Users & Authorizations

What are the five SAP user types and the key distinction among them?

What is the "ghost logon" risk tied to the standard user SAP*, and why disable rather than delete it?

What are authorization profiles in relation to roles, and how are generated profiles named?

What does the ACTVT field mean, and which activity values are universal?

What problem does Central User Administration (CUA) solve, and what's its basic architecture?

What are three ways to discover which authorization objects and values a task requires?

In an authorization object, what do the fields and the field values represent?

Once CUA is active, how does transaction SU01 visibly change in master vs child clients?

Why are two users with the same name in different clients treated as completely separate users?

What is a user group used for in user administration?

What is the difference between a single role and a composite role?

How are roles distributed across a landscape, and are they recorded automatically in transports?

What rules must a new SAP password satisfy by default?

What does login/password_compliance_to_current_policy do when set to 1?

What does locking a user actually prevent, and what are the two reasons to unlock?

What is the SAP_ALL profile and how should it be handled?

Which transaction manages individual users, and which one performs mass user changes?

What ABAP statement performs an authorization check, and what does SY-SUBRC = 0 indicate?

Which transactions set up the CUA distribution model and define logical systems?

What do the CUA distribution settings Global, Local, Proposal, and Redistribute mean (transaction SCUM)?

Which transaction shows CUA synchronization logs, and what does an "Unconfirmed" status mean?

Why can't you immediately delete an authorization object from a role, and what must you do first?

When maintaining authorization fields in a role, what do the amber and green status icons mean?

After assigning roles to users via the PFCG Users tab, what must you run and why?

In CUA, which user-management actions are central-only versus shared with child clients?

In the SAP authorization concept, how do authorization object, field, authorization, role, and user relate?

What is the User Information System and how do you reach it?

How can you find every user able to perform a specific activity (e.g. use the ABAP debugger)?

Which parameters control password minimum length and required character types?

How can an administrator see a full audit trail of changes to a user master record?

Which profile parameter sets the maximum failed logon attempts before a user is locked, and what controls auto-unlock?

Why should you copy standard SAP roles into the customer namespace instead of editing them directly?

Which parameter automatically logs out idle GUI sessions, and how are its values expressed?

Why is the authorization object S_TCODE considered a special "first line of defense"?

Why is the SAP_NEW profile obsolete in S/4HANA, and what replaces it?

After maintaining a role's authorizations in PFCG, what final step makes them effective?

Which transaction is recommended for authorization tracing, and which older one should you avoid?

How do you prevent the same user from logging on multiple times, and what's a key limitation?