Interview Questions.

Q1. What Is The Difference Between Usobx_c And Usobt_c?

The table USOBX_C defines which authorization assessments are to be completed within a transaction and which now not (no matter authority-take a look at command programmed ). This desk additionally determines which authorization checks are maintained inside the Profile Generator.

The table USOBT_C  defines for each transaction and for each authorization object which default values an authorization created from the authorization item must have within the Profile Generator.

Q2. What Does The Pfcg_time_dependency Clean Up?

The ‘PFCG_TIME_DEPENDENCY’ heritage record simplest cleans up the profiles (that is, it does not easy up the jobs in the device). Alternatively, you can use transaction ‘PFUD’.

Q3. Is There A Table For Authorizations Where I Can Quickly See The Values Entered In A Group Of Fields?

In particular I am seeking to discover the sphere values for P_ORGIN throughout a number of authorization profiles, without having to drill down on every profile and authorization.

AGR_1251 will provide you with some reasonable data.

Q4. Is It Possible To Change Role Template? How?

Yes, we are able to alternate a consumer role template.  There are precisely three ways wherein we are able to work with user function templates

we can use it as they're added in sap

we will alter them as according to our needs thru percent

we are able to create them from scratch.

Q5. What Is The Difference Between The Table Buffer And The User Buffer?

The desk buffers are inside the shared memory. Buffering the tables will increase overall performance when gaining access to the data records contained in the table. Table buffers and table entries are ignored throughout startup. A user buffer is a buffer from which the facts of a user grasp record is loaded while the consumer logs on. The person buffer has unique setting options with regard to the ‘auth/new_buffering’ parameter.

Q6. How To Create Users?

Execute transaction SU01 and fill in all the field. When growing a brand new user, you need to input an initial password for that person at the Logon facts tab. All different records is optionally available. Click right here for turotial on growing sap person identity.

Q7. If U R Using 10 Firefighter Ids At A Time? How Will The Log Reports Goes To Controller?

This is finished while ever function is already assigned to users and modifications are performed in that role. In order to get the adjustments adjusted in the roles, person comparision is achieved.

Q8. What Is Ruleset? And How To Update Risk Id In Rule Set?

Also throughout oblique asssignment of roles to person the use of t codes Po13 and po10, we must to do consumer comparision, in order that the jobs get reflected in the SU01 document of consumer.

Q9. What Is A Derived Role?

Derived roles consult with roles that exist already. The derived roles inherit the menu shape and the capabilities covered (transactions, reviews, Web links, and so on) from the position referenced. A position can handiest inherit menus and features if no transaction codes had been assigned to it earlier than.

The better-degree role passes on its authorizations to the derived role as default values which may be modified afterwards. Organizational degree definitions aren't handed on. They have to be created anew in the inheriting position. User assignments are not surpassed on either.

Derived roles are an fashionable manner of keeping roles that don't range of their functionality (identical menus and identical transactions) but have one of a kind characteristics with reference to the organizational stage.

Q10. How Do I Change The Name Of Master / Parent Role Keeping The Name Of Derived/toddler Role Same? I Would Like To Keep The Name Of Derived /infant Role Same And Also The Profile Associated With The Child R

First copy the grasp position the use of PFCG to a position with new name you need. Then you have to generate the function. Now open each derived function and delete the menu. Once the menus are removed it'll will let you placed new inheritance. You can placed the call of the new master position you created. This will assist you preserve the same derived position name and also the identical profile name. Once the brand new roles are carried out you may delivery it. The transport routinely consists of the Parent roles.

Q11. What Is The Rule Set In Grc?

Collection of guidelines is nothing but rule set. There is a default rule set in GRC known as Global Rule Set.

Q12. What Is A Composite Role?

A composite position is a container that can gather numerous special roles. For reasons of readability, it does not make sense and is therefore no longer allowed to add composite roles to composite roles. Composite roles are also called roles.

Composite roles do no longer include authorization statistics. If you want to alternate the authorizations (which can be represented by a composite function), you have to keep the information for each function of the composite function.

Creating composite roles makes sense if some of your personnel need authorizations from several roles. Instead of adding every user one at a time to each role required, you could set up a composite position and assign the customers to that group.

The users assigned to a composite role are robotically assigned to the corresponding (standard) roles in the course of contrast.

Q13. Explain The Personalization Tab Within A Role?

Personalization is a manner to store facts that could be commonplace to users, I supposed to a consumer position…  E.G. You could create SAP queries and manage authorizations by consumer organizations. Now this facts can be saved in the personalization tab of the role.  (I meant that it's miles a manner for SAP to deal with his ambiguity of its idea of user institution and roles: is “usergroup” a grouping of humans sharing the equal access or is it the position who's the grouping of human beings sharing the equal get right of entry to)

Q14. List R/three User Types?

@Dialog users are used for individual user. Check for expired/initial passwords Possible to change your own password. Check for multiple dialog logon

@A Service person – Only person administrators can trade the password. No take a look at for expired/initial passwords. Multiple logon authorized

@System users are not capable of interaction and are used to perform sure gadget sports, including history processing, ALE, Workflow, and so forth.

@A Reference consumer is, like a System user, a general, non-personally associated, user. Additional authorizations can be assigned in the device the use of a reference user. A reference user for extra rights may be assigned for every person in the Roles tab.

Q15. What Profile Versions?

Profile versions are not anything however while u modifies a profile parameter via a RZ10 and generates a brand new profile is created with a exceptional version and it's miles saved inside the database.

Q16. What Authorization Are Required To Create And Maintain User Master Records?

