SAP Security Challenge – June 2018
Welcome to the SAP Security Challenge by Xiting. How much do you know about SAP Security? Do you know what you don’t know? To help you identify those areas, Xiting has launched the SAP Security Challenge with a monthly quiz to test your knowledge. Stay tuned and follow our blog to broaden your skillset.
We will publish a new quiz every first of the month, consisting of ten (10) questions. Participants can submit their answers anytime between the first and last day of the month. The winner will be announced on the first day of the following month via newsletter and on our blog. Each participant enters the draw to win a ticket. One correct answer gives you one ticket in the draw (e.g. 8 correct answers gives you 8 tickets). The more you know, the higher the chances to win.
In May’s challenge, we had 212 participants and an overall average of 6.7 correct answers. In total, 15 participants were able to answer all questions correctly.
We are very happy to announce that James J. is the lucky winner of the SAP Security challenge of May 2018. James answered 6 questions correctly and wins the $50 gift card from Amazon.
Answers from May’s Challenge
The user is on a different application server and you, therefore, do not see his failed authorization checks in SU53 and you want to switch to the same application server. How do you proceed?
The user’s SU53 display shows which application server is on. In transaction SM51, you can double-click on the application server of the user.
In which table can you see which tables are contained in a table group?
You can find the table group assignments in table TDDAT.
Which parameter defines the minimum number of characters that must be different in the new password compared to the old password?
Parameter login/min_password_diff defines how many different characters the new password must have compare to the old password. Use the report RSPARAM and search for login* parameters to see the current value of all the login parameters.
In which transaction can you search the content of a transport request for a particular role?
In transaction SE03 you can search for objects in a request/task and filter for the object ACGR (Role).
You want to schedule a background job under the name of the technical user ZXITING. What authorizations do you need for this?
You require S_BTCH_NAM with the respective value of the user in the BTCUNAME field.
You maintain the ACTVT 03 in the context of the FB03 in SU24. What kind of transport will you use to transport those changes?
SU24 values are client-independent and hence require a workbench transport.
In which table can you generally change messages from errors to warnings for specific users but not for others?
Table T100C controls the behavior of messages for users. You can maintain specific message through transaction OBA5.
Through which transaction can you adjust the settings in a CUA landscape so that local password changes are possible?
In transaction SCUM, you can define the behavior of fields in the user master record. You can define where a field can be maintained.
As of SAP Basis 7.50 SP03, what events can you log with the Security Audit Log (SAL)? (select all that apply)
With the Security Audit Log (SAL), you can record security-related activities in the system such as dialog and RFC logon attempts, transaction starts, changes to the user master, etc. As of SAP Basis 7.50 SP03, SAP delivers a new SAL with new transactions and capabilities. Xiting will blog about those changes in the next couple of weeks.
In the role authorizations in PFCG, what does the red light indicate?
The red light indicates that the org levels have not been maintained. Org levels need to be maintained centrally on the role level and not directly in the authorization object.
We wish you the best of luck in the challenge.