SAP Security Challenge – January 2019
What better way to start off a new year than the Security Challenge. Get yourself ready for 2019 with our challenge. Find out how much do you know about SAP Security? Do you know what you don’t know? To help you identify those areas, Xiting has launched the SAP Security Challenge with a monthly quiz to test your knowledge. Stay tuned and follow our blog to broaden your skillset.
We will publish a new quiz every first of the month, consisting of multiple questions. Participants can submit their answers anytime between the first and last day of the month. The winner will be announced on the first day of the following month via newsletter and on our blog. Each participant enters the draw to win a ticket. One correct answer gives you one ticket in the draw (e.g. 6 correct answers gives you 6 tickets). The more you know, the higher the chances to win.
In November’s challenge (we are sorry for not having posted the December challenge), we had 156 participants and an overall average of 4.6 correct answers. In total, only 3 participants were able to answer all questions correctly.
We are very happy to announce that Syed A. is the lucky winner of the SAP Security challenge of September 2018. Syed answered 2 questions correctly and wins a copy of the SAP System Security Guide co-authored by Xiting’s Alessandro Banzer. Congratulations, Syed.
Answers from November’s Challenge
With reference users, do the assigned roles to the reference user append or replace the roles of the dialog user?
Authorizations assigned to the reference users append the authorizations of the dialog user when assigned.
What’s the release cycle of S/4HANA?
The release cycle of SAP S/4HANA is defined as yearly in September. That’s why the release numbers are 1709, 1809, etc.
What types of application can be maintained in SU24?
You can maintain the authorization proposals for different types of applications that can be added through the role menu in PFCG. Types include Transactions, Web Dynpros, RFC Function Modules, etc.
What’s the recommended alternative to authorize generic table access instead of SE16 or other data browser transaction?
With parameter transactions for SE16/SM30, is it recommended to propose the table name or table authorization group through SU24 for S_TABU* objects?
With parameter transactions, you can maintain all the values required in SU24 which increases the security and maintainability of your roles with standard values.
Which transaction can be used to maintain SNC names for dialog user in batch mode?
With transaction SNC1, you can mass maintain SNC names for dialog users in batch mode.
With SNC, you can enforce SNC
With profile parameter
We wish you the best of luck in the challenge.