the strings that have Auth included. Find out the lines that display Authority check statement and identify the authorization object. Note: You can double-click on the line to view the specific lines in the program.Enter auth in the Find text box, select In main program option and click Execute. Incase, if you dont find any authorization objects, check for the string Transaction instead of Auth When the program is calling

another transaction, follow the steps mentioned below: Double-click the transaction code in the main program. Click Find button. Enter auth as the string and look for the authorization objects associated. Record the list of authorization objects that are used by the call-in transaction code and ensure to include all of them in the current role. Parameter transaction codes Tables in the SAP environment are treated as critical and hence direct maintenance is not allowed in the production systems using SM30 or SM31 transaction codes. When a custom table (Z or Y table) requires periodic modification by the business, a Z transaction code is created, which is controlled via a parameter transaction, which will call SM30 or SM31 internally and skips the initial screen, or the application program. They are further protected by an authorization group. The same will be maintained using S_TABU_DIS, and S_TABU_LIN objects. Identifying the authorization group (S_TABU_DIS) When the custom transaction code is a parameter transaction, the authorization

group for table should be added to the role. Below are the steps which will help you to identify the authorization group: Go to SE93, and enter the tcode. Scroll down and copy the view name:

Question How to transport a T-code into Production? Question Submitted By :: Ravkadi I also faced this Question!!

Rank

Answer Posted By

Re: How to transport a T-code into Production? Answer tcode:STMS #1

Is This Answer Correct ?

0 2 Yes 2 No

Anishi Kuma

Re: How to transport a T-code into Production? Answer as per my knowledge we can not # 2 transport the t code

directly , we have to create a role add the t code to that role and transport that role to production through stms, please correct me if i am wrong

Question what is the difference between copied and derived role? Question Submitted By :: Jyoti I also faced this Question!! Rank Answer Posted

By Re: what is the difference between copied and derived role? Answer We can get org.levels from 0 # 1 copied role.But we can't get

Sunil Reddy

org.levels from the derived roles

3 Yes 1 No

Is This Answer Correct ?

Re: what is the difference between copied and derived role? Answer copied role we get the all the 0 # 2 t codes and org levels what

Karunakar

ever we copied from role , we can make changes in both roles one will never effect another , Derived role , we get the t codes but we did not get the org levels we have to maintain according to the requirement , we can not make changes in derive role we have to make changes in master role at the time of generation we will get one option adjust derive role . please correct me if i am wrong
2 Yes 0 No

Is This Answer Correct ?

Re: what is the difference between copied and derived role?

Answer Copied Role: In this is just we # 3 copy the role from existing

role but in further any changes in the role is not effect to copied Role. Derived Role: It also derived from Parent Role (already existed)to a child role(derived role) after that when we make changes in parent role changes will effect to derived role that's why instead of role copy we prefer the derived concept.

Question Question Submitted By :: Jyoti

where do you find the manually added tcodes in role tables.

I also faced this Question!!

Answer Rank Posted By

Answer #1

Re: where do you find the manually added tcodes in role tables. Deepak Go to agr_1251 0 Popalkar table and

check the field value of Column "whether object is" select status "Manually" and since this question is to check for

manually added tcodes in roles so put object S_TCODE and its corresponding value TCD as any tcode for which you want to check it.
Is This Answer Correct ?

3 Y 0 No es

Re: where do you find the manually added tcodes in role tables. Answer #2

suim roles by authorization values give s_tcode enter particular fields give tcode execute

Question what is SOD? Question Submitted By :: Naresh Nelluri I also faced this Question!!

Rank

Answer Posted By

Re: what is SOD?

Answer SOD is nothing but roles and # 1 responsibulites along with

Naresh Nelluri

positions.
3 Yes 3 No

Is This Answer Correct ?

Re: what is SOD? Answer SOD stands for segregation of # 2 duties. 0 Krishna

It is a primary internal control to prevent the risk, identify a problem and take corrective action. It is achieved by assuring that no single user has control over all phases of business transactions. E.G.: The staff who creates a purchase order must not approve the same, there must be a different person to approve that.
15 Yes 0 No

Is This Answer Correct ?

