Top 26 SAP Security Interview Questions & Answers

1) Explain what is SAP security?

SAP security is providing correct access to business users with respect to their authority or
responsibility and giving permission according to their roles.

2) Explain what is “roles” in SAP security?

“Roles” is referred to a group of t-codes, which is assigned to execute particular business task.
Each role in SAP requires particular privileges to execute a function in SAP that is called
AUTHORIZATIONS.

3) Explain how you can lock all the users at a time in SAP?
By executing EWZ5 t-code in SAP, all the user can be locked at the same time in SAP.

4) Mention what are the pre-requisites that should be taken before assigning
Sap_all to a user even there is an approval from authorization controllers?
Pre-requisites follows like

 Enabling the audit log- using sm 19 tcode

 Retrieving the audit log- using sm 20 tcode
5) Explain what is authorization object and authorization object class?
 Authorization Object: Authorization objects are groups of authorization field that
regulates particular activity. Authorization relates to a particular action while Authorization
field relates for security administrators to configure specific values in that particular action.
 Authorization object class: Authorization object falls under authorization object
classes, and they are grouped by function area like HR, finance, accounting, etc.

6) Explain how you can delete multiple roles from QA, DEV and Production
System?
To delete multiple roles from QA, DEV and Production System, you have to follow below steps

 Place the roles to be deleted in a transport (in dev)

 Delete the roles
 Push the transport through to QA and production
This will delete all the all roles

7) Explain what things you have to take care before executing Run System Trace?
If you are tracing batch user ID or CPIC, then before executing the Run System Trace, you have
to ensure that the id should have been assigned to SAP_ALL and SAP_NEW. It enables the user
to execute the job without any authorization check failure.

8) Mention what is the difference between USOBT_C and USOBX_C?

 USOBT_C: This table consists the authorization proposal data which contains the
authorization data which are relevant for a transaction
 USOBX_C: It tells which authorization check are to be executed within a transaction
and which must not
9) Mention what is the maximum number of profiles in a role and maximum
number of object in a role?
Maximum number of profiles in a role is 312, and maximum number of object in a role is 170.

10) What is the t-code used for locking the transaction from execution?
For locking the transaction from execution t-code SM01, is used.

11) Mention what is the main difference between the derived role and a single
role?
For the single role, we can add or delete the t-codes while for a derived role you cannot do that.

12) Explain what is SOD in SAP Security?

SOD means Segregation of Duties; it is implemented in SAP in order to detect and prevent
error or fraud during the business transaction. For example, if a user or employee has the
privilege to access bank account detail and payment run, it might be possible that it can divert
vendor payments to his own account.
13) Mention which t-codes are used to see the summary of the Authorization
Object and Profile details?
 SU03: It gives an overview of an authorization object
 SU02: It gives an overview of the profile details
14) Explain what is User Buffer?
A user buffer consists of all authorizations of a user. User buffer can be executed by t-code SU56
and user has its own user buffer. When the user does not have the necessary authorization or
contains too many entries in his user buffer, authorization check fails.

15) By which parameter number of entries are controlled in the user buffer?
In user buffer number of entries are controlled by the profile
parameter “Auth/auth_number_in_userbuffer”.
16) How many transactions codes can be assigned to a role?
To a role maximum of 14000 transaction codes can be assigned.

17) Mention which table is used to store illegal passwords?

To store illegal passwords, table USR40 is used, it is used to store pattern of words which cannot
be used as a password.

18) Explain what is Pfcg_time_dependency?

PFCG_TIME_DEPENDENCY is a report that is used for user master comparison. It also
clears up the expired profiles from user master record. To directly execute this report PFUD
transaction code can also be used.
19) Explain what does USER COMPARE do in SAP security?
In SAP security, USER COMPARE option will compare the user master record so that the
produced authorization profile can be entered into the user master record.

20) Mention different tabs available in PFCG?

