SAP Security Challenge – May 2018

Welcome to the SAP Security Challenge by Xiting. How much do you know about SAP Security? Do you know what you don’t know? To help you identify those areas, Xiting has launched the SAP Security Challenge with a monthly quiz to test your knowledge. Stay tuned and follow our blog to broaden your skillset.

We will publish a new quiz every first of the month, consisting of ten (10) questions. Participants can submit their answers anytime between the first and last day of the month. The winner will be announced on the first day of the following month via newsletter and on our blog. Each participant enters the draw to win a ticket. One correct answer gives you one ticket in the draw (e.g. 8 correct answers gives you 8 tickets). The more you know, the higher the chances to win.

April Challenge

In April’s challenge, we had 192 participants and an overall average of 7.1 correct answers. In total, 7 participants were able to answer all questions correctly.

The Champion

We are very happy to announce that Matthew L. is the lucky winner of the SAP Security challenge of April 2018. Matthew answered 4 questions correctly and wins the $50 gift card from Amazon.

Answers from April’s Challenge

Which of the following tables can help in determining the single roles which are assigned to a given composite role?
With table AGR_AGRS, you can find all assignments to a composite role.

Which transaction can be used to see all available authorization objects?
You can see all available authorization objects in transaction SU21. In transcation SU20, you can find all the authorization fields.

Will table AGR_TCODES show manually inserted values for authorization object S_TCODE?
Manually inserted values in object S_TCODE will not be shown in table AGR_TCODES. AGR_TCODES only shows objects that are inserted through the role menu and hence pull authorization proposals.

In PFCG, what does an authorization with a status of “Changed” mean?
The status “Changed” means that the authorization values proposed by SU24 have been changed in the authorization. This status must be avoided as it breaks with the authorization proposals from SU24.

What is the sequence of an authorization check for a transaction?
When a user enters a transaction code, the first authorization checks are for S_TCODE and then TSTCA. If successful and the user is authorized to execute the transaction, further authorization checks in the program are being executed.

What is the purpose of transaction SE97?
In SE97, you can maintain the authorization check for another transaction that is executed via the CALL TRANSACTION statement. You can activate or deactivate an authorization check. It’s important to maintain the CALL TRANSACTIONS in SE97 to avoid unwanted behavior for called transactions.

In which transaction do you maintain variant transactions?
In transaction SHD0, you can create and maintain variant transaction. Variant transactions are especially helpful to remove unwanted buttons and options from standard transactions.

What authorization is required to debug ABAP code?
With S_DEVELOP and value DEBUG for field OBJTYPE you can debug ABAP code in the system. The activity 03 allows displaying the debugger. With activity 02, you can also manipulate the variables in the debugger and is hence considered highly critical.

Is it possible to deactivate the authorization check for object F_BKPF_BUK in a certain transaction, for example FK03?
Yes, you can deactivate the authorization check for objects that are not from basis or HR with the check indicator in SU24. If deactivated, the authorization check will be performed but will always pass regardless of the authorization of a user.

Which tables are behind transaction SU24? 
USOBT_C and USOBX_C contain the data behind transaction SU24. The table USOBX_C contains the check indicators of the authorization objects, while table USOBT_C contains the authorization objects including the authorization fields and values.

May Challenge

[qsm quiz=7]

We wish you the best of luck in the challenge.

Alessandro Banzer

Get in touch with us!

Do you have questions about our products?

+41 43 422 8803
[email protected]
+49 7656 8999 002
[email protected]
+1 855 594 84 64
[email protected]
+44 1454 838 785
[email protected]

Attend our live webinars and learn more from our experts about SAP authorizations, XAMS, SAP IDM and many other topics in the context of SAP security.

Register now