ADM950 – SAP Security consultant certification flashcards – julien
advertisement
ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com The security policies are created by the security team in isolation from the business team. False Determine whether this statement is true or false. SAP offers many types of systems and applications. Each type of SAP system (mySAP CRM, SAP BW, SAP R/3, mySAP SRM, SAP APO) is so varied that the systems do not share security tools or security services. False Determine whether this statement is true or false The following tools are available for conducting thorough system security audits. A Role maintenance tool B System audit log C CCMS security alert D System trace tools E Users and Authorizations information systems F All of the above Answer: F The Audit Information System is intended for external audits only. False All of the menu roles for the Audit Information System start with . The authorization roles start with . SAP_AUDITOR – SAP_CA_AUDITOR 1 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com Configuring the Audit Information System requires downloading a specific support package. False To use the Audit Information System, you must use transaction SECR. Answer: False The instance parameters that relate to the audit log include rsau parameters? Answer: True Determine whether this statement is true or false The security audit log only logs user connections made by RFC connections. False Determine whether this statement is true or false Which of the following are benefits of creating a custom t-code to link SE16 to a specific table? A You no longer need to grant access to transaction code SE16. B With your custom transaction code, you can look at any table. C With your custom transaction code, you can look only at the table specified in the transaction code. D Custom transaction codes can be easily created, without requiring any programming. Answer: A, C, D 2 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com Which authorization objects can you examine to determine if security is administered centrally or regionally? A S_USER_GRP B S_TCD_GRP C S_USER_AGR D S_USER_ADD Answer: A, C Which of the authorization objects protect transaction code execution? A S_TCODE B P_TCODE C Q_TCODE D X_TCODE Answer: A, B, C SAP recommends that each custom report and each custom program be linked to a custom transaction code. Answer: True Determine whether this statement is true or false S_PROGRAM is an authorization object that protects program execution. Answer: True Determine whether this statement is true or false is a program that assigns authorization groups to ABAP programs. Answer: RSCSAUTH 3 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com You should be careful with the authorization object because it can enable someone to enter DEBUG mode in production. Answer: S_DEVELOP Once a user is changed, there is no way to see who changed the user. Answer: False Determine whether this statement is true or false The Authorization Group field is used only for protecting reports and tables. Answer: False Determine whether this statement is true or false Which of the following are logs that exist in an SAP system? (More than one answer is correct). A Webflowlogs B Application logs C Change documents logs D User and authorization change logs E None of the above Answer: A, B, C, D SU24 must be set up before implementing any roles. Answer: False (Optional feature) Determine whether this statement is true or false 4 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com SU24 requires programming changes to make the default values occur. Answer: False Determine whether this statement is true or false The following logon parameters can be used to ensure your system is adequately secured. A logon/fails_to_user_lock B logon/min_password_specials C logon/min_password_diff D logon/named_super_user Answer: A, B, C SAP recommends that you separate your system from your system. Answer: Devlopment – Production Which of the following are security advantages to a three-tier landscape? A Ensure changes occur only on development system. B Ensure changes occur only on your production system. C Developers do not have access to production data. D You control when changes are moved into production. E You can test changes in a QA system. Answer: A, C, D, E What type of approval does SAP recommend before moving changes into production? SAP QA approval procedure that formalize the approval and review workflow 5 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com SAP recommends a three-tier system landscape including development, quality assurance, and production. Answer: True Determine whether this statement is true or false Client change options should always be set to No changes allowed. Answer: False Determine whether this statement is true or false SAP does not provide a QA approval procedure for changes being moved into production. Answer: False Determine whether this statement is true or false The user ID used in the RFC destination should be a dialog user. Answer: False Determine whether this statement is true or false Authorization object is used to protect what names job steps are scheduled to run under. Answer: S_BTCH_NAM 6 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com 6 aspects that might be considered in a security policy User authentication (Password rules, Monitoring) Authorization protection Auditing and logging (AIS, Security audit log, …) Integrity protection Privacy protection Proof of obligation (non-repudiation) 7 questions that a security policy should address? Who is responsible for your IT security? What needs to be protected? Who is attacking? What is the risk? Which protection mechanisms are required? Which procedures are to be enforced? How much protection can you afford? 