Some of the important tab available in PFCG includes

 Description: The tab is used to describe the changes made like details related to the
role, addition or removal of t-codes, the authorization object, etc.
 Menu: It is used for designing user menus like addition of t-codes
 Authorization: Used for maintaining authorization data and authorization profile
 User: It is used for adjusting user master records and for assigning users to the role
21) Which t-code can be used to delete old security audit logs?
SM18 t-code is used to delete the old security audit logs.

22) Explain what reports or programs can be used to regenerate SAP_ALL

profile?
To regenerate SAP_ALL profile, report AGR_REGENERATE_SAP_ALL can be used.

23) Using which table transaction code text can be displayed?

Table TSTCT can be used to display transaction code text.

24) Which transaction code is used to display the user buffer?

User buffer can be displayed by using transaction code SU56
 25) Mention what SAP table can be helpful in determining the single role that is
assigned to a given composite role?
Table AGR_AGRS will be helpful in determining the single role that is assigned to a given
composite role.
26) What is the parameter in Security Audit Log (SM19) that decides the number
of filters?
Parameter rsau/no_of_filters are used to decide the number of filters.

Download PDF

You Might Like:

Technical Interview Questions & Answers Top 15 Social Media Interview Questions &

Answers Top 12 Information Security Analyst Interview Questions &

Answers Top 25 SAP CRM Interview Questions & Answers

Save my name, email, and website in this browser for the next time I comment.
Post Comment

1.

Defender says:
24) Which transaction code is used to display the user buffer?

User buffer can be displayed by using transaction code AL08

Answer is SU56 not AL08. please check it and update me if i am wrong

Reply
o
Admin says:
Error Fixed! Thanks

Reply
2.
 Rohit says:
9) Mention what is the maximum number of profiles in a role and maximum number of object in a role?

Maximum number of profiles in a role is 312, and maximum number of object in a role is 150.

Answer is: Maximum number of profiles in a role is 312, and maximum number of object in a role is 170.

Reply
o
Admin says:
Error Fixed! Thanks

Reply
3.

Ponmani says:
can any tell me
if a tcode is assigned to 5000 users then how would you
find out who never uses this tcode? and the steps

Reply

GRC AC 10.0 Certification Exam Questions and Answers -

part-1

These questions and answers are collected from web and friends who is preparing for GRC 10.0
certification exam to help people who is preparing for GRC certification.

1. Your customer has created a custom transaction code ZFB10N by copying transaction
FB10
and implementing a user exit.
How can you incorporate the customer enhancement into the global rule set so that it will
be
available for Risk Analysis?

A. Update security permissions in all relevant authorization objects, maintain the custom
program
name in all relevant functions, and generate the access rules
B. Update all relevant functions with ZFB10N, maintain the permission values for all relevant
authorization objects, and generate the access rules
C. Update all relevant functions with ZFB10N, maintain the permission values in the relevant
access risk, and generate the global rule set
D. Update the relevant access risk with ZFB10N, maintain access rules in all relevant functions,
and generate the global rule set
Answer: B

2. Which of the following objects can you maintain in the "Maintain Paths" work area of
MSMP workflow configuration? (Choose three)
A. Paths
B. Path versions
C. Rules for path mappings
D. Stage notification settings
E. Stages
Answer: A,D,E

3. Which configuration parameters determine the content of the log generated by the SPM
Log
Synch job? (Choose three)?
A. Enable Risk Change log (1002)
B. Enable Authorization Logging (1100)
C. Retrieve System log (4004)
D. Retrieve OS Command log (4006)
E. Retrieve Audit log (4005)
Answer: C,D,E

4. Your customer wants to eliminate false positives from their risk analysis results.
How must you configure Access Control to include organizational value checks when
performing a
risk analysis? (Choose two)?

A. Configure organization rules for each relevant function

B. Update the functions that contain each relevant action by activating the fields for the required
permissions and maintaining a value for each specific organization
C. Configure organization rules for each relevant risk
D. Update the functions that contain each relevant action by activating the fields for the required
permissions
E. Configure organization level system parameters to incorporate all organization levels for each
relevant risk

Answer: C,D

5. What do you mitigate using Access Control?

A. Roles
B. Users
C. Risks
D. Functions
Answer: C

6. Your customer wants a manager to fulfil both MSMP workflow agent purposes.
How do you configure this?

A. Maintain the manager agent twice, once for each purpose, using the same agent ID
B. Maintain the manager agent once and assign both purposes to it without using an agent ID
C. Maintain the manager agent twice, once for each purpose, using different agent IDs
D. Maintain the manager agent once and assign both purposes to it using the same agent ID
Answer: C

7. You have identified some risks that need to be defined as cross-system risks. How do you
configure your system to enable cross-system risk analysis?
A. 1. Set the analysis scope of the function to cross-system
2. Create cross-system type connectors
3. Assign the corresponding connectors to the appropriate connector group
4. Generate rules

B. 1. Set the analysis scope of the risk to cross-system

2. Create cross-system type connectors
3. Assign the corresponding connectors to the appropriate connector group
4. Generate rules

C. 1. Set the analysis scope of the risk to cross-system

2. Create a cross-system type connector group
3. Assign the corresponding connectors to the connector group
4. Generate rules

D. 1. Set the analysis scope of the function to cross-system

2. Create a cross-system type connector group
3. Assign the corresponding connectors to the connector group
4. Generate rules
Answer: D

8. What does assigning the Logical Group (SOD-LOG) type to a connector group allow you
to do?
A. Run a cross-system analysis
B. Use the connector group for transports to the target system
C. Monitor the target system
D. Use the connector group as a business role management landscape
Answer: D

9. Who approves the review of the periodic segregation of duties?

A. Mitigation monitors
B. Role owners
C. Mitigation approvers
D. Risk owners
Answer: D
10. How are lines and columns linked in a BRF plus initiator decision table?
A. A column to a column through a logical OR
B. A column to a line through a logical OR
C. A column to a column through a logical AND
D. A line to a line through a logical AND
Answer: C

GRC AC 10.0 Certification Exam Questions and Answers -

Part-2

11. Which periodic review process allows a role owner to remove roles from the users?

A. UAR Review
B. SOD Review
C. Firefighter Log Review
D. Role Certification Review
Answer:A

12. You want to assign an owner when creating a mitigating control. However, you cannot
find the user you want to assign as an owner in the list of available users. What could be
the reason?

A. The user is already assigned as an owner to another mitigating control

B. The workflow for creating a mitigating control has not yet been approved
C. The user is locked
D. The user has not been assigned as an owner in the organizational hierarchy
Answer:D

13. Which report types require the execution of batch risk analysis? (Choose two)?
A. Ad-hoc risk analysis reports
B. Offline risk analysis reports
C. User level simulation reports
D. Access rules detail reports
E. User and role analysis dashboards
Answer:B,E

14. Where can you define a mitigating control? (Choose three)?

A. In the mitigating controls work set in Access Control

B. In the rule setup in Access Control
C. In the Access Control risk analysis result screen
D. In the central process hierarchy in Process Control
E. In the activity setup in Risk Management
Answer:A,C,D
15. You have created a new end-user personalization (EUP) form. Where can you make use
of this EUP form? (Choose two)?

A. In a stage configuration of a workflow

B. In an organizational assignment request
C. In a template-based request
D. In a model user request
E. Company 2
Answer: A, C

16. You have maintained an end-user personalization (EUP) form and set a particular field
as mandatory. Which additional field attribute settings are required? (Choose two)?

A. The field attribute Visible must be set to "Yes"

B. A default value must be maintained for the field
C. The field attribute Editable must be set to "Yes"
D. The field attribute Visible must be set to "No"
E. The field attribute Editable must be set to "No"
Answer: A, C

17.You want to maintain roles using Business Role Management. How do you import the
roles from the back-end system?

A. Use an SAP transport

B. Execute the Role Import background job directly in the back-end system
C. Use the standard import template
D. Execute the Role Repository Sync program
Answer: C

18. Which activity can you perform when you use the Test and Generate options in
transaction MSMP Rule Generation/Testing (GRFNMW_DEV_RULES)?

A. Generate and activate a BRF plus flat rule for workflow-related rules
B. Create a rule type for workflow-related rules
C. Create an MSMP process ID for workflow-related rules
D. Generate and activate function modules for workflow-related rules
Answer: D

19. You want to assign an owner when creating a mitigating control. However, you cannot
find the user you want to assign as an owner in the list of available users.
What could be the reason?

A. The user is already assigned as an owner to another mitigating control

B. The workflow for creating a mitigating control has not yet been approved
C. The user is locked
D. The user has not been assigned as an owner in the organizational hierarchy
Answer: D

C_GRCAC_10 Practice Test ERPPrep.com’s C_GRCAC_10 PDF is a comprehensive compilation of

questions and answers that have been developed by our team of SAP GRC AC experts and experienced
professionals. To prepare for the actual exam, all you need is to study the content of this exam
questions. You can identify the weak area with our premium C_GRCAC_10 practice exams and help you
to provide more focus on each syllabus topic covered. This method will help you to boost your
confidence to pass the SAP GRC AC certification with a better score. C_GRCAC_10 Questions and
Answers Set Questions 1. When is a BRFplus Routing rule triggered? Please choose the correct answer.
a) During workflow processing b) During BRFplus decision table activation c) During workflow
configuration d) During BRFplus rule configuration answer: a Questions 2. What is the difference
between a SoD risk and a critical action C_GRCAC_10 Exam Questions SAP GRC AC Certification Practice
Exam www.erpprep.com Questions 3. You have created a connector to use Access Control for access
request management. What does SAP recommend regarding the assignment of integration scenarios to
this connector? Please choose the correct answer. a) Assign the Provisioning (PROV) integration scenario
to the connector. b) Assign all four Access Control integration scenarios to the connector. c) Assign the
Role Management (ROLMG) integration scenario to the connector. d) Assign the Authorization
Management (AUTH) integration scenario to the connector. answer: b Questions 4. Which risk analysis
reports must be executed in the background? Note: There are 2 correct answers to this question? a)
Role level simulation with "Include Users" as an additional criterion b) User level risk analysis with "Show
All Objects" as an additional criterion c) Offline risk analysis d) Role level risk analysis with "Show All
Objects" as an additional criterion answer: a, c Questions 5. Which of the following roles delivered by
SAP can you use to grant access to Emergency Access Management? Please choose the correct answer.
a) SAP_GRAC_END_USER b) SAP_GRAC_SUPER_USER_MGMT_USER c) SAP_GRAC_SPM_FFID d)
SAP_GRAC_RULE_SETUP answer: b Questions 6. You have created a custom role methodology for your
firefight-related security roles. However, when you create a specific firefight-related security role, the
expected methodology is not applied. What could be the reason? C_GRCAC_10 Exam Questions SAP
GRC AC Certification Practice Exam www.erpprep.com Please choose the correct answer. a) The BRFplus
decision table does not contain the appropriate condition. b) The role methodology is not assigned to an
organizational value map. c) The condition group is not assigned to a role prerequisite. d) The Direct
Value Input method was used for the condition column. answer: a Questions 7. What is a purpose of the
Access Rule Maintenance work set? Please choose the correct answer. a) To set up specific access risk
rules to reflect company policies b) To delete a table structure from the rule set c) To maintain the rule
set so that you can combine rules to build risks d) To tie actions to risks so that you can combine them to
build functions answer: a Questions 8. Which transaction do you use to synchronize transactions and
their descriptions in the Access Control repository? Please choose the correct answer. a) Role Usage
Synchronization (GRAC_ROLE_USAGE_SYNC) b) Profile Synchronization (GRAC_PROFILE_SYNC) c)
Repository Object Synchronization (GRAC_REP_OBJ_SYNC) d) Authorizations Synchronization
(GRAC_AUTH_SYNC) answer: d Questions 9. What information is mandatory when you define an
initiator or routing rule in the Maintain Rules work area? Please choose the correct answer. a) Rule
Result Value b) Notification Variable C_GRCAC_10 Exam Questions SAP GRC AC Certification Practice
Exam www.erpprep.com c) Route Mapping d) Variable Description answer: a Questions 10. Which
workflow-related MSMP rule kinds can you create in BRFplus? Note: There are 3 correct answers to this
question? a) Notification variables rule b) Detour rule c) Process rule d) Routing rule e) Agent rule
answer: a, d, e Full Online Practice of C_GRCAC_10 Certification ERPPREP.COM presents authentic,
genuine and valid practice exams for SAP Oracle DB Certification, which is similar to actual exam. We
promise 100% success in very first attempt. We recommend going ahead with our online practice exams
to perform outstandingly in the actual exam. We suggest to identify your weak area from our premium
practice exams and give more focus by doing practice with SAP system. You can continue this cycle till
you achieve 100% with our practice exams. Our technique helps you to score better in the final
C_GRCAC_10 exam. Start Online practice of C_GRCAC_10 Exam by visiting URL
http://www.erpprep.com/other-sap-certification/sap-businessobjectsaccess-control-grc-ac

SAP GRC Interview Questions

1. Question 1. Explain The Personalization Tab Within a Role?

Answer:
Personalization is a way to save information that could be common to users, I
meant to a user role…  E.g. you can create SAP queries and manage
authorizations by user groups. Now this information can be stored in the
personalization tab of the role.  (I supposed that it is a way for SAP to address
his ambiguity of its concept of user group and roles: is “user group” a grouping
of people sharing the same access or is it the role who is the grouping of
people sharing the same access)
2. Question 2. Is There a Table for Authorizations Where I Can Quickly See the
Values Entered in A Group of Fields?
Answer:
In particular I am looking to find the field values for P_ORGIN across a number
of authorization profiles, without having to drill down on each profile and
authorization.
AGR_1251 will give you some reasonable info.
3. Question 3. How Can I Do a Mass Delete of the Roles Without Deleting the
New Roles?
Answer:
There is a SAP delivered report that you can copy, remove the system type
check and run. To do a landscape with delete, enter the roles to be deleted in a
transport, run the delete program or manually delete and then release the
transport and import them into all clients and systems.
It is called: AGR_DELETE_ALL_ACTIVITY_GROUPS.
To used it, you need to tweak/debug & replace the code as it has a check that
ensure it is deleting SAP delivered roles only. Once you get past that little bit, it
works well.
4. Question 4. Someone Has Deleted Users in Our System, And I Am Eager to
Find Out Who. Is There A Table Where This Is Logged?
Answer:
Debug or use RSUSR100 to find the info’s.
Run transaction SUIM and down its Change documents.
5. Question 5. How to Insert Missing Authorization?
Answer:
su53 is the best transaction with which we can find the missing
authorizations. And we can insert those missing authorization through pfcg.
6. Question 6. What Is the Difference Between Role and A Profile?
Answer:
Role and profile go hand in hand. Profile is bought in by a role. Role is used as
a template, where you can add T-codes, reports. Profile is one which gives the
user authorization. When you create a role, a profile is automatically created.
7. Question 7. What Profile Versions?
Answer:
Profile versions are nothing but when u modifies a profile parameter through a
RZ10 and generates a new profile is created with a different version and it is
stored in the database.
8. Question 8. What Is the Use of Role Templates?
Answer:
User role templates are predefined activity groups in SAP consisting of
transactions, reports and web addresses.
9. Question 9. What Is the Different Between Single Role & Composite Role?
Answer:
A role is a container that collects the transaction and generates the
associated profile.  A composite role is a container which can collect several
different roles
10. Question 10. Is It Possible to Change Role Template? How?
Answer:
Yes, we can change a user role template.  There are exactly three ways in
which we can work with user role templates
o we can use it as they are delivered in sap
o we can modify them as per our needs through pfcg
o we can create them from scratch.
2. Question 11. How to Create Users?
Answer:
Execute transaction SU01 and fill in all the field. When creating a new user,
you must enter an initial password for that user on the Logon data tab. All
other data is optional. Click here for tutorial on creating sap user id.
3. Question 12. What Is the Difference Between Usobx_c and Usobt_c?
Answer:
The table USOBX_C defines which authorization checks are to be performed
within a transaction and which not (despite authority-check command
 programmed). This table also determines which authorization checks are
maintained in the Profile Generator.
The table USOBT_C defines for each transaction and for each authorization
object which default values an authorization created from the authorization
object should have in the Profile Generator.
4. Question 13. What Authorization Are Required to Create and Maintain User
Master Records?
Answer:
The following authorization objects are required to create and maintain user
master records:
S_USER_GRP: User Master Maintenance: Assign user groups
S_USER_PRO: User Master Maintenance: Assign authorization profile
S_USER_AUT: User Master Maintenance: Create and maintain authorizations
5. Question 14. List R/3 User Types?
Answer:
1. Dialog users are used for individual user. Check for expired/initial
passwords Possible to change your own password. Check for multiple dialog
