{"id":2778,"date":"2018-03-01T06:00:11","date_gmt":"2018-03-01T11:00:11","guid":{"rendered":"https:\/\/www.xiting.us\/?p=2778"},"modified":"2026-02-15T16:43:03","modified_gmt":"2026-02-15T15:43:03","slug":"sap-security-challenge-march-2018","status":"publish","type":"post","link":"https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/","title":{"rendered":"SAP Security Challenge &#8211; March 2018"},"content":{"rendered":"<p>Welcome to the&nbsp;<a href=\"https:\/\/www.xiting.us\/blog\/sap-security-challenge\/\">SAP Security Challenge<\/a>&nbsp;by Xiting. How much do you know about SAP Security? Do you know what you don&#8217;t know? To help you identify those areas, Xiting has launched the SAP Security Challenge with a monthly quiz to test your knowledge. Stay tuned and follow our blog to broaden your skillset.<\/p>\n<p>We will publish a new&nbsp;<span class=\"highlight\"><span class=\"colour\"><span class=\"font\"><span class=\"size\">quiz<\/span><\/span><\/span><\/span>&nbsp;every first of the month, consisting of ten (10) questions. Participants can submit their answers anytime between the first and last day of the month. The winner will be announced on the first day of the following month via newsletter and on our blog. Each participant enters the draw to win a ticket. One correct answer&nbsp;gives you one ticket in the draw (e.g. 8 correct answers gives you 8 tickets). The more you know, the higher the chances to win.<\/p>\n<h2>February&#8217;s Challenge<\/h2>\n<p>In February&#8217;s challenge, we had 119 participants and an overall average of 6.4 correct answers. In total, 3 participants&nbsp;were able to answer all questions correctly.<\/p>\n<h3>The Champion<\/h3>\n<p>We are very happy to announce that <strong>Stacie P.<\/strong> is the lucky winner of the SAP Security challenge&nbsp;of February 2018. Stacie answered 7 questions correctly and wins a copy of the book&nbsp;<strong>Authorizations in SAP: 100 Things You Should Know About.<\/strong><\/p>\n<h3>Answers from February&#8217;s Challenge<\/h3>\n<p><strong>What should be changed in a derived role only?<\/strong><br \/>\nIn the best case, a derived role should only differ from the master role in terms of the org levels. Thus, the org level values can be changed in a derived role. From a purely technical point of view, it is also possible to change the authorization data in the derived role. However, this is not recommended because of inconsistencies between the master and the derived role.<\/p>\n<p><strong>Which user type should be used in RFC connections?<\/strong><br \/>\nFor RFC connections, a &#8220;System&#8221; type user should always be used.<\/p>\n<p><strong>You want to avoid double TCODES. How do you do it?<\/strong><br \/>\nIn table SSM_CUST, set the parameter DELETE_DOUBLE_TCODES to &#8220;YES&#8221; and you avoid Duplicate TCODES in your roles.<\/p>\n<p><strong>In a CUA environment, in which transaction can you define that reference users are defined locally (directly in the child system)?<\/strong><br \/>\nThe distribution parameters are defined in SCUM. In transaction SCUM, you can set the role assignment to reference users under the &#8220;Roles&#8221; tab.<\/p>\n<p><strong>Jerry wants to see Tim&#8217;s spools. What authorization does Jerry need for this?<\/strong><br \/>\nIn order for Jerry to be able to select jobs from other users, the basic requirement is S_ADMI_FCD with the value SP0R. To be able to select Tim&#8217;s spools, Jerry needs S_SPO_ACT for the action (SPOAUCTION) Base and DISP for the user (SPOAUTH) Tim.<\/p>\n<p><strong>How many authorization fields can an authorization object have at most?<\/strong><br \/>\nAn authorization object can have a maximum of 10 authorization fields.<\/p>\n<p><strong>In which transaction can you define authorization groups for document types?<\/strong><br \/>\nYou can define authorization groups for document types in transaction OBA7.<\/p>\n<p><strong>What transaction can you use to create user-specific security policies?<\/strong><br \/>\nThe SECPOL transaction can be used to define security policies for specific user groups.<\/p>\n<p><strong>User Tom reports a failed authorization check. In SU53, however, you cannot find Tom\u2019s failed authorization check, even though he just got the message in the same client. What can be the issue?<\/strong><br \/>\nThe SU53 is instance specific. So, it is possible that you will not see any failed checks in SU53 for Tom, although an authority check failed. To avoid this, you can activate a system-wide trace in STAUTHTRACE.<\/p>\n<p><strong>What is the default number of stored authorization checks of SU53?<\/strong><br \/>\nBy default, the number of stored authorization checks in the SAP standard is limited to 100 per work process.<\/p>\n<h2>March Challenge<\/h2>\n<p>[qsm quiz=5]<\/p>\n<p>We wish you the best of luck in March&#8217;s challenge.