SAP Security Challenge – November 2018
Welcome to the SAP Security Challenge by Xiting. How much do you know about SAP Security? Do you know what you don’t know? To help you identify those areas, Xiting has launched the SAP Security Challenge with a monthly quiz to test your knowledge. Stay tuned and follow our blog to broaden your skillset.
We will publish a new quiz every first of the month, consisting of seven (7) questions. Participants can submit their answers anytime between the first and last day of the month. The winner will be announced on the first day of the following month via newsletter and on our blog. Each participant enters the draw to win a ticket. One correct answer gives you one ticket in the draw (e.g. 5 correct answers gives you 5 tickets). The more you know, the higher the chances to win.
In October’s challenge, we had 79 participants and an overall average of 6.4 correct answers. In total, 6 participants were able to answer all questions correctly.
We are very happy to announce that
Answers from October’s Challenge
Which authorization object gets checked when assigning roles, profiles, and systems to a user in the Central User Administration (CUA) to check the systems to which the user administrator can assign the users?
The system performs an authority check against object S_USER_SAS. You can deactivate the check with customizing option CHECK_S_USER_SAS in table PRGN_CUST through transaction SM30. For more information, see SAP note 513694.
Which parameter and value allows to automatically refresh the user buffer when saving new role assignments in SU01?
Setting the parameter auth\new_buffering to 4 allows for immediate refresh of the user buffer at user comparison. In the latest releases, this is the default value pre-delivered by SAP. Please note, that changing this parameter to value 4 might have an impact on the runtime while saving a user with many role assignments as well as when running the PRFC_TIME_DEPENDENCY job. For more inforamtion, please refer to SAP Note 452904.
A role can contain several profiles. In which of the following tables can you get an overview of the profiles?
In table AGR_1016, you can get the list of all profiles that are generated for a role.
In which table can you find multiple logons by a user?
In table USR41_MLD, you can find the list of users with multiple logons.
After a release upgrade, you want to know which transaction codes replace an existing transaction. How do you proceed?
After a release upgrade, use step 2D in SU25 to find transactions that have been replaced. You can also use table PRGN_CORR2 to do the same analysis.
You want to allow certain users to only reset passwords for user maintenance but nothing else. How do you achieve that in SAP standard?
In SU01, it is not possible to restrict the authorizations to only reset passwords with authorization objects as Activity 05 works along with lock/unlock. Instead, you can create a transaction variant in SHD0 and remove the buttons that are not required (e.g. lock/unlock).
What do you correctly call authorizations for a HANA database?
Authorizations in a HANA database are called Privileges.
What technology enables you to disable the passwords of dialog and technical users in an SAP ABAP system?
With the Secure Network Communication (SNC), you can increase your security by deactivating passwords for dialog and technical users. At the same time, you increase productivity by enabling SAP Single Sing-On (SSO).
What protocol/technology enables digital signatures in SAP?
With Secure Store and Forward (SSF), you can enable digital signatures and secure re-authentication in SAP ABAP systems.
What’s the name of the cryptographic library that SAP ships with the latest kernel?
The cryptographic library that SAP ships with the kernel is called Common CryptoLib.
We wish you the best of luck in the challenge.