May 28, 2016



Q) If we add org level elements in a master role will it reflect in child role and how AGR_1252 will act as a barrier ?

Org level elements does not effect in child roles.AGR_1252 show the information of Org.values related to role.

Q) How to do mass user to role assignment using SECATT, will u use SU01 or SU10 ? Explain why you will use SU10 not SU01 ?

We can assign role to mass users using SU10. We can do the same with SECATT.

Q) Can SU10 can be used for mass password reset ? Why not ?

Password reset option not available in SU10 for mass user maintenance

Q) If you want to reset the password for say 100 users in Production how will you do ?

We can use SAP GUI scripts or SECATT to do it.

Q) Explain Steps 2A and 2B in SU25 ? 

2A -->This compares the Profile Generator data from the previous release with the data for the current release. New default values are written in the customer tables for the Profile Generator. You only need to perform a manual adjustment later (in step 2B) for transactions in which you changed the settings for check indicators and field values. You can also display a list of the roles to be checked (step 2C).

2B-->If you have made changes to the check indicators or field values in transaction “SU24”, you can compare these with the new SAP defaults.
You can see the values delivered by SAP and the values that you changed next to each other, and can make an adjustment, if desired. You can assign the check indicators and field values by double-clicking the relevant line.

Q) What is the difference between Derived Role & Copy Role ? Can't we just do a copy instead of deriving it when both have the same characteristics or inputs or functions ?

Derived role: Derived role inherits all properties from Master role. It means all authorizations. If u made any changes in master role it will reflect in child role but not vice versa. We can't add any authorizations in derived role. But we can maintain org levels.

Copy role: Copying role means creating a role same as from existing role. It’s name should be changed. There is no relation between existing role and copied role.

Q) What is the difference between PFCG, PFCG_TIME_DEPENDENCY & PFUD ?

PFCG is used to create maintain and modify the roles.
PFCG_TIME_DEPENDENCY is a background job of PFUD.
PFUD is used for mass user comparison but the difference is if you set the background job daily basis it will do mass user comparison automatically

Q) What does the Profile Generator do ?

We can create roles, transport, copy, download, modifications, and these entire things done from PFCG t-Code.

Q) What is the main purpose of Parameters, Groups & Personalization Tabs ?

parameters: when ever user want some defaults values when ever he/she execute the t-code we can maintain some pid's by taking help of abapers.
Group: based on user roles and responsibilities security admin can assign to particular    group.
Personalization: this data provides by sap itself based on t-codes which are maintained at menu tab.

Q)   Purpose of Miniapps in PFCG ?

Using mini apps we can add some third party functionality

Q) What happens to change documents when they are transported to the production system ?

Change documents cannot be displayed in transaction 'SUIM' after they are transported to the production system because we do not have the 'before input' method for the transport. This means that if changes are made, the 'USR10' table is filled with the current values and writes the old values to the 'USH10' table beforehand.

The difference between both tables is then calculated and the value for the change documents is determined as a result. However, this does not work when change documents are transported to the production system. The 'USR10' table is automatically filled with the current values for the transport and there is no option for filling the 'USH10' table in advance (for the history) because we do not have a 'before input' method to fill the 'USH10' table in advance for the transport.

Q) What do you know about LSMW ?

LSMW is used for creating large number of user at a time.

Q) Difference between SU22 and SU24 ?

SU22: is maintained standard t-codes and their standard authorization object (USOBX and USOBT).
SU24: here we can maintain customer related t-code and their authorization objects (USOBX_C and USOBT_C).

Q) What is the landscape of GRC ?

GRC landscape is development and production.

Q) What is the difference between Template role & Derive role ?

Template role: it is provided by sap itself.
Derived role: a role which is derived from a master role it can inherit the menu structure t-codes and all but it can’t inherit the organization level, here we can maintain organization levels only.

No comments:

Post a Comment