<\/p>\n<div class=\"grammarly-disable-indicator\"><\/div>\n<div class=\"grammarly-disable-indicator\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to the&nbsp;SAP Security Challenge&nbsp;by Xiting. How much do you know about SAP Security? Do you know what you don&#8217;t know? To help you identify those areas, Xiting has launched the SAP Security Challenge with a monthly quiz to test your knowledge. Stay tuned and follow our blog to broaden your skillset. We will publish [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":9385,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[1835],"tags":[145],"class_list":["post-2778","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-securityquiz"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.2 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SAP Security Challenge &#8211; March 2018 - Xiting<\/title>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAP Security Challenge &#8211; March 2018\" \/>\n<meta property=\"og:description\" content=\"Welcome to the&nbsp;SAP Security Challenge&nbsp;by Xiting. How much do you know about SAP Security? Do you know what you don&#039;t know? To help you identify\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiting\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XitingAG\" \/>\n<meta property=\"article:published_time\" content=\"2018-03-01T11:00:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-15T15:43:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiting.com\/wp-content\/uploads\/2019\/10\/rough-horn-2146181_1920.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1800\" \/>\n\t<meta property=\"og:image:height\" content=\"1012\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alessandro Banzer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alessandro Banzer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/news\\\/sap-security-challenge-march-2018\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/news\\\/sap-security-challenge-march-2018\\\/\"},\"author\":{\"name\":\"Alessandro Banzer\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/person\\\/9f4b7239bdd4d109e5a45c9432779d5e\"},\"headline\":\"SAP Security Challenge &#8211; March 2018\",\"datePublished\":\"2018-03-01T11:00:11+00:00\",\"dateModified\":\"2026-02-15T15:43:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/news\\\/sap-security-challenge-march-2018\\\/\"},\"wordCount\":642,\"publisher\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/news\\\/sap-security-challenge-march-2018\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/sap-security-blog-security-challenge.jpg\",\"keywords\":[\"securityquiz\"],\"articleSection\":[\"SAP Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/news\\\/sap-security-challenge-march-2018\\\/\",\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/news\\\/sap-security-challenge-march-2018\\\/\",\"name\":\"SAP Security Challenge &#8211; March 2018 - Xiting\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/news\\\/sap-security-challenge-march-2018\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/news\\\/sap-security-challenge-march-2018\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/sap-security-blog-security-challenge.jpg\",\"datePublished\":\"2018-03-01T11:00:11+00:00\",\"dateModified\":\"2026-02-15T15:43:03+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/news\\\/sap-security-challenge-march-2018\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/xiting.com\\\/en\\\/news\\\/sap-security-challenge-march-2018\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/news\\\/sap-security-challenge-march-2018\\\/#primaryimage\",\"url\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/sap-security-blog-security-challenge.jpg\",\"contentUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/sap-security-blog-security-challenge.jpg\",\"width\":964,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/news\\\/sap-security-challenge-march-2018\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/xiting.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP Security Challenge &#8211; March 2018\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/\",\"name\":\"Xiting\",\"description\":\"Your Expert for SAP Security\",\"publisher\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/xiting.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#organization\",\"name\":\"Xiting\",\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/xiting-logo.svg\",\"contentUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/xiting-logo.svg\",\"width\":1,\"height\":1,\"caption\":\"Xiting\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/XitingAG\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/1345129\\\/\",\"https:\\\/\\\/www.instagram.com\\\/xiting.global\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/person\\\/9f4b7239bdd4d109e5a45c9432779d5e\",\"name\":\"Alessandro Banzer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bd69cf75d8008518f801684fb686af7daad3e988b323551989d44fb47d82a240?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bd69cf75d8008518f801684fb686af7daad3e988b323551989d44fb47d82a240?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bd69cf75d8008518f801684fb686af7daad3e988b323551989d44fb47d82a240?s=96&d=mm&r=g\",\"caption\":\"Alessandro Banzer\"},\"description\":\"Alessandro has worked in the field of IT since 2004, specializing in SAP in 2009 and working on global SAP projects in various roles since that date. Alessandro is an active contributor and moderator in the Governance, Risk, and Compliance space on SAP SCN. Alessandro is in charge of Xiting's operations in the United States and a subject matter expert in SAP Access Control, SAP Cloud IAG, and SAP Security.