SAP Security Interview Questions
Q. What are the different tabs in PFCG?
Following are some of the important tabs in PFCG:
- Description – We define the role name and role text. We also have a text description option at the bottom where we can provide other details related to the role. Those details can be the ticket no through which the role was created, the various changes (addition/removal of tcodes, authorization objects etc) and the date when those changes took place and the user who performed that task etc. It is a good practice to make use of this space as it helps in identifying the reasons for changes.
- Menu – For designing user menus like for addition of tcodes etc.
- Authorizations – For maintenance of Authorization data. Also for generating authorization profile.
- User – For assigning users to role and for adjusting user master Records.
Q What does user compare do?
When a role is used for generating authorization profile, then the user master record needs to be compared so that the generated authorization profile can be entered in the user master record. This comparison is done using tcode PFUD or by scheduling the report PFCG_TIME_DEPENDENCY.
Q. What is user buffer?
A user buffer contains all authorizations of a user. Each user has his own user buffer and it can be displayed by executing tcode SU56. The authorization check fails when the user does not have necessary authorization in his user buffer or if the user buffer contains too many entries and has overflowed. The number of entries in user buffer is controlled using profile parameter “Auth/auth_number_in_userbuffer“.
Q. How many transaction codes can be assigned to a role?
A maximum of around 14000 transaction codes can be assigned to a role.
Q. How many authorizations fit into a profile?
A maximum of 150 authorizations fit into a profile. If the number of authorizations exceeds this value, the profile generator automatically creates one more profile for the role.