6 tools available to help provide answers to the questions that arise during a system security audit: Audit Information System Authorization Information System System Audit Log Computer Center Management System Alerts Trace tools Role maintenance tool (PFCG) menu What are the 3 major components of the Role maintenance tool (PFCG)? authorizations users Menu roles What are the 2 types of roles implementation strategy? Authorization roles 7 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com What are the 2 major categories of the AIS - system audit (general system, users and authorizations, repository and tables) - business audit (accounting, customer, vendors, asset, tax) What was the transaction used by SAP in the past to access the AIS In the past, the Audit Information System existed in a single transaction code, SECR What are the two major groups of SAP Standards roles defined for the Audit Information System Menu roles (SAP_AUDITOR*) (only menu items; no authorizations) Authorization roles (SAP_CA_AUDITOR*) (only authorizations, no menu items listed) What is the SAP standard composite menu and authorization Role which contains every role in the AIS? The menu roles: SAP_AUDITOR The authorization roles: SAP_CA_AUDITOR What are the 4 steps required to set-up the AIS Copy the SAP roles to your own naming convention Update the roles (as needed) Create a user for the auditor Assign the roles you created to the audit user 8 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com Which SAP Standard role allow you to set-up the AIS? SAP_AUDITOR_ADMIN What is the audit log’s main objective? (3 points) Security-related changes to the SAP system (changes to user master records) Higher level of transparency (successful and unsuccessful logon attempts) Enables the reconstruction of a series of events (successful or unsuccessful transaction starts) Which 7 information types can be recorded with the Security audit log? Successful and unsuccessful dialog logon attempts Successful and unsuccessful RFC logon attempts Remote function calls (RFCs) to function modules Successful and unsuccessful transaction starts Successful and unsuccessful report starts Changes to user master records Changes to the audit configuration SAP systems maintain their audit logs on a daily basis. The system does not delete or overwrite audit files from previous days; it keeps them until you manually delete them. Which transaction is used in order to archive or delete the audit files? SM18 How do you define the audit file name and location? You define the name and location of the files in a profile parameter, rsau/local/file. 9 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com What are the information (9) contained in an audit record Event identifier (a three-character code) SAP user ID and client Terminal name, Transaction code Report name, Time and date when the event occurred Process ID, Session number Miscellaneous information How do you define the maximal size of the audit file? You define the maximum size of the audit file in the profile parameter rsau/max_diskspace/local. The default value is 1 megabyte (MB) or 1000000bytes What happened if the maximal size of the audit file is reached? If the maximum size is reached, the auditing process stops. What are the 4 major filters available for the security audit log? Client, User, Audit class: Dialog logon, RFC/CPIC logon, Remote function call (RFC), Transaction start, Report start, User master change Weight of events to audit: Audit only critical, Audit important and critical, Audit all events (non-critical) Create and save filters permanently in the database (all the application servers use identical filters, define filters only once, you must restart the instance, define different profiles that you can alternatively activate) What are the 2 main options to create and save audit filters? Change filters dynamically (changes distributed to all active application servers, do not have to restart the instance, not saved for reuse after system stops/starts) 10 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com What are the profile parameters that you need to specify in order to create and save filters permanently in the database? rsau/enable: enable the SAL rsau/local/file: file location rsau/max_diskspace/local: max space to allocate rsau/selection_slots: number of filter to allow What are the profile parameters that you need to specify in order to change filters dynamically on one or more application servers? rsau/local/file: file location rsau/max_diskspace/local: max space to allocate rsau/selection_slots: number of filter to allow With which transaction can you assess the security audit log? SM20 or SM20n What are the four main sections of the audit analysis report? Introductory information Audit data Statistical analysis Contents What are the 4 main functions of the Computing Center Management System (CCMS) monitor? Performs detailed monitoring Creates alerts and displays them with colour values Provides analysis and auto-reaction methods (sms, emails with threshold ) Allows you to view current alerts and the history of alerts 11 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com What is the transaction to access the CCMS alert monitor RZ20 What are the 5 majors authorisation objects used to protect which transaction codes a user can access and for which product are they meant to be? S_TCODE used in every SAP system for every module P_TCODE used for Human Resources Q_TCODE used for Quality Maintenance I_TCODE used for Plant Maintenance L_TCODE used for Warehouse Management Which authorithation object determines what table someone can look at with the transactions SE16, SE16N, or SE17; SM30 or SM31; and SE12 S_TABU_DIS is checked anytime someone looks at data in a table directly (with one of these transactions: SE16/SE16N, SE17, SM30, SM31. or the Implementation Guide). Which transaction should be used when access to a table and why? When access is required, use transaction code SM30 because an interface exist and no direct access to the table. What are the 2 fields of the authorization object S_TABU_DIS Activity and Authorization Group. The Authorization Group field is mapped to which tables a user can access. 