IBM: 1. What are the daily roles which u performs in your company? a) Handle tickets regarding authorisations issues.

2. What is the difference between role and profile? A) Role is a container that has transactions reports and web links. Profile contains is generated by pfcg automatically contains authorisations. 3. What is the difference between su22 and su24? a) SU22 displays and updates the values in tables USOBT and USOBX, while SU24 does the same in tables USOBT_C and USOBX_C. The _C stands for Customer. The profile generator gets its data from the _C tables. In the USOBT and USOBX tables, the values are the SAP standard values as shown in SU24. With SU25 one can (initially) transfer the USOBT values to the USOBT_C table. 4. How can you create authorization objects and authorization fields? a) We can create authorization fields by su20 and we can create authorisation objects using su21 and we can add authorisation fields and assign permitted values to authorization fields. 5. How can you assign transactions for authorization objects? a) Using su24 we can add authorization objects to transactions. 6. What are the user types in R/3 security? a) Dialog, Service, system, communication, reference users. 7. What is the ticketing tool used in your company? remedy - own tickets which are assigned to me by team lead. accepted-hold-fixed-closed 8. Explain the request process which is done by end user with security consultant? a) When ever end user got problem, he calls to help desk and give the info regarding issue. The help desk team will rise a ticket for the issue and send it to the security team. Team lead distributes the tickets to his team members and the team members resolve the ticket by taking info from the end user if required. After solving the ticket we send a confirm mail to end user to check the issue solved and request end user to replay confirmation mail to close the ticket. 9. What is the difference between master role and derived role? a) Derived role inherits the menu structure from master role. We cannot change the menu in derived role. We can maintain authorisations and different org. values in derived role; we can add authorisation objects directly in derived roles. 10. what is the transactions for profile parameters? a) RZ11 to display profile parameters and RZ10 for edit instance and default profiles. 11. In authorization data, why the colour will changes to red to yellow, yellow to green? a) red-not maintained org. values, yellow-missing authorisation fields, green-maintained auth. fields. 12. Can we create standard authorization objects or customized auth objects? a) We can create standard and customised auth. objects. 13. Explain about the missing authorization? a) By su53 we can find missing authorizations of a particular transaction 14. Which are the critical requests in your daily job routines? 15. If you have large number of users to assign how will u do user comparison? A) We can assign large no of user by pfcg and we can do user comparison by PFUD

16. What are the standard profiles? a) SAP_ALL, SAP_NEW. 17. What are the standard authorization objects? 18. What is the difference between sap_all & sap_new? a) sap_all contains all sap standard authorisations delivered by sap, sap_new contains authorisation of sap new releases. 19. What will you do after going to company? a) Check mails in outlook and responds to mails for action required, check ticketing tool for the new tickets and resolve the new and pending tickets if any. 20. Can we create profile parameters manually? a) yes- su25 21. What is the difference between the composite role & the derived role? a) in composite role we cannot maintain authorisations and org. values. in derive role we can maintain authorisations and org. values. 22. What is meant by authorization group? SAP delivered tables with predefined assignments to authorisation groups. The assignments are defined in table TDDAT, checked auth. object S_TABU_DIS and field DICBERCLS for Auth. group names and ACTVT for kind activity permitted on table. This is to avoid users to access tables using general access tool such as SM30, SE16. SE54 to display/create/assign authorisation group to a table. 23.If all the users in a systems are locked including your's, how can you perform the tasks? a) reset pw for sap* user. Delete from sap<SID>.usr02 where bname='sap*' and MANDT='001'; now login with sap* and pw:pass 24.Do you have any parameters to shutdown the system? 25.What is the report which is used to find list of logon users in system? RSUSR000 for list users logon, RSUSR200-RSUSR006 for login date and PW change. 26.what is the difference between system user & service user? system user cannot login from GUI. service user can logon from GUI. 27.what is the table for user master data? USR01 28.What are the security policies used in SAP? -user authentication security policy.(PW rules, monitor un auth. logon) -Authorisation protection security policy.(auth check and maintain, pfcg, auth info system-SU53, trace toolsst01) -auditing and login security policy.(sm19,sm20- general system audit, users & auth audit, repository & table audit) -Integrity protection policy. -proof of obligation. -privacy protection policy. 29. What is the difference between implementation and support? A) In implementation we will create and maintain the users and roles as per the project requirement. in support we will give the support to the end users for smooth running daily business process by solving the authentication and authorisation issues. 30. In pfcg transaction on menu tab you didn't give the transaction, what would u see in authorization data?

