SAP Security Challenge – February 2018
Welcome to the SAP Security Challenge by Xiting. How much do you know about SAP Security? Do you know what you don’t know? To help you identify those areas, Xiting has launched the SAP Security Challenge with a monthly quiz to test your knowledge. Stay tuned and follow our blog to broaden your skillset.
We will publish a new quiz every first of the month, consisting of ten (10) questions. Participants can submit their answers anytime between the first and last day of the month. The winner will be announced on the first day of the following month via newsletter and on our blog. Each participant enters the draw to win a ticket. One correct answer gives you one ticket in the draw (e.g. 8 correct answers gives you 8 tickets). The more you know, the higher the chances to win.
In January’s challenge, we had 112 participants and an overall average of 7.1 correct answers. In total, 9 participants were able to answer all questions correctly.
We are very happy to announce that Connie T. is the lucky winner of the SAP Security challenge of January 2018. Connie answered 9 questions correctly and wins a free ticket to the HANA, BI, Basis and Admin conference in Las Vegas. Congratulations, Connie.
Answers from January’s Challenge
Which SAP standard transaction can be used to mass maintain users?
Transaction SU10 allows mass maintenance of users.
Which of the following tables can help in determining the single roles which are assigned to a given composite role?
Table AGR_AGRS holds the relationship between composite and its singles roles.
Which transaction can be used to check the User Buffer?
Transaction SU56 allows an administrator to not only view his own authorizations that are loaded into the buffer but also for other users.
An SAP system knows five different types of users, which of them can be used for Dialog Logon?
Dialog and Service users can be used for Dialog Logon.
In client 066 (EarlyWatch), what is the default password of user EARLYWATCH after installation?
The default password of EARLYWATCH in client 066 is SUPPORT. Make sure to change the password to protect your SAP system.
Which standard report can be used to check SAP default passwords of standard users?
The standard report RSUSR0003 displays standard users and its status across all clients in a system. It is important to execute this report in each system, as users are client dependent and hence different in each client and system.
What is the Code Version in SAP used for?
Passwords are stored as a hash value and not in cleartext. An algorithm generates the hash value from the cleartext password and stores its value in the USR02 table. The algorithm that generates that hash value is called code version.
Which standard transaction allows the maintenance of authorizations values (including organizational levels) of multiple roles?
Transaction PFCGMASSVAL allows the maintenance of authorizations values of multiple roles including the maintenance of organization levels and its field values.
What’s correct about client-dependent and client-independent tables?
Client-dependent tables contain data that a user creates in one client and that is not shared among other clients. An example of a client-dependent table is the user master data table USR02. Client-independent tables, on the other hand, contain data that is shared across all clients of a system (e.g. dictionary objects in table TADIR). To distinguish if a table is client-dependent or client-independent, field MANDT of type CLNT exists in client-dependent tables only.
Client-independent tables are protected with which authorization object?
Client-independent tables must be protected properly as maintenance can cause side-effects in other clients. Therefore, SAP implemented a supplementary authorization object (S_TABU_CLI) which is only checked when trying to maintain client-independent tables in addition to S_TABU_DIS and S_TABU_NAM.
We wish you the best of luck in February’s challenge.