SAP security interview questions [2022]

Sap security interview questions will be the crisp of this article. Getting the sap interview questions before the day will be beneficial as it will help boost your morale and give you an upper hand over other applicants. 

SAP systems contain vital information and sensitive data about finances, customers, and workers. So that the system is safe, the SAP security mechanism must be in place. Because competent SAP security specialists are in short supply in the market, there are numerous opportunities in this field. Here are questions that interviewers ask during the SAP security interview.

Common Sap security interview questions

  • What does SAP security entail?

SAP is a short way of saying Systems, Applications, and Products. SAP security is a module that prevents unauthorized access and usage of SAP data and applications. It refers to giving business users the appropriate level of access based on their authority or responsibility. Permissions are granted based on their organizational or departmental functions.

To make this SAP security interview question stand out, indicate that it is divided into three sections:

Confidentiality: Data should not be shared without permission.

Integrity: Data should not be altered without permission.

Availability: There should be no distributed denial-of-service (DDoS) assaults.

  • Explain the various sorts of SAP users.

. In SAP, there are five different sorts of users:

Description of the User Type

The user of the Dialog (A)

It is intended for a single user. The system checks for expired/initial passwords during a dialog logo. The user does the change of password. A number of dialog logons are examined and logged.

The user of the System (B)

These are non-interactive users responsible for tasks such as ALE, background processing, Workflow, TMS, and CUA.

The user of the Service (S)

A more significant set of users can use the Dialog user. The user administrator can solely change passwords. The system does not check for  passwords either expired or initial during the login session.

User as a reference (L)

It’s the same as if you were a System user. It involves an anonymous, non-personal user.

User’s Communication

  • What is the best way to check table logs?

. The first step is to use t-code SE13 to see if logging is enabled for a table. If it is enabled, the table logs can be viewed using the t-code SCU3.

  • In SAP security, what is a ‘role’?

“role” refers to a group of t-codes assigned to carry out specific tasks.

  • How can you distinguish between an authorization object and an authorization object class?

. An authorization object is a collection of permission fields associated with a specific activity. In contrast, an authorization object class is a subset of the authorization class organized by function areas.

  • What is the best way to figure out who has deleted users from the system?

To determine who has deleted users from the system, first debug or use RSUSR100 to gather information. Then execute SUIM and get the Change papers.

  • What is SOD in the context of SAP Security?

The acronym SOD stands for Segregation of Duties.

It’s a feature in SAP that detects and prevents errors and fraud during business transactions. If a user or employee has access to bank account details and payment runs, it is feasible to divert vendor payments to his account.

  • What is the procedure for deleting numerous roles from the QA, DEV, and Production Systems?

Follow the procedures below to eliminate numerous roles from the QA, DEV, and Production Systems.

Put the roles you want to get rid of in a transport (in dev)

Remove the roles from the game.

Transport should be pushed through to QA and production.

  • What exactly is User Buffer?

A user’s authorizations are stored in a user buffer. Users can use T-code SU56 to run a user buffer, and each user has its own user buffer. The authorization check fails if the user does not have the required authorization or has too many entries in his user buffer.

  • What do the Parameters Groups & Personalization tabs in SU01 and the Mini apps tabs in PFCG serve?

The parameter tab automatically fills in some of the data throughout the order creation process.

The Personalization tab is used to limit the user’s choices. For example, selecting a payslip will default to showing only the previous month’s payslip. By default, It will display the current month if you pick attendances.

Mini apps can include some mini-apps such as a calculator and a calendar.

How come people have authorization in PFCG but complain about not having permission?

Check to see if the user master has been compared. A user buffer may have overflowed.

Check out the profile as well—follow the instructions below.

SUIM > Select a user based on a set of sophisticated criteria.

Put the user’s user id who is encountering problems.


  • What T-Codes are utilized to get a quick overview of the Authorization Object and Profile information?

SU03 – a high-level overview of all authorization objects

SU02 – to view the profile details.

SU21 has the same editing structure as SU03, but it also allows us to build a new permission object. If you want to see the documentation for the authorization Object, click the “Display Object Documentation” button and then select “Approved Activity Values” to see the list of permitted actions for the fields.

These specifics are taken from the TACT table.

  • What T-Codes are used to receive a summary of the Authorization Object and Profile data?

SU03 – an overview of all authorization objects at a high level

  • SU02 – to see the profile information.
  • The editing structure of SU21 is similar to that of SU03, but it also allows us to create a new permission object. Click the “Display Object Documentation” button to see the documentation for the authorization Object, and then pick “Approved Activity Values” to see the list of permissible actions for the fields.
  • These details come from the TACT table.

In conclusion,

Even if you perform excellently in the interview, a drug test will be done  for all its candidates.  Sap security experts  are committed to maintaining a drug-free work environment. As a  Company employee , you must be ready  to comply with the Company’s  regulations as regards the alcohol abuse and the ownership , sale, and use of illegal substances