November 22, 2012

SAP BASIS INTERVIEW QUESTIONS & ANSWERS 1




SAP BASIS INTERVIEW QUESTIONS & ANSWERS :-


1) What is difference between 4.7, ECC 5 and ECC6 from SAP Security point of view?
 SAP GRC which is a security tool can be implemented only to ECC 5.0 and ECC 6.0 but not to the 4.7EE.
SAP 4.7 is an ABAP based system, here we can see only about R/3 security.
 
SAP ECC5.0 and SAP ECC6.0 included both ABAP + JAVA stacks, means enterprise portal also 
included here we can have both R/3 security for ABAP stack and JAVA stack security which includes in 
portal concept(Enterprise Portal Security).
 
SAP GRC which is a security tool can be implemented only to ECC 5.0 and ECC 6.0 but not to the 4.7EE.
 
2) What do you mean by profile and object?
 Well, profile is a authorization profile and where as object can be an authorization class or authorization 
 object or field and value. So, to make up a profile it requires several objects.....
 
More precisely profile is set of different authorizations for different objects. It means when you create role 
and go for generating profile whatever the list of transactions you have added in role menu its corresponding
objects automatically fetch up by profile generator. For which transaction which objects get fetch up this you
can check using SU24 tcode only objects with check/maintain status get fetch up by profile generator during 
profile generation. And for better understanding you just keep in mind for every tcode there are certain set of
objects. And Each objects has different fields and its value is called its value i.e. 01, 02, 03 create, change, 
display respectively.

 3) What is the profile?
 Profile is what a user can do within that role that is assigned to the user.
 When a role is created; a profile is created based on the authorization data i.e. object class, authorization 
 object, filed and values.
 The word "profile" is used in 2 different concepts.
 
1) Authorization Profiles
2) System Profiles
 
Authorization Profile:This profile is the one created when a role is created and is called as 
authorization profile.
System Profile: This profile exists to change the parameters for the instances...

4) I want a list of users along with roles for a client? How to do it?
 We can use tcode se16 in it AGR_USERS  uname: enter the user ids and AGRname: role name
 Youcan get in SUIM also.
 
5) In an environment of derived roles; a user is asking for a t-code; which is not found in suim 
in search of roles? What will u do?
1. Check if the tcode exists or not.
2. Try to search the role with S_tcode and then putting the tcode in "roles by complex selection criteria"
3. You should at least get SAP standard role which should not be assigned.

So after doing all these you are not able to find any end user role available in system.
Next step is the proposal of adding the tcode to a suitable role.
as it's a derived role envi---> need to add the tcode in template / parent role
Take approval from BPR/role owner for role modification. They will decide which parent role to change.
Change role [by adding the tcode] in Dev and transport to rest of the sys in landscape
 
6) Can u secure profiles? If so , how to do it ?
Yes you can. Secure Profile S_User_PRF
 
7)  I want to lock all the users except sap* and DDIC of a particular client ?
SU10
F4 on user id field
Change the hit list restriction according to users present
Enter
It will bring all available users
Remove SAP* and DDIC from list
Select all and enter
It will bring u back to SU10
With all users except SAP* and DDIC
Select all 
Lock
it will lock your user also
               (OR)
We can do it by ewz5

8) I want to delete 1000 users of a particular client, how can I do it?
You can create a SECATT script to delete the users which is easy to create and easy to execute.
You can also delete users of a particular client by using t-code su10.

9) Can u tell me some of the password related parameters ?
Password related parameters are:
login/min_password_lng (Defines minimum length for password)
login/min_password_digits
login/password_expiration_time
 
These are the main parameters - which can be maintained via RZ10
               (OR)
You can go to t-code se16
Write login/* and enter ... then u will get all login parameters
Here there is no need of remembering
 
10)  How can I assign a same role to 200 users?
You can do using PFCG- > enter the role -> change -> go to users tab -> paste the users -> click on user 
comparison-> complete comparison -> Save the role - it's done
               (OR)
One can also use "Authorization Data" functionality in transaction SU10 to complete this task.

1 comment: