Sap Grc Security Interview Questions

What Is Known By Pfcg Time Dependency

The PFCG time dependency is nothing but a report which is normally used for comparison of the user master. The PFCG Time dependency also makes sure to wipe away any profiles from the main record which seem to have expired and are of no use. There is also a transactional code that can be employed in order to execute this particular action. The transactional code which is used to do this is PFUD.

What Are The Advantages Of Using Global Trade Services

Ans:

Below are the key advantages of using Global Trade Services

• It helps in reducing the cost and effort of managing compliance for global trading.
• It can ease time-consuming manual tasks and helps in improving the productivity.
• Reduces the penalties for trade compliance violations
• It helps you to create and improve the brand and image and avoid trade with sanctioned or denied parties.
• Better Customer satisfaction and improve the quality of service.
• It fastens the inbound and outbound processes by performing customs clearance and also helps in removing unnecessary delays.

Why Do I Need To Hire You

Show that you have skills and experience to do the job and deliver great results. You never know what other candidates offer to the company. But you know you: emphasize your key skills, strengths, talents, work experience, and professional achievements that are fundamental to getting great things done on this position.

Recommended Reading: Team Lead Interview Questions To Ask

What Is The Audit Risk Rating

To define the criteria for an organization so that risk rating can be found and ranking for risk rating can be established, Audit Risk Rating is used. As per management feedback, each audible entity is rated in Audit Risk Rating . ARR can be used to perform the tasks given below:

• Set of audible entities and risk factor can be found out
• Risk score for a risk factor in each auditable entity can be defined and evaluated.
• The auditable entity can be rated as per risk score.

Difference between preventive mitigation controls and detective mitigation controls

Q5 What Is The Use Of Rsecadmin

Ans:

• IN SAP BI Reporting Users Analysis Authorization using transaction RSECADMIN, to maintain authorizations for reporting users.
• RSECADMIN To maintain analysis authorization and role assignment to the user.

Recommended Reading: How To Prepare For Software Developer Interview

Q12 What Is The Difference Between Usobox And Usob+c

Ans-The table USOBX_C defines which authorization checks are to be performed within a transaction. The profile must maintain the profile generator. The table USOBT_C defines for each transaction for each authentication with default values object should have been in the profile generator and created freely.

What Are The Main Tabs Available In Pfcg

In the PFCG, there are many important and essential tabs, including the following:

• Description: Used to describe changes made, such as those made to roles, authorization objects, or other T-codes .
• Menu: Design user menus such as adding T-codes.
• : Used for maintaining authorization profiles and authorization data.
• User: Used to adjust user master records and assign users to the role.

Also Check: How To Conduct A Second Interview

How Many Authorizations Fit Into A Profile

A maximum of 150 authorizations fit into a profile. If the number of authorizations exceeds this marker, the Profile Generator will automatically create more profiles for the role. A profile name consists of twelve characters and the first ten may be changed when generated for the first time.

Stay updated with our newsletter, packed with Tutorials, Interview Questions, How-to’s, Tips & Tricks, Latest Trends & Updates, and more Straight to your inbox!

What Are The Different Activities That You Can Perform In Sap Grc

Ans:

SAP GRC helps organization to manage their regulations and compliance and you can perform following activities

• Easy integration of GRC activities into existing process and automating key GRC activities.
• Low complexity and managing risk efficiently.
• Improve risk management activities.
• Managing fraud in business processed and audit management effectively.
• Organizations perform better and companies can protect their values.
• SAP GRC solution consists of three main areas: Analyze, manage and monitor.

Don’t Miss: What To Expect During A Phone Interview

Elaborate On The Meaning Of Authorization Object Class And The Meaning Of Authorization Object

It is very essential to understand the meaning of the authorization object and that of the authorization object class. The authorization object is nothing but the groups of the field of authorization which looks after the function of a specific activity. Authorization is related to a specific action only whereas the field of authorization looks after the security administrators.

It helps in the configuration of the particular values in any action which is required. As far as authorization object class is concerned it is an umbrella term under which authorization object is taken into consideration. These are put into groups by some departments which include accounting, HR, finance, and some more.

What Is The Difference Between C And U

Background: When defining authorizations using Profile Generator, the table USOBX_C defines which authorization checks should occur within a transaction and which authorization checks should be maintained in the PG. You determine the authorization checks that can be maintained in the PG using Check Indicators. It is a Check Table for Table USOBT_C.In USOBX_C there are 4 Check Indicators.

1. CM

• An authority check is carried out against this object.
• The PG creates an authorization for this object and field values are displayed for changing.
• Default values for this authorization can be maintained.

