SAP Security Interview Questions
Q. How many profiles can be assigned to any user master record?
Maximum number of profiles that can be assigned to any user master record is 312. Table USR04 contains the profiles assigned to users. The field PROFS in USR04 table is used for saving the change flag and the name of the profiles assigned to the user. The change flags are – C which means “User was created” and M which means “User was changed”. The field PROFS is defined with a length of 3750 characters. Since the first two characters are intended for the change flag, 3748 characters remain for the list of the profile names per user. Because of the maximum length of 12 characters per profile name, this results in a maximum number of 312 profiles per user.
Q. Can a composite role be assigned to another composite role?
No. A composite role cannot be assigned to another composite role. Single roles are assigned to composite roles.
Q. What does the PFCG_TIME_DEPENDENCY clean up?
The ‘PFCG_TIME_DEPENDENCY’ background report cleans up the profiles (that is, it does not clean up the roles in the system). Alternatively, transaction code ‘PFUD’ may also be used for this purpose.
Q. How to prevent custom objects from getting added to SAP_ALL profile?
Go to table PRGN_CUST and set the following parameter: ADD_ALL_CUST_OBJECTS with value N.
Regenerate the SAP_ALL profile with report RSUSR406 to have the customer object to be removed from SAP_ALL. See SAP Note 410424 for more info.
Q. How to find out all actvt in sap?
All possible activities (ACTVT) are stored in table TACT , and the valid activities for each authorization object can be found in table TACTZ.
Q. How to remove duplicate roles with different start and end date from user master?
Duplicate roles assigned to a user can be removed using PRGN_COMPRESS_TIMES.