logon
2. A Service user – Only user administrators can change the password. No
check for expired/initial passwords. Multiple logon permitted
3. System users are not capable of interaction and are used to perform certain
system activities, such as background processing, ALE, Workflow, and so on.
4. A Reference user is, like a System user, a general, non-personally related,
user. Additional authorizations can be assigned within the system using a
reference user. A reference user for additional rights can be assigned for every
user in the Roles tab.
6. Question 15. What Is A Derived Role?
Answer:
Derived roles refer to roles that already exist. The derived roles inherit the
menu structure and the functions included (transactions, reports, Web links,
and so on) from the role referenced. A role can only inherit menus and
functions if no transaction codes have been assigned to it before.
The higher-level role passes on its authorizations to the derived role as default
values which can be changed afterwards. Organizational level definitions are
not passed on. They must be created anew in the inheriting role. User
assignments are not passed on either.
Derived roles are an elegant way of maintaining roles that do not differ in their
functionality (identical menus and identical transactions) but have different
characteristics with regard to the organizational level.
7. Question 16. What Is A Composite Role?
Answer:
 A composite role is a container which can collect several different roles. For
reasons of clarity, it does not make sense and is therefore not allowed to add
composite roles to composite roles. Composite roles are also called roles.
Composite roles do not contain authorization data. If you want to change the
authorizations (that are represented by a composite role), you must maintain
the data for each role of the composite role.
Creating composite roles makes sense if some of your employees need
authorizations from several roles. Instead of adding each user separately to
each role required, you can set up a composite role and assign the users to
that group.
The users assigned to a composite role are automatically assigned to the
corresponding (elementary) roles during comparison.
8. Question 17. What Does User Compare Do?
Answer:
If you are also using the role to generate authorization profiles, then you
should note that the generated profile is not entered in the user master record
until the user master records have been compared. You can automate this by
scheduling report FCG_TIME_DEPENDENCY on.
9. Question 18. How Do I Change the Name of Master / Parent Role Keeping the
Name of Derived/child Role Same? I Would Like to Keep the Name of Derived
/child Role Same and Also the Profile Associated with The Child Roles.?
Answer:
First copy the master role using PFCG to a role with new name you wish to
have. Then you have to generate the role. Now open each derived role and
delete the menu. Once the menus are removed it will let you put new
inheritance. You can put the name of the new master role you created. This
will help you keep the same derived role name and also the same profile
name. Once the new roles are done you can transport it. The transport
automatically includes the Parent roles.
10. Question 19. What Is the Difference Between C (check) And U
(unmentioned)?
Answer:
Background: When defining authorizations using Profile Generator, the table
USOBX_C defines which authorization checks should occur within a
transaction and which authorization checks should be maintained in the PG.
You determine the authorization checks that can be maintained in the PG
using Check Indicators. It is a Check Table for Table USOBT_C.
In USOBX_C there are 4 Check Indicators.
1. CM (Check/Maintain)
o An authority check is carried out against this object.
o The PG creates an authorization for this object and field values are
displayed for changing.
o Default values for this authorization can be maintained.
2. C (Check)
 o An authority check is carried out against this object.
o The PG does not create an authorization for this object, so field values are
not displayed.
o No default values can be maintained for this authorization.
3. N (No check)
o The authority check against this object is disabled.
o The PG does not create an authorization for this object, so field values are
not displayed.
o No default values can be maintained for this authorization.
4. U (Unmaintained)
o No check indicator is set.
o An authority check is always carried out against this object.
