Thursday 5 February 2015

Interview Questions - Part 3 - SAP Security Audit Guidelines

11.Please explain the personalization tab within a role.
Personalization is a way to save information that could be common to users, I meant to a user role...  E.g. you can create SAP queries and manage authorizations by user groups. Now this information can be stored in the personalization tab of the role.  (I supposed that it is a way for SAP to address his ambiguity of its concept of user group and roles: is "usergroup" a grouping of people sharing the same access or is it the role who is the grouping of people sharing the same access)

12.Is there a table for authorizations where I can quickly see the values entered in a group of fields?
In particular I am looking to find the field values for P_ORGIN across a number of authorization profiles, without having to drill down on each profile and authorization.
AGR_1251 will give you some reasonable info.

13.How can I do a mass delete of the roles without deleting the new roles ?
There is a SAP delivered report that you can copy, remove the system type check and run. To do a landscape with delete, enter the roles to be deleted in a transport, run the delete program or manually delete and then release the transport and import them into all clients and systems.
It is called: AGR_DELETE_ALL_ACTIVITY_GROUPS.
To used it, you need to tweak/debug & replace the code as it has a check that ensure it is deleting SAP delivered roles only. Once you get past that little bit, it works well.

14.Someone has deleted users in our system, and I am eager to find out who. Is there a table where this is logged?
Debug or use RSUSR100 to find the info's.
Run transaction SUIM and down its Change documents.

15.How to insert missing authorization?
su53 is the best transaction with which we can find the missing authorizations.and we can insert those missing authorization through pfcg.
More Questions & Answers :-

No comments:

Post a Comment