SAP Security Interview Questions

What is short dump and what do you do with it?

Short Dump is nothing but the abap dump which gets displayed when the error occurs. It gives us the log to rectify or fix the problem so that we can move forward in our process.When we see the short dump it gives us the complete solution also which is one of the possible solutions. So by seeing the log we can go to the particular as guided in that log and can fix the problem.

How can I able to see that t_code in the user menu?
I created a role with some t_code and I assigned it to the user. Then again I change the role with adding one more t_code. When I login to the user the user menu is showing only the first t_codes. It is not showing the later T-code which I added. But the t_code is working.

Check the following:

1. Click on the 'Menu' tab and check for the t-codes assigned.
2. If you still find the old t-codes, remove them.
3. Add the new T-code.
4. Save the role.
5. Click on Authorizations Tab., and check S_TCODE.
6. Save and Generate.

Than assign them to the user and perform "user comparision" and "complete comparision".

What are the different ways to find who has deleted the data in table?
Today I got a complaint from functional team that all their material master data in MARA and all related tables such as MARC, MARD, MBEW got deleted. They want to know who has deleted the records and also tcode executed.
I had executed tcode *stad* and gave list of transaction codes exeucted from last 24 hours. Still they are unable to find who has deleted the data. No entry in system log is available.


Anyone, who's able to write ABAP programs, has full access to the database and thus can delete all the data.

Additionally users with permission can use SE14 to delete table contents completely.

It's hard to find out what happened, if not impossible :(

How to improve system performance?
If users have opened more sessions and no transaction is running and there are many users who have opened more that 2 sessions and left that as it is.
How to control those idle sessions?

You can control your users by changing the following in your System Profile parameter ( tcode RZ10).

rdisp/max_alt_modes ---> controls the number of sessions a user can have at a time.
rdisp/gui_auto_logout (optional) --->This is the time the system will wait in seconds for inactive users to automatically logoff in SAP


ST02 / ST03 In general via table buffers, you could go into the whole Work Process, roll in, roll out, heap (private) memory, etc. however just as a Unix or DBA admin would know, is you look this up when needed for the exact specifics.

Ask him/her to describe where they would look at the buffer statistics, and what steps they would use to adjust them?

ST02, RZ10

Ask him/her to describe how to setup a printer in SAP or where they would look to research why a user/users can not print?

SPAD, SP01, SM50, SU01

==============

Keep the interview to 3 general areas:

DB (what is the directory structure/ where are the files kept oracle alerts, init.ora, redo logs, archive logs, etc.; possibly some basics stuff like what to do "high level" when the archive directory fills up, etc. Keep this minimal as from a SAP basis admin point of view Oracle is just a big giant bit bucket and SAP can handle to the daily monitoring and maintenance itself.

OS (what is the directory structure (what is NFS mounted and why / where are the message files contained for the OS error log; basic commands for the OS eg. Unix, mv, cp, ls, grep, ps-ef, df-k, etc. That is pretty much all the SAP basis admin will need to know. Client/Server architecture.

SAP (what is the directory structure / where are files located ie. profiles - start, instance, default (what are they and what is the order of precendence) start is for statup only, instance is the first to be read then the default and if a given parameter cannot be found in the instance or then the default then the internal standard is taken from RZ10 setting.

You can ask them to ran Transaction codes to you. Menus constanly change so go with T-codes. He should have a good knowledge of the following areas; transports, user / print / spool / batch management, monitoring, client tools and copies, support packages, kernel patches, workload analysis, Roles and Security, etc.

The standard list of t-codes is pretty much

SM50, SM51, SM66, SM12, SM13, SM21, DB01, DB02, DB13, ST01, ST02, ST03, ST04, ST05, ST06, SU01, SUIM, PFCG, SCC4, SE01, SE09, SE10, SPAM, SM35, SM36, SM37, SPAD, SP01 SCC3, SCCL, SCC9 this are pretty much you heavy hitters for monitoring and support.

I would ask in general how he would troubleshoot the following:

- User cannot connect to SAP

check SAP logon settings, ping the host, check message server, check dispatcher, etc.

- User cannot print

check SAP user setup, check SPAD, check spools, check unix queue or print queue at the os level, etc

- System seems slow

check SM66, SM51, SM50, SM21, ST06, ST03, SMLG, AL08 etc.

Some important things to remember is to ask not get specific to your installation or specific system setup as all SAP instances are different, keep your question to general topics and general answers.

The most important thing to notice when choosing a candidate is not how they parrot back answers to you, but if they can
a) think for themselves and
b) they actually like to and will keep on learning as no one knows it all and
c) they have a good background and willingness to perform analyis and will keep on digginging until the answer is found or until their resources are exhausted and then they will pull in what is required to figure it out.


No comments:

topics