Top mnc standards basis interview question and answers
Q.What is difference between 4.7, ECC 5 and ECC6 from SAP Security point of view?
Ans: SAP GRC which is a security tool can be implemented only to ECC 5.0 and ECC 6.0 but not to the 4.7EE. SAP 4.7 is an ABAP based system, here we can see only about R/3 security. SAP ECC5.0 and SAP ECC6.0 included both ABAP + JAVA stacks, means enterprise portal also included here we can have both R/3 security for ABAP stack and JAVA stack security which includes in portal concept(Enterprise Portal Security). SAP GRC which is a security tool can be implemented only to ECC 5.0 and ECC 6.0 but not to the 4.7EE.
Q.What do you mean by profile and object?
Ans: Well, profile is a authorization profile and where as object can be an authorization class or authorization object or field and value. So, to make up a profile it requires several objects More precisely profile is set of different authorizations for different objects. It means when you create role and go for generating profile whatever the list of transactions you have added in role menu its corresponding objects automatically fetch up by profile generator. For which transaction which objects get fetch up this you can check using SU24 tcode only objects with check/maintain status get fetch up by profile generator during profile generation. And for better understanding you just keep in mind for every tcode there are certain set of objects. And Each objects has different fields and its value is called its value i.e. 01, 02, 03 create, change, display respectively.
For more at SAP BASIS Online training in Hyderabad
Q.What is the profile?
Ans: Profile is what a user can do within that role that is assigned to the user. When a role is created; a profile is created based on the authorization data i.e. object class, authorization object, filed and values. The word “profile” is used in 2 different concepts. 1) Authorization Profiles 2) System Profiles Authorization Profile:This profile is the one created when a role is created and is called as authorization profile. System Profile: This profile exists to change the parameters for the instances…
Q.I want a list of users along with roles for a client? How to do it?
Ans: We can use tcode se16 in it AGR_USERS uname: enter the user ids and AGRname: role name Youcan get in SUIM also.
Q.In an environment of derived roles; a user is asking for a t-code; which is not found in suimin search of roles? What will u do?
Ans:
- Check if the tcode exists or not.
- Try to search the role with S_tcode and then putting the tcode in “roles by complex selection criteria”
- You should at least get SAP standard role which should not be assigned.
So after doing all these you are not able to find any end user role available in system. Next step is the proposal of adding the tcode to a suitable role. as it’s a derived role envi — -> need to add the tcode in template / parent role Take approval from BPR/role owner for role modification. They will decide which parent role to change. Change role in Dev and transport to rest of the sys in landscape
Q.Can u secure profiles? If so , how to do it ?
Ans: Yes you can. Secure Profile S_User_PRF
Q.I want to lock all the users except sap* and DDIC of a particular client ?
Ans: SU10 F4 on user id field Change the hit list restriction according to users present Enter It will bring all available users Remove SAP* and DDIC from list Select all and enter It will bring u back to SU10 With all users except SAP* and DDIC Select all Lock it will lock your user also (OR) We can do it by ewz5
Q.I want to delete 1000 users of a particular client, how can I do it?
Ans: You can create a SECATT script to delete the users which is easy to create and easy to execute. You can also delete users of a particular client by using t-code su10.
Q.Can u tell me some of the password related parameters ?
Ans: Password related parameters are: login/min_password_lng (Defines minimum length for password) login/min_password_digits login/password_expiration_time These are the main parameters — which can be maintained via RZ10 (OR) You can go to t-code se16 Write login/* and enter … then u will get all login parameters Here there is no need of remembering
Q.How can I assign a same role to 200 users?
Ans: You can do using PFCG- > enter the role -> change -> go to users tab -> paste the users -> click on user comparison-> complete comparison -> Save the role — it’s done (OR) One can also use “Authorization Data” functionality in transaction SU10 to complete this task.
Q.A user is asking for a t-code to assign? How do you assign the t-code?
Ans: First we have to check if user has access to particular tcode. If not then run suim with roles by complex selection criteria →put object1 as S_tcode as the required tcode and hit execute button. The query will fetch you a result of roles. Select a role that has minimum authorization and satisfy the user requirement. And assign the role to user.
Q.A user is not able to execute a t-code; how do you solve that? What are the different reasons that might be existing?
Ans: Reason:
- Tcode does not exist
- User context missing auth for that tcode
- User comparison is not current
How to solve: 1.check if the user is having the tcode or not. by SUIM → role by complex selection criteria
- if the tcode is not assigned to user →assign suiatablle role after taking approval. Make sure to user
compare to update the user master record 3.if the tcode is available for the user and user still cant access → ask for result of SU53 screen shot, there might be some other authorization which is missing for the user 4.we can also trace the user’s auth check by use of st01 fine searching user’s missing access by analyzing st01 report and rc.
For more at SAP BASIS Online training
Q.What is difference between se16 and sm31?
Ans: SE16: table display SM31: table, view modification
Q.What are the authorization objects which are always present in user master record?
Ans: For user master record as u must be knowing that different tabs of UMR..So as per my understanding As UMR stores information of users…Like his name, roles assigned to him, License data. Objects which are always present for UMR are: S_USER_AGR, S_USER_GRP,S_USER_AUT,S_USER_PRO and each of this object has its own importance… bcoz S_USER_AGR helps to maintain roles assigned, S_USER_GRP helps to maintain Auth. group in Logon Data and S_USER_AUT AND S_USER_PRO helps to maintain set of Auth. profiles and different Authorizations included in each profile.
Q.What is use of System Task Tab on menu bar in PFCG?
Ans: Role creation, change and delete.
Q.How can we Lock transaction? What happens exactly?
Ans: In SM01 transaction we can lock the transactions; we can lock one or many at a time in the system. After locking transactions, it won’t allow any body to use the transaction. (OR) SM01 transaction can use to lock the transactions; we can lock one or many at a time in the system. When a user starts a transaction, the system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
Q.What is Use of SM35P and SM35 is there any difference between these two?
Ans: Tcode SM35P use to display/monitor sessions. Using Tcode SM35 you the run/process the sessions in background or foreground.
Q.Is there any transaction to see Transport Log.? Means, Which data or roles have been transported from which system at what time?
Ans: SE01 transaction is use to see Transport Log. By clicking tab “DISPLAY” you can able to see the logs. You can also see the roles or data has been transported from which system at what time.
For more at SAP BASIS Online training in India