a) First a pop window asking to choose template from SAP standard profiles. if we not selected any template then it show only role name and description of role. 31. In small companies if u have no CUA system, how will u create the users? a) We will create users directly in system. 32. End user hit the transaction 10 times, but he has no authorization of that transaction, missing authorizations of 10 times hit transaction? a) By su53 33. What are the security transactions that are used in your roles? SU01, SU10, SUIM, PFCG, SU21, SU24, SU20, SCAT 34. Difference between usobx_c(authorisation proposal flags which contain the authorization objects) & usobt_c(authorisation proposal data which contain the authorization data which are relevant for trn)? 35. How can u find the expired user's list? (RSUSR200) 36.Diff between master role & composite role? In composite role no auth maintain and menu read from various role added to it. 37. which type of user is used to set the background jobs? a) System user.(SAPCPIC) 38. What are the SOD rules? SOD(Segregation of Duties) rules are the standard rules framed for the segregation duties without any risk because of conflicts between relevant functions in a company . 39.can we create the manually profiles? su02 b) can we create profile parameters manually? Yes by su25 40.what are the installation steps of GRC? NW7.0 SR3 SP12, JAVA 1_4_2_15, JSPM - VIRCC00, VIRAE00, VIRRE, VIRFF, -- VIRACLP. VIRACCNTNT-contecnt file 42.How can u create role? pfcg...........rolename-description-save-menu-t-codes, reports, weblinks-save-authorisation-maitain-save-generate 43.what are the organization levels? Company Code, Plant, Wharehouse, 44.what is risk id? risk id is the identification of a risk in rule set. with desc, relavent functions, risk level & status. 45.what are the GRC components? RAR, CUP, ERM, SPM Deloite: 1.what are the user types? 2.what is the difference between dialog user & service user? 3. If we created user in CUA, but the user is unable to login from his system what is the reason????? 4. What is the difference between master role & derived role? how he show the

5. What is the difference between derived role & copying the roles? 6. What will you observe in ST01? a) Checked Auth objects, fields, tested values with return codes. recorded all activities and store in analysis log. 7. What are the return codes in STO1? -0-authorisation check successful -1-missing auth. -2-too many parameters for auth check -3-Object not contained in user buffer -4-no profile contained in user buffer -6-auth. check incorrect -7,8,9-invalid user buffer 8. Can we change the password in SU10? No, we cannot change password in su10 9.How can we create object classes? su21 10.What will you observe in SU53? Authorisation Check failed data-Authorization object class, authorization object, authorization fields. (ACTVT, DEVCLASS, OBJNAME, OBJTYPE, P_GROUP with value which was last check failed. User authurisation data for object class that was last checked. 11. What is check & maintance in authorization objects? It performs the authorisation check when transaction starts and allows to maintain the authorisation object values in role maintenance pfcg. 12. explain about 3 colours in authorization data? a) green yellow red CAPGEMINI: 1. How to apply the support packages? 2. What is the command to use uncar the sp files? 3. After uncar, what type of files we get? 4. In net weaver SR3, What is the meaning of SR? 5. What is the difference between BRTOOLS & SAPDBA? 6. What is the path of support packages for downloading? 7. What is the difference between Roles & Profiles? 8. IS kernel upgrade is sequential or non sequential? 9. What are files for support packages(for ABAP,BASIS etc like KA,KB etc)? Tech Mahindra: 1. What is the difference between the su22 and su24? 2. How to create the authorization objects? By su21 3. What are the installation steps of GRC? 4. Can we assign the authorization objects manually in derived role? yes 5. How to import the roles in GRC? By running background jobs 6. How will you see the sm50 transaction authorization activities? 7. Which report is used to see the unsuccessful logon attempts? a) RSUSR200