12 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com Which table maps the Authorization Group to a list of tables? TDDAT Which authorization object control the authorization to execute a program the authorization object S_PROGRAM User Action: start the program or schedule it to run in batch mode or if you use variants. Which fields use the authorization object S_PROGRAM Authorization Group: which programs you can execute. What should be set up in order for the authorization object S_PROGRAM to be effective? For this authorization object to be effective, ABAP programs must have an authorization group assigned to them in the attributes of the program. What program allows you to assign an authorization group to all executable programs or to individual programs or program group? RSCSAUTH 13 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com Authorization object: S_PROGRAM User action: SUBMIT Authorization group: No value required What are the accesses required in order to run transaction SA38? - Include an Authorization Group on the program for all custom reports/programs developed. Use report RSCSAUTH to assign Authorization Group values to programs/reports - Request all custom reports/programs to include at least one AUTHORITY-CHECK inside the code. 2 options to secure the use of SA38 For what is the Authorization Group field used? Check access to tables Check access to program Used in varying ways throughout SAP applications, like e.g. FS00 Which authorizations object do you use to grant access to all ABAP Workbench components S_DEVELOP is the general authorization object for ABAP Workbench objects 6 ABAP Workbench components that are protected with S_DEVELOP ABAP development tools ABAP Dictionary and Data Modeler Screen Painter and Menu Painter Function Builder Repository Browser and Info System SAP Smart Forms 14 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com What are the 6 types of logs? Application logging Logging workflow execution / webflow Logging using change documents Logging changes to table data Logging changes made using transport system Logging changes made to user and authorization Which transactions are used to maintain and analyze the application log? SLG1, display SLG0, define entries for your own application What does the application log trace? The log traces application events and tasks, and reports on their activity (for example, transfer of data from SAP R/3 to SAP APO). Which activities are logged in the webflow log? The webflow log (or workflow log) includes all activities that have occurred due to workflows executing. Which transactions allow you to analyze the webflow? SWI5, SWI2_FREQ and SWI1 15 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com What is the transaction to view the change document for an object SCDO What is the structure of the change document? Change document header Change document item (old and new values of a field) - U(pdate) . Data was changed. - I(nsert) - D(elete) . Data was deleted Change document number MM04 for material changes and VD04 for customer changes. What are for example the transactions to review change documents for MM and SD? Each application has its own transaction to review change documents Which transaction displays the table change log? SCU3 In which table are the table change logged? DBTABPRT 16 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com rec/client parameter: = ALL (logs all clients), = 000 [,...] (logs the specified clients), = OFF (turns logging off). What is the configuration required in order to use the table change log? In the technical settings (use transaction SE13, SE12), set the Log data changes flag for those tables that you want to have logged. What does the transport system log record? A transport system log monitors all changes that are migrated from development to production. Which transactions allow you to view the transport system log? SE09 and SE10 What does the user and authorization log records? User and authorization logs record all changes that occur to users, authorizations, and profiles. Which transaction allows you to read the HR Reports logs in order to see each time the report is started? RPUPROTD (Log of report status) 17 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com 3 situations where the security administrator might want to use the transaction SU24 (maintain tables that assign which authorization objects go with which transaction codes)? Correct authorization objects that are not linked to transaction codes correctly Correct authorization objects that have unacceptable default values Change default values to ones that will always be appropriate How to find out who made a change with the transaction su24? 1. Start transaction SE16. 2. Enter USOTB_C in the Table Name field. 