This blog details the scoring results and answers to the SAP Authorizations IQ Quiz. Take the quiz here.
Below is an analysis of the quiz results, including the right and wrong answers and detailed explanations for the questions that most people answered wrong.If you haven’t taken the quiz yet, do so first before reading the answers below. Go to http://www.xpandion.com/Security-Authorizations/quiz-sap-authorizations.html
Number of qualified people: >500
Number of questions: 10
Average score: 5.67
Average score, not including people that scored zero: 6.83
Average time spent: 8 minutes and 25 seconds
Maximum time taken to complete: 608 minutes (but we categorized this result as irregular, so it wouldn’t impact the average.)
Minimum time taken to complete: 37 seconds
Interesting to know…
The ratio between time and score… (more time = higher score?)
|Score||Percentage of People with This Score||Average Time Spent (Minutes)||Minimum Time Taken to Complete (Minutes)||Maximum Time Taken to Complete (Minutes)|
What’s interesting? The longest time spent produced a score of 8, and that those who got a score of 9 or 10 didn’t spend as much time.
The #1 Questions Answered Correctly
There were two questions that earned the highest amount of correct answers. These were questions #1 and #4.
Question #1: “Can SAP authorizations go beyond the T-Code level?” Most people knew that the answer was “Yes.” SAP authorizations can go much deeper than the T-Code level using the mechanisms of authorization objects, authorization fields and values.
Question #4: “What is the meaning of ACTVT = 02 in an authorization field’s value?” Most people knew that it represents the activity “Change”.
The #1 Questions Answered Incorrectly
The question that most people answered wrong was question #8, followed by question #2. Let’s solve them:
Question #8: In the ABAP program, if you include the AUTHORITY-CHECK command, what from the following is crucial?
Correct answer: To check the value of SY-SUBRC immediately after the command
In detail: AUTHORITY-CHECK is the only ABAP command that checks if a user (mostly the current user account) has authorizations to a given set of values. If the check is successful, SY-SUBRC is set to 0. Otherwise, it is set to a non-zero value (for a complete description of AUTHORITY-CHECK, see http://help.sap.com/abapdocu_70/en/ABAPAUTHORITY-CHECK.htm).
However, many ABAP commands change the value of SY-SUBRC, so the only place that SY-SUBRC includes the right value for the authorization check is immediately after the AUTHORITY-CHECK command. A common mistake is to check the value of SY-SUBRC but not right after the AUTHORITY-CHECK command, and another mistake is to forget to check it at all. Both create an unsafe situation from an authorizations point-of-view.
Question #2: What is the name of the authorization object that relates to “Company Code”?
Correct answer: There isn’t one authorization object for “company code,” but there are many, each with its own name. (Different T-Codes use different authorization objects).
In detail: SAP’s technology for validating user authorizations is based on a “user buffer” – an area in the memory in which all user authorizations from authorization roles are combined. What this means is if a couple of T-Codes were to use the same object for a permitted company code or organizational value, if one T-Code permits the user to view company code 1000, so must any other T-Code. For this reason, almost every T-Code has its own authorization object for “company code” that is checked by this T-Code. Therefore, a user can be allowed company code 1000 in T-Code FB03 (view financial documents) but not in T-Code F110 (payment run).
For more specifics, download the eBook “SAP Authorizations Concept – Simplified” here: http://www.xpandion.com/eBooks/sap-authorizations-concept-simplified.html
About the Quiz
What’s your knowledge level regarding SAP Authorizations? It seems that many people fumble through the authorization process not really knowing that there are things they are missing. Xpandion decided to create this light quiz to see how comfortable you are with your knowledge level when it comes to authorizations.
And Now What?
Make your life easier using Xpandion.