Re: what is SOD? Answer It is an activity which is # 3 carried to determined who can

do what and up to what extend,

Question what is diff b/w su01 and su10? Question Submitted By :: Naresh Nelluri I also faced this Question!!

Rank

Answer Posted By

Re: what is diff b/w su01 and su10? Answer su01 is the we can maitain # 1 address tab. 0 Naresh Nelluri

su10 is we cannot maintain address tab. 2.su01 is reset the pwd is possible. but su10 we cannot maintain reset the pwd. 3.su01 is maintain personalization tab. su10 doesn't maintan personalization tab.
1 Yes 4 No

Is This Answer Correct ?

Re: what is diff b/w su01 and su10? Answer SU01 is the tcode for # 2 maintaining the user master 0 Krishna

record for a single user where as while using SU10 we can maintain user master record for many users. In SU01 we can maintian address, logon data, defaults, parameters, roles, profiles, groups, presentational and the license data for only a single user.

In SU10 we can maintain logon data, defaults, parameters, roles and profiles for several users. we can select the users based on address data and/or authorization data.
8 Yes 0 No

Is This Answer Correct ?

Re: what is diff b/w su01 and su10? Answer su01 is use to create single # 3 user

susssssss su10 mass user creation

Question how to resolve role conflict Question Submitted By :: Sapbsreddy I also faced this Question!!

Rank

Answer Posted By

Re: how to resolve role conflict Answer Role conflict can be rsolved by # 1 SOD (GRC CC tool).

Question what is the use of CUA? Question Submitted By :: Ravi I also faced this Question!!

Rank Answer Posted

By Re: what is the use of CUA? Answer CUA: Central User # 1 Administration 0 Karun

1.Using CUA, U can reset the password globaly ( Means: in single shot u can reset the password for all child systems or individuval system also reset the password through CUA) 2.No password reset tag in individuval systems 3.Using CUA, U Can unlock and lock the users. 4.Using CUA, U Can assign the roles to particular system 5.Using CUA, U Can add to particular user
7 Yes 0 No

systems

Is This Answer Correct ?

Re: what is the use of CUA? Answer The advantage of administering # 2 assignments centrally is

that you no longer need to log onto each system in order to make system-specific assignments of roles and profiles,it is all managed at one location in the central system.

Question what is the rule set in GRC? Question Submitted By :: Ravi I also faced this Question!!

Rank

Answer Posted By

Re: what is the rule set in GRC? Answer Global Rule Set #1 5 Yes
Is This Answer Correct ?

Venu

5 No

Re: what is the rule set in GRC? Answer Collection of rules is nothing # 2 but rule set. There is a

default rule set in GRC called Global Rule Set.

Question what is use of su56? Question Submitted By :: Ravi I also faced this Question!!

Rank

Answer Posted By

Re: what is use of su56? Answer Displays the current users # 1 Authorization Profiles 0 C. Sugg

available ti the ID. Can also be used to reset their User buffer to pick up new roles and authorizations.
3 Yes 1 No

Is This Answer Correct ?

Re: what is use of su56? Answer Displayed the authorization # 2 data for the user

Question what is use of derived roles and where it is used? Question Submitted By :: Ravi I also faced this Question!! Answer Posted Rank By Re: what is use of derived roles and where it is used? Answer 1.U can change the Org # 1 (Eg:Company code,Business area, 0 Karun

Plant ... etc) values in Derived roles only. 2.Derived role have authorization Tab, in composite role no authorization tab.
4 Yes 4 No

Is This Answer Correct ?

Re: what is use of derived roles and where it is used? Answer The role menus are identical # 2 but the authorizations for the 0 Mani

menu actions are different in the derived role. The menu and authorizations of the derived role are identical, but the organizational levels are different in the derived role.

Is This Answer Correct ?

