SAP Security Interview Questions

SAP Role administration is the major part of the of the SAP Security Administrat
ion Process. You will be spending 70 % of time in SAP Role administration. Most
of the questions will focus on the user of SAP Transaction PFCG and handling the
sap authorization object restrictions. The real time interview questions will f
ocus on understanding the SAP Security Consultants ability to grasp the concepts
and to be able to explain.
1. What is the transaction you will use for maintaining the SAP Roles in SAP Sys
tem.(PFCG)
2. What is the difference between SAP profile and SAP role.
3. What is the use of SAP transactions SU02 and SU03.
4. How will you add SAP transaction in SAP Transaction PFCG.
5. Can you add a web address to SAP Role.
6. Can you add document to SAP Role.
7. How will you add transaction from SAP User Menu or from another SAP role.
8. Can you attach a SAP custom report to the role and create SAP transaction aut
omatically.
9. How will you add transactions from SAP Customizing menu which is managed from
SAP Transaction SPRO.
10. What the difference between SAP Single role and SAP Composite roles.
11. What is the difference between SAP Parent role and SAP Child Roles.
12. Can you delete the SAP parent role from a SAP child role.
13. How will you reconnect SAP parent role to orphaned SAP Child role.
14. What are the different between SAP authorization Object status in SAP role.
15. How will create role from SAP authorization Profile.
16. What is the advantage having SAP Authorization objects only on Maintained an
d standard status.
17. Why is bad idea to have objects in Manual and Change Status.
18. How will delete you delete the SAP Authorization profile and recreate the SA
P role.
19. What does advanced merge option in the SAP Role.
20. What is the user of Organization values in SAP Role.
21. What will inactive status of SAP Authorization object do.
22. What I saved my SAP role but the user is not getting the required access. Wh
at could be the problem.
23. Why do I not see SAP Merge Child role button on my SAP role.
24. How do I find out what SAP Authorization object is linked to What SAP Transa
ction.
25. Why has my role has some yellow SAP Authorization objects and Red SAP Author
ization Objects.
26. How do I fix the Red SAP Authorization objects and Yellow SAP Authorization
Objects.
27. Why is my SAP Role authorization tab yellow or red. How do I fix it.
28. Why is my SAP Role user tab red or yellow. How do I make it green.
29. What does SAP Role user compare do.
30. How can get a list of SAP authorization objects attached to the SAP transact
ions.
31. How do I update the SAP Objects brought into the SAP Role.
32. How can You maintain SAP Authorization object Values brought into the Role w
hen you add the SAP Transaction to the Role.
33. Do you use special naming convention for your SAP Authorization profile.
34. When you create SAP composite role what is the use of refresh user menu.
35. When you transport SAP composite role do you also transport SAP Single Roles
.
36. What is the sequence do you follow when you transport a multiple single role
and composite roles.
37. What are the process assessing the impact of SAP upgrade on SAP Authorizatio
ns and SAP Role.
38. How you trace changes to the SAP Role.
39. What are the table which list the SAP Role and Object Values.
40. What is the Table which list the SAP Role and Organizational Values.
41. What is the Table which Lists the SAP Role Texts.
42. What is the Table which Lists the SAP Role creation date.
43. What is the table which list all the SAP Organizational values available in
the system.

User Management Policy:
1. What is your policy on user on boarding / roll on.
2. What is the password length policy.
3. What is the user idle time out policy.
4. What is considered sensitive information in User master data.
5. What is the policy on user lockout from the system for inactivity.
6. What is you user expiration policy.
7. What is the user roll off policy.
8. What is policy on user retention in the system after user leaving the company
.
9. What is your policy on contractors in the system.
10. Do you have any SAP critical roles.
11. What is your policy on assigning sap profiles.
12. What is your policy on creating Batch ID, System ID, Service ID.
13. What is the training requirements for user getting access to the sap system.
14. What is the approval process for getting access to the SAP system.
15. Any sensitive roles or critical roles approval.
16. What is the approval policy for creating a developer id in the sap system.
17. What it is the audit trail for user approval.
18. Do you have any user provisioning system.
19. How does HR Notify SAP Security Team of a new hire.
20. How long does it take for HR to notify when the employee with SAP Access has
resigned from the company.
21. What is the frequency of user audit policy in sap system.
22. What is your policy on user access revalidation in sap system.

User administration is the center piece of the SAP Security Job. This is the pro
cess by which users are allowed into the
system.

Some of the prime areas for SAP Security Interview Questions are following:
1. What are the required fields in SAP user administration screen? What will hap
pen if you do not complete the required fields
2. Where do you configure company data so all the SAP users can be assigned comp
any information
3. Where do you put the email address in the SAP User Administration Field?
4. What are the different types of SAP users in the SAP system?
5. What is the difference between Dialog and service user type?
6. Give me a scenario where you will use service SAP user type
7. When SAP Batch administration team comes to you and asks you for SAP USER ID.
What is the SAP User ID type will you recommend
8. When external tool which is communicating with the system. The person in-char
ge is asking you SAP user ID what type of SAP User ID you will recommend
9. How will you restrict a person from not logging in from certain date
10. How will you restrict the person only having access for 6 Months
11. Tell me a scenario when you will use Cost center and account number
12. Why does an European SAP user see USA date format
13. What SAP transaction can the user use to maintain his own settings
14. What are the downside of letting the SAP user maintain his own data like ema
il address and last name
15. When the SAP users wants to pre populate the company code, plant, sales org
, purchasing org etc with specific value how will you advice
16. How can SAP user find the PID id for fields
17. User wants to get PID Id for document number. Why is that not configured as
a PID Id in SAP system
18. What is the purpose of SAP system tab in CUA
19. If the Valid date of the user is Jan 1 2011 Dec 31 2011 but the role dates a
re Jan 1 2011 July 31 2001. Will the User be able to log on to the system on Aug
ust 1st 2011.
20. What does the text compare on the role tab do in a SAP CUA environment
21. Will the role get populated if you add the user in pfcg
22. When the user complains to you that he was able to execute certain transacti
ons yesterday but cannot do it today.How will you investigate
23. How will get the history about the user creation
24. How will get the list of all the transaction this user executed last year
25. How can you find the last logon dates of the user
26. What is the table you can find this information
27. What table has the last name and first name of the user
28. How will get a list of users who never logged into the system
29. How will you get the users who has not logged on to system for 180
30. What the transactions which every user should have
31. What information does SU56 show the users
32. What report you will execute to get the list of users in the system
33. If the user says how many SAP sessions he can create, how will you find out
34. If the user complains he is getting logged off every 15 minutes if he is ina
ctive what will be the Reason