Xiting SAP Security Blog

SAP Security Challenge – November 2018


Welcome to the SAP Security Challenge by Xiting. How much do you know about SAP Security? Do you know what you don’t know? To help you identify those areas, Xiting has launched the SAP Security Challenge with a monthly quiz to test your knowledge. Stay tuned and follow our blog to broaden your skillset.

We will publish a new quiz every first of the month, consisting of seven (7) questions. Participants can submit their answers anytime between the first and last day of the month. The winner will be announced on the first day of the following month via newsletter and on our blog. Each participant enters the draw to win a ticket. One correct answer gives you one ticket in the draw (e.g. 5 correct answers gives you 5 tickets). The more you know, the higher the chances to win.

October Challenge

In October’s challenge, we had 79 participants and an overall average of 6.4 correct answers. In total, 6 participants were able to answer all questions correctly.

The Champion

We are very happy to announce that Briee D. is the lucky winner of the SAP Security challenge of September 2018. Gabriel answered 3 questions correctly and wins a copy of the SAP System Security Guide co-authored by Xiting’s Alessandro Banzer. Congratulations, Briee.

Answers from October’s Challenge

Which authorization object gets checked when assigning roles, profiles, and systems to a user in the Central User Administration (CUA) to check the systems to which the user administrator can assign the users?
The system performs an authority check against object S_USER_SAS. You can deactivate the check with customizing option CHECK_S_USER_SAS in table PRGN_CUST through transaction SM30. For more information, see SAP note 513694.

Which parameter and value allows to automatically refresh the user buffer when saving new role assignments in SU01?
Setting the parameter auth\new_buffering to 4 allows for immediate refresh of the user buffer at user comparison. In the latest releases, this is the default value pre-delivered by SAP. Please note, that changing this parameter to value 4 might have an impact on the runtime while saving a user with many role assignments as well as when running the PRFC_TIME_DEPENDENCY job. For more inforamtion, please refer to SAP Note 452904.

A role can contain several profiles. In which of the following tables can you get an overview of the profiles?
In table AGR_1016, you can get the list of all profiles that are generated for a role.

In which table can you find multiple logons by a user?
In table USR41_MLD, you can find the list of users with multiple logons.

After a release upgrade, you want to know which transaction codes replace an existing transaction. How do you proceed?
After a release upgrade, use step 2D in SU25 to find transactions that have been replaced. You can also use table PRGN_CORR2 to do the same analysis.

You want to allow certain users to only reset passwords for user maintenance but nothing else. How do you achieve that in SAP standard?
In SU01, it is not possible to restrict the authorizations to only reset passwords with authorization objects as Activity 05 works along with lock/unlock. Instead, you can create a transaction variant in SHD0 and remove the buttons that are not required (e.g. lock/unlock).

What do you correctly call authorizations for a HANA database?
Authorizations in a HANA database are called Privileges.

What technology enables you to disable the passwords of dialog and technical users in an SAP ABAP system?
With the Secure Network Communication (SNC), you can increase your security by deactivating passwords for dialog and technical users. At the same time, you increase productivity by enabling SAP Single Sing-On (SSO).

What protocol/technology enables digital signatures in SAP?
With Secure Store and Forward (SSF), you can enable digital signatures and secure re-authentication in SAP ABAP systems.

What’s the name of the cryptographic library that SAP ships with the latest kernel?
The cryptographic library that SAP ships with the kernel is called Common CryptoLib.

November Challenge

SAP Security Challenge - November 2018

Complete our November Challenge and enter the draw to win a copy of the SAP System Security Guide. By completing the SAP Security Challenge, you agree to Xiting's Cookie and Privacy Policy.

Your name:
Your email:
With reference users, do the assigned roles to the reference user append or replace the roles of the dialog user?
What's the release cycle of S/4HANA?
What types of application can be maintained in SU24? (select all that apply)
What's the recommended alternative to authorize generic table access instead of SE16 or other data browser transaction?
With parameter transactions for SE16/SM30, is it recommended to propose the table name or table authorization group through SU24 for S_TABU* objects?
Which transaction can be used to maintain SNC names for dialog user in batch mode?
With SNC, you can enforce SNC logon for your users. What scenarios are possible? (select all that apply)

We wish you the best of luck in the challenge.

Alessandro Banzer

Alessandro has worked in the field of IT since 2004, specializing in SAP in 2009 and working on global SAP projects in various roles since that date. Alessandro is an active contributor and moderator in the Governance, Risk and Compliance space on SAP SCN. Alessandro is in charge of Xiting's operations in the United States and a subject matter expert in SAP Access Control and SAP Security.