1 Yes 4 No

Re: what is use of derived roles and where it is used? Answer Derived roles are also called # 3 as Child Roles and Master

Roles are called as Parent Roles. Derived Roles refers to the roles that already exist. As name indicates Derived roles are derived from other role (Master Role). Derived ROles inherits the menu structure and functions included (transactions, reports, Weblinks and so on) from the role referenced. The default authorization values of the derived role are that of the inherited role. The Org Levels are to be maintained in the derived Role
Question how do we test security systems.what is the use of SU56 Question Submitted By :: Saraali I also faced this Question!! Answer Posted Rank By Re: how do we test security systems.what is the use of SU56 Answer Through Tcode SU56 ,We will 0 # 1 check the users buffer

Badal

Is This Answer Correct ?

4 Yes 0 No

Re: how do we test security systems.what is the use of SU56 Answer reset the user buffer and we # 2 are reset other user buffer

also

Question ST01, SUIM and ST22 Question Submitted By :: Udikiran@gmail.com I also faced this Question!!

what Troubleshooting we get these transactions like SU53,

Rank

Answer Posted By

Re: what Troubleshooting we get these transactions like SU53, ST01, SUIM and ST22 Answer SU53: Will give the screen shot # 1 last missing authorization

of the details for the user ID ST01: Some times SU53 will be wrong, using ST01 will perform the trace activity will check for authorization checks for user ID SUIM: This will used to pull out the authorization reports usually, we will use this tcode by analyzing the out put results of SU53 and ST01 and will be inputs for SUIM to pull out authorization reports

two company codes ex 1001,1002 and two users ,one user need to access both company codes and another user need to access Question only one company code need to access by giving same role (one role ) to both of them.how can give access or restrict company codes in one role?

Question Submitted By :: Nani.hi I also faced this Question!!

Rank

Answer Posted By

Re: two company codes ex 1001,1002 and two users ,one user need to access both company codes and another user need to access only one company code need to access by giving same role (one role ) to both of them.how can give access or restrict company codes in one role? Answer Both users give different # 1 role.Give access or restrict

through Derived role.Always remember ORG value put in Derived role and Object vale in Master Role

Question how?

Can we set any password limitations/exceptions in SAP? If yes,

Question Submitted By :: Shravansudini I also faced this Question!!

Rank

Answer Posted By

Re: Can we set any password limitations/exceptions in SAP? If yes, how? Answer There are many parameters anda # 1 table to manage password

limitations and exceptions. login/password_expiration_time login/min_password_lng login/failed_user_auto_unlock login/min_password_digits login/min_password_letters login/min_password_diff login/password_max_new_valid login/password_max_reset_valid and Table USR40 to insert

password exceptions

Question what is the difference between se16 and se16n ? Question Submitted By :: C.vamshikri I also faced this Question!! Answer Posted Rank By Re: what is the difference between se16 and se16n ? Answer SE16 and SE16N both # 1 transactions works same I mean 0 Deepak

use for table display. SE16N is new version of SE16. Difference could be display setting.So its my advice better execute both transactions then only you will come to know. So try it.
4 Yes 6 No

Is This Answer Correct ?

Re: what is the difference between se16 and se16n ? Answer Hi, #2 0 PrabhuGanesh

SE16 - SAPLSETB - Data Browser SE16N - RK_SE16N - General Table Display SE16: ** SE16 is a data browse and it is used to view the contents of the table and we cannot change or append new fields to the existing structure of the table as we cannot view the structure level

display using the SE16 . SE16N: ** The transaction code SE16N (general table display) is an improved version of the old data browser (SE16). It has been around for some time, but is not widely known amongst consultants and end users of SAP. It looks a bit different to the old data browser functionality (SE16). ** Once you have entered your table name, type "&SAP_EDIT" without the quotation marks into the transaction code. This enables editing functionality on SE16N and allows you to make table changes. This allows you to access both configuration and data tables which may be otherwise locked in a production environment. ** Whilst this may appear to be a short cut and allow you to access a back door which is normally shut, this hidden feature should be used with caution in any SAP client especially a live or production system. New Features of SE16N: ** The new transaction has a number of distinct advantages over SE16. ** You no longer have a maximum of 40 fields to select in the output.