\",\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAP Security Challenge &#8211; March 2018 - Xiting","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"SAP Security Challenge &#8211; March 2018","og_description":"Welcome to the&nbsp;SAP Security Challenge&nbsp;by Xiting. How much do you know about SAP Security? Do you know what you don't know? To help you identify","og_url":"https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/","og_site_name":"Xiting","article_publisher":"https:\/\/www.facebook.com\/XitingAG","article_published_time":"2018-03-01T11:00:11+00:00","article_modified_time":"2026-02-15T15:43:03+00:00","og_image":[{"width":1800,"height":1012,"url":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/10\/rough-horn-2146181_1920.jpg","type":"image\/jpeg"}],"author":"Alessandro Banzer","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alessandro Banzer","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/#article","isPartOf":{"@id":"https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/"},"author":{"name":"Alessandro Banzer","@id":"https:\/\/xiting.com\/en\/#\/schema\/person\/9f4b7239bdd4d109e5a45c9432779d5e"},"headline":"SAP Security Challenge &#8211; March 2018","datePublished":"2018-03-01T11:00:11+00:00","dateModified":"2026-02-15T15:43:03+00:00","mainEntityOfPage":{"@id":"https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/"},"wordCount":642,"publisher":{"@id":"https:\/\/xiting.com\/en\/#organization"},"image":{"@id":"https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/#primaryimage"},"thumbnailUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/01\/sap-security-blog-security-challenge.jpg","keywords":["securityquiz"],"articleSection":["SAP Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/","url":"https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/","name":"SAP Security Challenge &#8211; March 2018 - Xiting","isPartOf":{"@id":"https:\/\/xiting.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/#primaryimage"},"image":{"@id":"https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/#primaryimage"},"thumbnailUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/01\/sap-security-blog-security-challenge.jpg","datePublished":"2018-03-01T11:00:11+00:00","dateModified":"2026-02-15T15:43:03+00:00","breadcrumb":{"@id":"https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/#primaryimage","url":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/01\/sap-security-blog-security-challenge.jpg","contentUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/01\/sap-security-blog-security-challenge.jpg","width":964,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/xiting.com\/en\/news\/sap-security-challenge-march-2018\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiting.com\/en\/"},{"@type":"ListItem","position":2,"name":"SAP Security Challenge &#8211; March 2018"}]},{"@type":"WebSite","@id":"https:\/\/xiting.com\/en\/#website","url":"https:\/\/xiting.com\/en\/","name":"Xiting","description":"Your Expert for SAP Security","publisher":{"@id":"https:\/\/xiting.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiting.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiting.com\/en\/#organization","name":"Xiting","url":"https:\/\/xiting.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiting.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/08\/xiting-logo.svg","contentUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/08\/xiting-logo.svg","width":1,"height":1,"caption":"Xiting"},"image":{"@id":"https:\/\/xiting.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XitingAG","https:\/\/www.linkedin.com\/company\/1345129\/","https:\/\/www.instagram.com\/xiting.global\/"]},{"@type":"Person","@id":"https:\/\/xiting.com\/en\/#\/schema\/person\/9f4b7239bdd4d109e5a45c9432779d5e","name":"Alessandro Banzer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/bd69cf75d8008518f801684fb686af7daad3e988b323551989d44fb47d82a240?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/bd69cf75d8008518f801684fb686af7daad3e988b323551989d44fb47d82a240?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/bd69cf75d8008518f801684fb686af7daad3e988b323551989d44fb47d82a240?s=96&d=mm&r=g","caption":"Alessandro Banzer"},"description":"Alessandro has worked in the field of IT since 2004, specializing in SAP in 2009 and working on global SAP projects in various roles since that date. Alessandro is an active contributor and moderator in the Governance, Risk, and Compliance space on SAP SCN. Alessandro is in charge of Xiting's operations in the United States and a subject matter expert in SAP Access Control, SAP Cloud IAG, and SAP Security.","url":"https:\/\/xiting.com\/en\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/posts\/2778","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/comments?post=2778"}],"version-history":[{"count":2,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/posts\/2778\/revisions"}],"predecessor-version":[{"id":46933,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/posts\/2778\/revisions\/46933"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/media\/9385"}],"wp:attachment":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/media?parent=2778"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/categories?post=2778"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/tags?post=2778"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}