SAP Security Interview Questions and Answers for 2024: The Ultimate Guide

If you're preparing for SAP Security interviews, here's a simplified list of key questions and answers to help you succeed. Whether you're a fresher or experienced, these questions cover essential concepts.


Top 10 SAP Security Interview Questions:

  1. What is SAP Security? SAP Security ensures users get appropriate access based on their roles and responsibilities.

  2. What are roles in SAP Security? Roles group transaction codes (T-codes) and authorizations needed for specific tasks.

  3. Difference between single role and derived role?

    • Single Role: You can add or remove T-codes.

    • Derived Role: Inherits T-codes and authorizations but can’t modify them.

  4. What is SOD in SAP Security? SOD (Segregation of Duties) prevents conflicts and reduces fraud risks by separating tasks.

  5. What is a user buffer? It’s a temporary storage of a user’s authorizations created at login.

  6. What is user comparison? It updates user master records with assigned roles and profiles.

  7. What is a derived role? A role that inherits menu structures and functions from a parent role.

  8. What are the common SAP Security T-codes? Examples: SU01 (Create/Change User), SU53 (Auth Analysis), PFCG (Role Maintenance), ST01 (Trace).

  9. What are different types of users in SAP? Types include Dialog, System, Communication, Service, and Reference users.

  10. How do you lock all users in SAP? Use T-code EWZ5.


Best SAP Security Questions

  1. Difference between USOBX_C and USOBT_C?

    • USOBX_C: Defines which auth checks are active.

    • USOBT_C: Proposes default authorization values for transactions.

  2. Steps before assigning SAP_ALL?

    • Enable audit logging (T-code SM19).

    • Retrieve audit logs (T-code SM20).

  3. What is an authorization object? A set of fields that define permissions for specific activities.

  4. How to delete multiple roles from systems?

    • Add roles to transport.

    • Delete roles and transport them across systems.

  5. Steps before running a system trace? Assign SAP_NEW or SAP_ALL to ensure no authorization failures.

  6. Max profiles and objects in a role?

    • Profiles: 312

    • Objects: 170

  7. T-code to lock/unlock transactions? Use T-code SM01.

  8. What is PFCG Time Dependency? A report (T-code PFUD) that removes expired profiles from user records.

  9. What are the main PFCG tabs?

    • Description: Role details.

    • Menu: User menu design.

    • Authorization: Authorization data maintenance.

    • User: Assign users to roles.

  10. T-code to delete old security audit logs? Use T-code SM18.


Advanced SAP Security Questions

  1. Program to regenerate SAP_ALL profile? AGR_REGENERATE_SAP_ALL.

  2. Table to display T-code text? Use table TSTCT.

  3. How to display a user buffer? Use T-code SU56.

  4. Table to determine single roles for a composite role? Use table AGR_AGRS.

  5. How to monitor security audit filters? Parameter: rsau/no_of_filters.

  6. What are composite roles? Groups of roles assigned together to simplify user management.

  7. Most common SAP Security T-codes?

    • SU01: Create/Change User.

    • SU53: Authorization Analysis.

    • ST01: Trace.

    • PFCG: Role Maintenance.

  8. How to enforce password rules? Use a profile parameter for password policies.

  9. What is the T-code for authorization group creation? Use T-code SE54.

  10. How to check background jobs? Use T-code SM37.


General Questions

  1. What are role templates? Predefined activity clusters with transactions, reports, and web links.

  2. Steps to create a user group?

    • Use T-code SUGR.

    • Provide a group name and description.

  3. How to check transport requests created by others? Use T-code SE10.

  4. How to find system default security parameters? Use T-code RSPFPAR.

  5. T-code for copying USOBT and USOBX data? Use T-code SU25.

  6. Purpose of ST01 T-code? For tracing user authorizations.

  7. Max T-codes in a role? Up to 14,000 T-codes can be added.

  8. Table to store illegal passwords? Use table USR40.

  9. What is the max number of roles per user? 312 roles.

  10. T-code to display user lists? Use T-code SM04 or AL08.

  11. How to manage lock entries? Use T-code SM12.

  12. Difference between role and profile?

    • Role: Groups T-codes and authorizations.

    • Profile: Technical representation of a role.

  13. What are profile versions? Updated versions of profiles created after modifications.


This simplified list is designed to help you focus on key SAP Security concepts and T-codes to ace your interviews.

Comments Comments