SAP SECURITY INTERVIEW QUESTIONS - SAP SECURITY

SAP SECURITY

SAP Security & GRC made easy

SAP SECURITY INTERVIEW QUESTIONS

by

 

General / Experience

  1. Could you walk me through your professional journey so far and your main responsibilities in previous roles?

  2. Have most of your projects been support-based, or have you also worked on implementations and upgrades?

  3. Have you had exposure to S/4HANA? If yes, in what areas?

  4. On a daily basis, how many tickets do you typically handle, and of what type?

  5. Can you share an example of a challenging ticket or enhancement you worked on?

  6. Have you ever received appreciation from the business or clients for your work?

GRC (Governance, Risk & Compliance)

  1. What areas of GRC have you worked in? (like EAM, ARA, Risk Management).

  2. How do you usually handle SOD conflicts for business users?

  3. Have you created or modified custom rulesets or risk definitions in GRC?

  4. What are the responsibilities of a Firefighter Owner and Controller?

  5. Have you worked on GRC role design activities? If yes, what was your approach?

  6. Can you explain the difference between an SOD conflict and a critical permission?

  7. How does the system actually detect SOD conflicts?

  8. Have you worked on creating custom reason codes in GRC?

Security / Roles & Authorizations

  1. What’s your approach to role design in ECC compared to S/4HANA?

  2. If a transaction is giving change access but you only want display access, how would you handle it?

  3. What are the key differences between Master and Derived roles?

  4. How do you identify whether a role is master, derived, single, or composite?

  5. What are the different statuses of authorization objects when you’re creating or modifying a role?

  6. When you add a TCode in PFCG, how do the authorization objects get populated?

  7. Have you worked on SU25 steps? If yes, can you explain how you performed them?

  8. If a role is accidentally deleted in production, how would you restore it?

  9. Can we add a composite role inside another composite role? Why or why not?

User Administration

  1. What are the mandatory fields when creating a user in SU01?

  2. What are the different user types in SAP, and how do they differ?

  3. Can a communication user be used for background job scheduling? Why or why not?

  4. What is a reference user, and how is it typically used?

  5. What are the different types of locks available in SAP?

  6. How is the password reset process usually handled in your projects?

  7. In SU01, there’s a delete option for users — do you ever use it? Why/why not?

  8. Can a user be created without address data?

  9. How do you reset passwords for multiple users at once?

Fiori

  1. What experience do you have in Fiori Security — like catalogs, groups, spaces, and pages?

  2. Have you created technical catalogs?

  3. How do you add an OData service in a role?

  4. What’s the difference between Groups, Spaces, and Pages in Fiori?

  5. Can you explain how you troubleshoot Fiori authorization issues?

  6. What’s the difference between Embedded and Central Hub deployment in Fiori?

  7. Which transaction codes do you usually use for Fiori troubleshooting?

Technical / Troubleshooting

  1. If a user logs a ticket about a missing authorization but provides very little info, how would you troubleshoot it?

  2. In trace analysis, what do RC (Return Code) values mean?

  3. What is the difference between SU53, STAUTHTRACE, ST01, and SU56?

  4. Which AGR_* and USR_* tables do you work with most often, and what are their uses?

  5. How do you fetch user email addresses from SAP tables?

  6. What are PFUD and SUPC transactions used for?

  7. What is the difference between S_TABU_DIS and S_TABU_NAM?

  8. What is position-to-role mapping, and how is it used?

  9. SAP_ALL and SAP_NEW are assigned, but a user is still facing issues — what would you check first?

Project & Compliance

  1. Are you familiar with SOX compliance and its impact on SAP Security?

  2. What does “cutover phase” mean in a project, and what activities have you handled in that phase?

  3. How do you ensure compliance when handling sensitive transactions like SU01 in production?

  4. In your projects, who is usually responsible for defining risks in GRC?

  5. Do you have experience with BTP or IAG? If yes, how does role collection work there?

By

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)