The following authorization items are required to create and maintain user grasp records:

S_USER_GRP: User Master Maintenance: Assign person groups

S_USER_PRO: User Master Maintenance: Assign authorization profile

S_USER_AUT: User Master Maintenance: Create and maintain authorizations

Q17. Someone Has Deleted Users In Our System, And I Am Eager To Find Out Who. Is There A Table Where This Is Logged?

Debug or use RSUSR100 to discover the info’s.

Run transaction SUIM and down its Change files.

Q18. What Are The Critical Tcodes And Authorization Objects In R/three?

Just to say all the t-codes which can have an effect on roles and person master facts are crucial ones. SU01, PFCG, RZ10, RZ11, SU21, SU03, Sm37 are a number of crucial t-codes.

Below are crucial objects:

S_TABU_DIS

S_USER_AGR

S_USER_AUT

S_USER_PRO

S_USER_GRP

Q19. Who Will Done User Comparison?

If adjustments are to be contemplated right now, person comparison is recommended.

Q20. What Are The Prerequisites We Should Take Before Assigning Sap_all To A User Even We Have Approval From Authorization Controllers?

Conditions are follows earlier than assigning sap_all to any user .

1.Allowing the audit log —- the use of sm19 tcode.

2.Retreving the audit log—–the use of sm20 tcode.

This system follows when your not imposing grc in your machine.

Q21. What Is The Difference Between C (take a look at) And U (unmentioned)?

Background: When defining authorizations the usage of Profile Generator, the table USOBX_C defines which authorization checks have to arise within a transaction and which authorization exams have to be maintained inside the PG. You decide the authorization tests that can be maintained inside the PG using Check Indicators. It is a Check Table for Table USOBT_C.

In USOBX_C there are four Check Indicators.

@CM (Check/Maintain)

An authority check is executed against this object.

The PG creates an authorization for this object and area values are displayed for changing.

Default values for this authorization can be maintained.

@C (Check)

An authority take a look at is done in opposition to this item.

The PG does now not create an authorization for this item, so area values are not displayed.

No default values may be maintained for this authorization.

@N (No take a look at)

The authority test in opposition to this object is disabled.

The PG does no longer create an authorization for this object, so field values are not displayed.

No default values can be maintained for this authorization.

@U (Unmaintained)

No test indicator is about.

An authority check is usually finished in opposition to this object.

The PG does no longer create an authorization for this object, so area values aren't displayed.

No default values can be maintained for this authorization.

Q22. Can Wildcards Be Used In Authorizations?

Authorization values may include wildcards; however, the system ignores the whole thing after the wildcard. Therefore, A*B is similar to A*.

Q23. What Is The Landscape Of Grc?

GRC Landscape is 2 system panorama, @SAP GRC DEV @SAP GRC PRD in GRC there's no Quality system.

Q24. What Does User Compare Do?

If you are also using the position to generate authorization profiles, then you definitely have to notice that the generated profile is not entered within the person master record until the user master data have been compared. You can automate this through scheduling file FCG_TIME_DEPENDENCY on.

Q25. What Is The Different Between Single Role & Composite Role?

A function is a container that collects the transaction and generates the associated profile.  A composite roles is a container that may accumulate numerous distinct roles

Q26. What Does The Profile Generator Do?

The Profile Generator creates roles. It is crucial that appropriate user roles, and not profiles, are entered manually in transaction ‘SU01′. The system need to input the profiles for this consumer automatically.

Q27. How To Insert Missing Authorization?

Su53 is the exceptional transaction with which we will locate the missing authorizations.And we will insert the ones lacking authorization thru percent.

Q28. What Is The Use Of Role Templates?

User role templates are predefined pastime corporations in SAP which includes transactions, reviews and net addresses.

Q29. How Can I Do A Mass Delete Of The Roles Without Deleting The New Roles?

There is a SAP delivered report that you can reproduction, dispose of the gadget kind test and run. To do a panorama with delete, input the jobs to be deleted in a transport, run the delete software or manually delete and then release the transport and import them into all clients and systems.

It is referred to as: AGR_DELETE_ALL_ACTIVITY_GROUPS.

To used it, you need to tweak/debug & replace the code as it has a test that make sure it is deleting SAP delivered roles best. Once you get beyond that little bit, it works nicely.

Q30. What Is The Difference Between Role And A Profile?

Role and profile move hand in hand. Profile is bought in with the aid of a role. Role is used as a template,  wherein you may add T-codes, reviews..Profile is one that offers the user authorization. When you create a role, a profile is robotically created.

Q31. How Many Authorizations Fit Into A Profile?

A maximum of one hundred fifty authorizations match right into a profile. If the number of authorizations exceeds this marker, the Profile Generator will mechanically create more profiles for the position. A profile name consists of twelve (12) characters and the primary ten (10) may be modified when generated for the primary time.

Q32. What Is The Procedure For Role Modifications? Explain With Example?

Generally this task is performed PFCG_TIME_DEPENDENCY heritage job which runs once daily in order that roles are adjusted after running this record.

Q33. What Happens To Change Documents When They Are Transported To The Production System?

Change documents can't be displayed in transaction ‘SUIM’ after they are transported to the production system because we do not have the ‘befor input’ approach for the delivery. This means that if adjustments are made, the ‘USR10′ table is filled with the modern values and writes the vintage values to the ‘USH10′ desk in advance. The difference between both tables is then calculated and the cost for the exchange files is determined as a end result. However, this doesn't work when alternate files are transported to the manufacturing machine. The ‘USR10′ table is automatically packed with the modern values for the transport and there's no alternative for filling the ‘USH10′ table earlier (for the history) due to the fact we do no longer have a ‘befor input’ approach to fill the ‘USH10′ table earlier for the transport.