o The PG does not create an authorization for this object, so field values are
not displayed.
o No default values can be maintained for this authorization.
2. Question 20. Can Wildcards Be Used in Authorizations?
Answer:
Authorization values may contain wildcards; however, the system ignores
everything after the wildcard. Therefore, A*B is the same as A*.
3. Question 21. What Does the Pfcg_time_dependency Clean Up?
Answer:
The ‘PFCG_TIME_DEPENDENCY’ background report only cleans up the profiles
(that is, it does not clean up the roles in the system). Alternatively, you may
use transaction ‘PFUD’.
4. Question 22. What Happens to Change Documents When They Are
Transported to The Production System?
Answer:
Change documents cannot be displayed in transaction ‘SUIM’ after they are
transported to the production system because we do not have the ‘before
input’ method for the transport. This means that if changes are made, the
‘USR10′ table is filled with the current values and writes the old values to the
‘USH10′ table beforehand. The difference between both tables is then
calculated and the value for the change documents is determined as a result.
However, this does not work when change documents are transported to the
production system. The ‘USR10′ table is automatically filled with the current
values for the transport and there is no option for filling the ‘USH10′ table in
advance (for the history) because we do not have a ‘before input’ method to fill
the ‘USH10′ table in advance for the transport.
5. Question 23. What Is the Difference Between the Table Buffer and The User
Buffer?
Answer:
The table buffers are in the shared memory. Buffering the tables increases
performance when accessing the data records contained in the table. Table
buffers and table entries are ignored during start up. A user buffer is a buffer
from which the data of a user master record is loaded when the user logs on.
 The user buffer has different setting options with regard to the
‘auth/new_buffering’ parameter.
6. Question 24. What Does the Profile Generator Do?
Answer:
The Profile Generator creates roles. It is important that suitable user roles, and
not profiles, are entered manually in transaction ‘SU01′. The system should
enter the profiles for this user automatically.
7. Question 25. How Many Authorizations Fit into A Profile?
Answer:
A maximum of 150 authorizations fit into a profile. If the number of
authorizations exceeds this marker, the Profile Generator will automatically
create more profiles for the role. A profile name consists of twelve (12)
characters and the first ten (10) may be changed when generated for the first
time.
8. Question 26. What Are the Prerequisites We Should Take Before Assigning
Sap_all to A User Even We Have Approval from Authorization Controllers?
Answer:
prerequisites are follows before assigning sap_all to any user.
1.enabling the audit log —- using sm19 tcode.
2.retreving the audit log—–using sm20 tcode.
this process follows when you’re not implementing grc in your system.
9. Question 27. What Is the Landscape of Grc?
Answer: GRC Landscape is 2 system landscape, 1. SAP GRC DEV 2. SAP GRC
PRD in GRC there is no Quality system.
10. Question 28. What Is the Rule Set in Grc?
Answer: Collection of rules is nothing but rule set. There is a default rule set in
GRC called Global Rule Set.
11. Question 29. What Are the Critical Tcodes and Authorization Objects in R/3?
Answer:
Just to say all the t-codes which can affect roles and user master records are
critical ones. SU01, PFCG, RZ10, RZ11, SU21, SU03, Sm37 are some of critical
t-codes.
Below are critical objects:
o S_TABU_DIS
o S_USER_AGR
o S_USER_AUT
o S_USER_PRO
o S_USER_GRP
12. Question 30. If U R Using 10 Firefighter Ids at A Time? How Will the Log
Reports Goes to Controller?
Answer:
This is done when ever role is already assigned to users and changes are done
in that role. In order to get the changes adjusted in the roles, user comparison
is done.
 13. Question 31. What Is Ruleset? And How to Update Risk Id in Rule Set?
Answer:
Also during indirect assignment of roles to user using t codes Po13 and po10,
we have to do user comparison, so that the roles get reflected in the SU01
record of user.
14. Question 32. What Is the Procedure for Role Modifications? Explain with
Example?
Answer:
Generally, this task is done PFCG_TIME_DEPENDENCY background job which
runs once daily so that roles are adjusted after running this report.
15. Question 33. Who Will Done User Comparison?
Answer:
If changes are to be reflected immediately, user comparison is recommended.

