SAP security is providing correct access to business users with respect to their authority or responsibility and giving permission according to their roles.
“Roles” is referred to a group of t-codes, which is assigned to execute particular business task. Each role in SAP requires particular privileges to execute a function in SAP that is called AUTHORIZATIONS.
By executing EWZ5 t-code in SAP, all the user can be locked at the same time in SAP.
Pre-requisites follows like Enabling the audit log- using sm 19 tcode Retrieving the audit log- using sm 20 tcode
Authorization Object: Authorization objects are groups of authorization field that regulates particular activity. Authorization relates to a particular action while Authorization field relates for security administrators to configure specific values in that particular action. Authorization object class: Authorization object falls under authorization object classes, and they are grouped by function area like HR, finance, accounting, etc.
For the single role, we can add or delete the t-codes while for a derived role you cannot do that.
SOD means Segregation of Duties it is implemented in SAP in order to detect and prevent error or fraud during the business transaction. For example, if a user or employee has the privilege to access bank account detail and payment run, it might be possible that it can divert vendor payments to his own account.
SU03: It gives an overview of an authorization object SU02: It gives an overview of the profile details
These interview questions will also help in your viva(orals)
Calle Eloy Gonzalo, 27
Código Postal 28010
Paseo de la Reforma 26
Colonia Juárez, Cuauhtémoc
Ciudad de México 06600
Autopista General Cañas,
San José, SJ 40104
Av. Jorge Basadre 349
Lima, LIM 15073