SAP BASIS INTERVIEW QUESTIONS & ANSWERS :-
1) How do I assign roles to a specific group, not to a specific user, and apply the roles to all users in that group? This particular group has four users?
Go to suim,enter the user group name in user by complex selection criteria, execute user's list,execute su10 enter list of user's and assign role to them
2) What is fire fighter? When we are using fire fighter?
Fire Fighter is used if you have implemented Virsa/GRC
Fire Fighter is Virsa tool, this used to execute critical tcode when doing configuration
Fire fighter is also a normal user ID but having some specific access [Say Su01 or SAP_ALL] as per the needs. User type is kept as "service user'
When it is used: Say, in your project you are security administrator who
Does not have access to direct SU01 but you needs the access urgently.
Then FFID owner/administrator assigns you a FFID for limited period so that you can perform the task from your login ID and pwd, using tcode /n/virsa/vfat and login with that FFID.
While logging you will be prompted to give business reason for access.
Everything you perform in that period [Using FFID]gets recorded for auditing.
3) I need to give authorization to a user to su01 tcode but the delete options should not work..i.e. the user should be able to Create, disp, change etc but not delete on su01. How cam i do this?
delete the 06 activity from s_user_grp,
4) What are the components in VIRSA tool and GRC?
In GRC we have these tools:
Access Enforcer
Complaince Caliber
Role expert
Fire Fighter
In VERAS Tool we have: VRAT and VFAT
5) How to create new authorization object?
Using SU21 we can create the New Authorization Object
6) Can anyone tell me what the use of SU24 and SU25 transaction code is exactly?
SU25: A transaction that copies SAP defaults from USBOT & USOBX to USOBT_C and USOBX_C.
USOBT is a table that consists of transactions and authorization objects. It stores default values of authorization from authorization objects.
USOBX is a table that defines the necessary authorization checks that needs to be performed within a transaction.
Initially both tables USOBT and USOBX consist of default values. These two tables are then used for fill up of the customer tables USBOT_C and USOBT_X through the transaction SU25.
SU24: A transaction that maintains the assignment of authorization objects in the customer tables USOBT_C and USOBX_C.
7) What is the difference b/w Copy Roles and Derived Roles?
In derived role, all the transactions of parent role r copied but not the org structure and auth. and we can’t add more transactions in derived role.
In copy roles all the transactions with auth are copied
8) What is temp role and copy role?
Temp role: - it is the sap standard role, which is defined by sap.
Copy role: - copy from an existing role is copy role.
9) How to transport roles?
1. Create a transport request in SE10.
2. PFCG - please specify the role name - press the transport button(truck icon).
*** In case of multiple roles, go to utilities-mass transport**
3. There will be three info screens. Give tick mark.
4. Give the transport request number, which you created in SE10.
5. Press ok.
6. To confirm the changes, go to se10 and see your request number, right click and verify the roles are attached.
10) What are various user types?
Dialog (A)
System (B)
Communication (C)
Service (S)
Reference (L)
Dialog users are used for individual user. Check for expired/initial passwords.Possible to change your own password. Check for multiple dialog logon
A Service user - Only user administrators can change the password.No check for expired/initial passwords. Multiple logon permitted
System users are not capable of interaction and are used to perform certain system activities, such as background processing, ALE, Workflow, and so on.
A Reference user is, like a System user, a general, non-personally related, user. Additional authorizations can be assigned within the system using a reference user. A reference user for additional rights can be assigned for every user in the Roles tab.