** There are fewer steps involved in executing a number of functions, whether it be outputting the results, maintaining the values in a table etc. ** Exporting the data into Excel is far easier and quicker ** ALV functionality is available as standard ** The user is not restricted by having a maximum width of 1023 saved as a default in the user settings. Limitations of SE16N: **You can only output one table at a time. If you wish to output more than one table you can use the available reporting tools or the QuickViewer (transaction code SQVI) functionality within SAP. Cheers Friends, Prabhu.S
8 Yes 1 No

Is This Answer Correct ?

Re: what is the difference between se16 and se16n ? Answer Mr. Prabhu explain a complete # 3 list of the difeerences , I

want only add the following information:

It is possible to find all changes executed by transaction SE16N on the following tables: SE16N_CD_KEY -> Table Display: Change Documents Header SE16N_CD_DATA - > Table Display: Change Documents Data There is a new security note that block the function &SAp_edit note CO-OM tools: SE16N: Deactivating &SAP_EDIT

Question how v Check SOD conflicts through VRAT Question Submitted By :: Surekha.ks I also faced this Question!!

Rank

Answer Posted By

Re: how v Check SOD conflicts through VRAT Answer First execute the tcode # 1 versa/Zvrat, in that we are 0 Satya Prasad

enterning user name in user field and the roles which ever we want to add to the user and click on the simulation mode. It checks whether there is any conflicts or not. If we got any conflicts then we have to mitigate. After mitigating we can assign all roles to the user. After that we need to execute the simlation mode. same as above.

Is This Answer Correct ?

1 Yes 2 No

Re: how v Check SOD conflicts through VRAT Answer 1.Goto : /n/virsa/zvrat -> # 2 execute (F8)

2.Select Roles check box -> Copy all( Parent and derived roles) roles in role box. 3.Checked the check box: Mitigating Controls 4.Click the Simulate tab 5.Here U got one Popup window. 6.Here Click the Transaction box (Enter all tcodes) 7.Checked the check box: Risks from Simulation Only 8.Execute (F8)

uestion

whts the differents between SoX ,SoD??????wht kind of work Sox do as wel .....SoD do? whts is virsa??????? and VRAT,,,,VFAT,, how it workin security.

Question Submitted By :: Surekha.ks I also faced this Question!!

Rank

Answer Posted By

Re: whts the differents between SoX ,SoD??????wht kind of work Sox do as wel .....SoD do? whts is virsa??????? and VRAT,,,,VFAT,, how it workin security. Answer SoX - refer to Sarbanes OXley 0 Aichik_am # 1 act in the earlier 2000+-.

Where it impact all US companies either they operated in US or outside (on other countries). Some people think

this act is significant, after fall down of big companies such as Enron etc.. SoD - refer to Segregation of Duties. Basically one person cannot have access to the whole process. The task need to be segregated so that there is check and balance. VIRSA - is one of third party tools used to check for SoX compliance in a company. Other then this, there are also other product such as APPROVA and SecurInfo. Nowadays VIRSA have been brougt by SAP, and rebrand it as GRC (Governance, Risk and Control).
4 Yes 0 No

Is This Answer Correct ?

Re: whts the differents between SoX ,SoD??????wht kind of work Sox do as wel .....SoD do? whts is virsa??????? and VRAT,,,,VFAT,, how it workin security. Answer Segaration of duty, as a # 2 security principle, has as its

primary objective the prevention of fraud and errors. This objective is achieved by disseminating the tasks and associated privileges for a specific business process among multiple users. This principle is demonstrated in the traditional example of

separation of duty found in the requirement of two signatures on a cheque.With the concept of SoD, business critical duties can be categorized into four types of functions: authorization, custody, record keeping, and reconciliation.