2. C

• An authority check is carried out against this object.
• The PG does not create an authorization for this object, so field values are not displayed.
• No default values can be maintained for this authorization.

3. N

• The authority check against this object is disabled.
• The PG does not create an authorization for this object, so field values are not displayed.
• No default values can be maintained for this authorization.

4. U

• No check indicator is set.
• An authority check is always carried out against this object.
• The PG does not create an authorization for this object, so field values are not displayed.
• No default values can be maintained for this authorization.

Recommended Reading: How To Prepare For Consulting Interview

How Do You Perform User Authorization In Sap System Using Grc Access Control

Ans:

SAP GRC access control uses UME roles to control the user authorization in the system. An administrator can use actions which represents the smallest entity of UME role that a user can use to build access rights.One UME role can contain actions from one or more applications. You have to assign UME roles to users in User management engine .

+ Top Sap Security Interview Questions And Answers

Q1. Explain What Things You Have To Take Care Before Executing Run System Trace?

If you are tracing batch user ID or CPIC, then before executing the Run System Trace, you have to ensure that the id should have been assigned to SAP_ALL and SAP_NEW. It enables the user to execute the job without any authorization check failure.

Q2. How To Insert Missing Authorization?

su53 is the best transaction with which we can find the missing authorizations.and we can insert those missing authorization through pfcg.

Q3. How Can I Do A Mass Delete Of The Roles Without Deleting The New Roles?

here is a SAP delivered report that you can copy, remove the system type check and run. To do a landscape with delete, enter the roles to be deleted in a transport, run the delete program or manually delete and then release the transport and import them into all clients and systems.

It is called: AGR_DELETE_ALL_ACTIVITY_GROUPS. To used it, you need to tweak/debug & replace the code as it has a check that ensure it is deleting SAP delivered roles only. Once you get past that little bit, it works well.

Q4. Explain What Is Pfcg_time_dependency?

PFCG_TIME_DEPENDENCY is a report that is used for user master comparison. It also clears up the expired profiles from user master record. To directly execute this report PFUD transaction code can also be used.

Q5. Mention What Sap Table Can Be Helpful In Determining The Single Role That Is Assigned To A Given Composite Role?

Q8. What Is A Composite Role?

Also Check: How To Schedule Multiple Interviews

What Is Internal Audit Management

Internal Audit Management allows a user to process the information from Risk management and from process control to use it in audit planning. The proposals of audit can be transferred to audit management for processing whenever required and the issues for reporting can be generated by using the audit items. Internal Audit Management provides the users with space where they can perform complete audit planning, create audit items, define audit universe and create and view audit reports and audit issues.

What Is The Use Of Sap Grc

Ans:

SAP Governance, Risk and Compliance solution enables organization to manage regulations and compliance and remove any risk in managing organizations key operations. As per changing market situation organizations are growing and rapidly changing and inappropriate documents, spreadsheets are not acceptable for external auditors and regulators.

Read Also: How To Analyze User Interviews

What Does User Buffer Mean Which Parameter Controls The Number Of Entries In The User Buffer

An SAP system automatically creates a user buffer when a user signs on. This buffer includes all authorizations for that user. Each user has their own buffer, which they can display using the T-code SU56. The tool is only for monitoring purposes, and no further action can be taken. The following profile parameter controls the number of entries in the user buffer: Auth/auth_number_in_userbuffer.

Sap Security Interview Questions And Answers:

1. What is SAP security?

SAP security is providing correct access to business users with respect to their authority or responsibility and giving permission according to their roles.

2. What is roles in SAP security?

Roles is referred to a group of t-codes, which is assigned to execute a particular business task. Each role in SAP requires particular privileges to execute a function in SAP that is called AUTHORIZATIONS.

3. Explain how you can lock all the users at a time in SAP?

4. Mention what are the pre-requisites that should be taken before assigning Sap_all to a user even there is an approval from authorization controllers?

Pre-requisites follows like

• Enabling the audit log- using sm 19 code
• Retrieving the audit log- using sm 20 code

5. What is the authorization object and authorization object class?

6. Explain how you can delete multiple roles from QA, DEV and Production System?

To delete multiple roles from QA, DEV and Production System, you have to follow below steps

Place the roles to be deleted in a transport Delete the rolesPush the transport through to QA and productionThis will delete all the all roles

7. What things you have to take care before executing Run System Trace?

If you are tracing batch user ID or CPIC, then before executing the Run System Trace, you have to ensure that the id should have been assigned to SAP_ALL and SAP_NEW. It enables the user to execute the job without any authorization check failure.

