SAP Security Challenge – April 2018

by

Welcome to the SAP Security Challenge by Xiting. How much do you know about SAP Security? Do you know what you don’t know? To help you identify those areas, Xiting has launched the SAP Security Challenge with a monthly quiz to test your knowledge. Stay tuned and follow our blog to broaden your skillset.

We will publish a new quiz every first of the month, consisting of ten (10) questions. Participants can submit their answers anytime between the first and last day of the month. The winner will be announced on the first day of the following month via newsletter and on our blog. Each participant enters the draw to win a ticket. One correct answer gives you one ticket in the draw (e.g. 8 correct answers gives you 8 tickets). The more you know, the higher the chances to win.

March Challenge

In March’s challenge, we had 164 participants and an overall average of 7.2 correct answers. In total, 14 participants were able to answer all questions correctly.

The Champion

We are very happy to announce that Todd A. is the lucky winner of the SAP Security challenge of March 2018. Todd answered 8 questions correctly and wins the $50 gift card from Amazon.

Answers from March’s Challenge

You have upgraded your SAP system to a higher release and would like to adjust your authorizations. Which transaction do you work with in this case?
Using SU25 (except step 1), you can compare the new authorization objects provided by SAP, modified check indicators or default values with your values in SU24.

Which object ensures that the user can copy and paste within the SAP system?
The object S_GUI with the ACTVT 02 authorizes to copy data to the clipboard for the following cases: List – Save – Local file. Format “To Clipboard” , and ALV Grid Control (Ctrl + C).

You want to know a users’ favorites. How do you proceed?
Favorites of all users in are stored in the table SMEN_BUFFC.

In which table can you adjust the parameter settings of Session Manager values?
In the SSM_CUST table, you can adjust the parameter settings of values for the session manager. For example DELETE_DOUBLE_TCODES.

Which authorization object controls the batch input authorizations?
S_BDC_MONI controls the batch input authorizations.

With which main switch can you activate the check of structural authorizations in transaction OOAC?
With the value 1 at the ORGPD main switch, you can activate the structural authorization check.

Which background job can you schedule for user comparison?
You can schedule the user comparison with the background job PFCG_TIME_DEPENDENCY or the report RHAUTUPD_NEW.

Select the true statements that apply to enabler role (or also called value role) concepts?
Enabler roles concepts break SAP standard, increase the complexity of the security design as well as the upgradability of your roles to new releases. Also, performing SOD analysis and running role testings become significantly tougher as you always have to consider two roles, the functional role, and its enabler. Read more about why not to use enabler roles in the following blog: https://xiting.us/blog/comparison-sap-role-design-concepts/

With S/4HANA, SAP delivers a simplification list that tells you which transactions become obsolete, are being replaced, etc. How many pages long is the simplification list for the latest S/4HANA release 1709?
SAP S/4HANA introduces a completely new data model. As a result, you will have to update your existing security model, including roles and authorizations. Analyzing and updating your old roles is a time-consuming process that could consume valuable project resources. SAP has documented many but not all required changes to your roles in its Simplification List. With the latest release 1709, SAP documents its simplifications on over 900 pages. Learn how Xiting can help you to apply those simplifications to all your roles: https://xiting.us/sap-s4hana-migration/

With NetWeaver 7.50, what’s the limit of profiles a user can have assigned?
With NetWeaver 7.50, the model of how the system saves the profile assignments has changed. As of 7.50, there is no limitation of profiles a user can have assigned. In previous releases, the limit was at 312 profiles. With 7.50, the system saves the profile assignments in the central change documents (CDHDR / CDPOS).

 

April Challenge

SAP Security Challenge - April 2018

Complete our April Challenge and enter the draw to win a $50 Amazon gift card.

Your name:
Your email:

Which of the following tables can help in determining the single roles which are assigned to a given composite role?

Which transaction can be used to see all available authorization objects?

Will table AGR_TCODES show manually inserted values for authorization object S_TCODE?

In PFCG, what does an authorization with a status of “Changed” mean?

What is the sequence of an authorization check for a transaction?

What is the purpose of transaction SE97?

In which transaction do you maintain variant transactions?

What authorization is required to debug ABAP code?

Is it possible to deactivate the authorization check for object F_BKPF_BUK in a certain transaction, for example FK03?

Which tables are behind transaction SU24? (select all that apply)


We wish you the best of luck in Aprils challenge.

Alessandro Banzer

Alessandro has worked in the field of IT since 2004, specializing in SAP in 2009 and working on global SAP projects in various roles since that date. Alessandro is an active contributor and moderator in the Governance, Risk and Compliance space on SAP SCN. Alessandro is in charge of Xiting's operations in the United States and a subject matter expert in SAP Access Control and SAP Security.