SAP GRC Related Tutorials

SAP CRM Tutorial SAP BI Tutorial

SAP HR Tutorial SAP HANA Tutorial

SAP Security Tutorial SAP Fiori Tutorial

SAP Testing Tutorial

SAP GRC Related Interview Questions

SAP CRM Interview Questions SAP BI Interview Questions

SAP HR Interview Questions SAP HANA Interview Questions

SAP LE and WM Interview Questions SAP Security Interview Questions

SAP GTS Interview Questions SAP Fiori Interview Questions

SAP Testing Interview Questions SAP Enterprise Portal Interview Questions

SAP GRC Related Practice Tests

SAP CRM Practice Tests SAP BI Practice Tests
 SAP HR Practice Tests SAP LE and WM Practice Tests

SAP Security Practice Tests SAP Fiori Practice Tests

Sap Grc Tutorial

Sap Grc
 Sap Grc Overview
 Sap Grc Navigation
 Sap Grc Access Control
 Sap Grc Access Management Work Center
 Access & Authorization Management
 Sap Grc Authorization
 Sap Grc Access Control Launchpad
 Sap Grc Integration With Access Control
 Sap Grc Integration With Iam
 Sap Grc Audit Universe
 Process Control Work Centers
 Sap Grc Sod Risk Management
 Sap Grc Risk Management
 Sap Grc Risk Remediation
 Sap Grc Mitigation Controls
 Sap Grc Super User Privilege
 Sap Grc Implementing Super User
 Sap Grc Enhanced Risk Analysis
 Sap Grc Assigning Mitigation Controls
 Sap Grc Workflow Integration
 Sap Grc Installation And Configuration
 Sap Grc Data Sources And Business Rules
 Sap Grc Creating Business Rules
Sap Grc Practice Tests
List of Tutorials
 Archery Tutorial 
 Hockey Tutorial 
 Freestyle Skiing Tutorial 
 Billiards Tutorial
 Formula One Tutorial
 Golf Tutorial
 Basketball Tutorial
 Abbreviations Tutorial
Read More

List of Topics
 Hockey Champions 
 Hockey Variants 
 Hockey Penalties 
 Hockey How to Play Hockey? 
 Hockey Players and their Roles
 Hockey Terms
 Hockey Equipment
 Hockey Playing Environment
Read More

Interview Questions
 Bearing Interview Questions 
 Prototype JavaScript Framework Interview Questions 
 Foundation Framework Interview Questions 
 Electron Framework Interview Questions 
 W3 Css Interview Questions 
 RTI Interview Questions
 CLion Interview Questions
 BizTalk HL7 Interview Questions
Read More