12. What is SOD in SAP Security?

Also Check: How To Watch Oprah Interview With Meghan And Harry

What Is Profile Version

Profiles contain a set of rights and restrictions associated with a specific user or group. User profiles specify what actions a user is allowed to perform on various resources, like sourcing documents or master data.

Changing and saving a profile does not overwrite the old status in the database. Instead, a new version is created with the updated values. SAP assigns a unique number to each profile version. Create a new profile, for example, and it will have a version number of 1. After that, additional profiles will have sequential version numbers.

What Is The Sap Grc

SAP GRC abbreviated as System, Applications, and Products , Governance, Risk and Compliance which is an integrated body combining of various activities which unite help the organizations to regulate several policies and reduce various risks. It is made up of three different terms viz. Governance, Risk, and Compliance which has specific definitions in this field which is as follows :

• GOVERNANCE: Governance is the combination of various processes which are established by various members of the board to automate various rules and conventions.
• RISK: Risk management is the proper procedure of managing risks in an organization and predicting future risks to run the organization smoothly and in a hassle-free manner.
• COMPLIANCE: Compliance focuses on following various rules regarding the companys policies, procedures, laws, rules and regulations and many more.

Read Also: How To Improve Your Interview Skills

What Are The Different Types Of Tabs That Are Present In The Pfcg

There are a lot of important and essential tabs that are present in the PFCG. The following tabs are included in the PFCG.

Q3 How Can I Massly Erase The Roles Without Erasing The New Roles

SAP FICO Course Training

SAP FICO Course: Ranked Amongst Top 3 Courses | Recognized by Govt of India | Award Winning Institute | ISO 29990:2010 Certified | Live Online Instructor-led Certified SAP FICO Training & Certification

Ans-There is an SAP report that removes the system type check and runs. To do a landscape with delete first enter the deleted roles to be deleted in a transport, run the erased program or manually erased and then leave the transport and include it into all kinds of systems. To use it you have to replace the code and check the SAP delivered roles only.

Read Also: How To Write An Interview Rejection Letter

Would It Be Possible To Mass Delete Roles Without Deleting The New Roles In Sap

SAP provides a report i.e., , which you can copy, then remove the system type check, and then execute/run. For mass deletion of roles without deleting the new roles in SAP, simply enter the roles that you wish to delete in a transport , run/execute the delete program or either delete manually, then release the transport and finally import the roles into all client systems. As soon as your transport, the role is deleted from all client systems.

It is necessary to tweak/debug & replace the code in AGR_DELETE_ALL_ACTIVITY_GROUPS to ensure it is deleting only SAP delivered roles. Getting past that little bit makes it work well.

How Do I Change The Name Of Master/parent Role Keeping The Name Of Derived/child Role The Same I Would Like To Keep The Name Of The Derived /child Role The Same And Also The Profile Associated With The Child Roles

First copy the master role using PFCG to a role with the new name you wish to have. Then you have to generate the role. Now open each derived role and delete the menu. Once the menus are removed it will let you put new inheritance. You can put the name of the new master role you created. This will help you keep the same derived role name and also the same profile name. Once the new roles are done you can transport them. The transport automatically includes the Parent roles.

Also Check: How To Get Ready For A Job Interview

Q6 What Is Offline Risk Analysis

Ans: Offline Mode Risk Analysis process is performed with the help of the Risk Identification and Remediation module in SAP GRC Access Control Suite. Offline mode Analysis helps in identifying SOD Violations in an ERP System remotely. The data from the system is exported to flat files and then it can be imported into the CC instance with the help of a data extractor utility.

It can also be used to remotely analyze an ERP system that may be present in a different ERP Landscape.

What Is Ume And How It Works

UME stands for the user management system. When A user tries to access a tab whose access is not with them, the tab will not display when the user tries to access that tab. A user can only access a function when a UME action is assigned for a tab for that particular user.

In the tab “Assigned Actions” of Admin user, all the available standard UME actions for CC tabs can be found.

Also Check: What To Expect In A Teaching Interview

Explain What Is The Difference Between A Role And A Profile

To be honest, there is no much difference between a role and a profile, they go hand in hand. A Role is nothing but a combination of authorizations and combinations. This information is stored in the form of Profiles. At any given point in time, it can be more than one profile associated with a role. By creating a role, a profile is automatically generated.

Explain The Various Advantages Of Using Global Trade Services

The advantages of using Global Trade Services are described below:

Recommended Reading: How To Write An Email After An Interview