3. Use values in the Modifier, ModDate, and ModTime fields CM = Check/Maintain C = Check N = No Check U = Unmaintained. What are the 4 check indicators? What are the properties of the check indicator CM = Check/Maintain Authorization check is carried out against this object. PFCG creates an authorization for this object Field values are displayed for changing. Default values for this authorization can be maintained. What are the properties of the check indicator C = Check Authorization check is carried out against this object. PFCG does not create an authorization for this object. Field values are not displayed. No default values for this authorization can be maintained. 18 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com What are the properties of the check indicator N = No Check Authorization check against this object is disabled. PFCG does not create an authorization for this object. Field values are not displayed. No default values for this authorization can be maintained. What are the property of the check indicator U = Unmaintained No check indicator is set. Authorization check is always carried out against this object. PFCG does not create an authorization for this object, Field values are not displayed. Can the checked for the authorization objects from the Basis (S*) and HR management (P_*, PLOG*) be changed? Authorization objects from the basis (S*) and Human Resources management applications (P_*, PLOG) cannot be excluded from checking because the field values for these objects must always get checked. What are the 10 components of the User information system (SUIM)? Overview of Users, Users, Roles, Profiles Authorizations, Authorization object Transactions Comparisons (of users) Where-Used list (for authorization) Change documents (for users, auth and profiles) In a centralized security environment, one group is responsible for all security tasks: creating users, creating roles, and assigning roles to users. What is the difference between centralized and decentralized security administration? In a decentralized security environment, multiple groups work on security (physical location, based on division, based on product line, or based on company code). 19 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com What are the 3 different administrator types in a decentralized security administration? User administrator (create user, assign roles) Authorization administrator (create roles) Profile administrator (generate role). Which authorization object is provided to create and maintain users and assignments in a decentralized fashion with user groups? S_USER_GRP Which authorization object helps you to enforce the role naming convention in restricting the allowed roles names? S_USER_AGR Which authorization object ensure that the decentralized admin only add authorized t-codes to roles S_USER_TCD Which authorization object can be used to ensure the security administrator only add value for a specific company code? S_USER_VAL 20 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com Which authorization enforces that one person can create the menu portion of the role, but someone else updates the authorizations? S_USER_AUT Which authorization object enforces that one person can create the role, but another person must generate the role? S_USER_PRO What is the transaction for the system trace tool? ST01 SAP* What are the 2 special users defined in client 000? DIDIC Define the profile parameter logon/no_automatic_user_sapstar, with the value 0 Create a user master record for SAP* Give this user no roles or profiles. Give him a new password How can you deactivate the user SAP*? 21 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com In which client is the user Earlywatch delivered? Earlywatch is delivered in the client 066 What is the default password of the special user EarlyWatch? SUPPORT To prohibit the use of a password, enter it in table USR40. There are two wildcard characters: How can you prohibit the use of certain passwords? ? stands for a single character * stands for a sequence of any combination characters of any length Which transaction allows you to maintain the profile parameters? RZ11 What are the 5 profiles parameters that enforce the minimum requirement that a password must fulfil? logon/min_password_lng: min length logon/min_password_digits: min number of digits logon/min_password_letters: min number of letters logon/min_password_specials: min number of special characters logon/min_password_diff: how many characters in the new password must be different from the old password 22 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com What are the 3 profiles parameters that enforce the validity period of a password? logon/password_expiration_time logon/password_max_new_valid: Validity period of passwords for newly created users logon/password_max_reset_valid: Defines the validity period of reset passwords What are the 3 profile parameters that enforce the multi logon for a user? logon/disable_multi_gui_logon: Controls the deactivation of multiple dialog logons logon/disable_multi_rfc_logon: Controls the deactivation of multiple RFC logons logon/multi_logon_users: List of excepted users (multiple logon) What are the 3 profile parameters that enforce the number of unsuccessful logon attempts? logon/fails_to_session_end: number of unsuccessful logon attempts before the system does not allow any more logon attempts logon/fails_to_user_lock: number of unsuccessful logon attempts before the system locks the user. logon/failed_user_auto_unlock: Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight logon/disable_password_logon Which 2 profile parameter controls the deactivation of password-based logon for users or for groups? logon/password_logon_usergroup Which profile parameter specifies the default client that is automatically filled in on the system logon screen? logon/system_client 23 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com Which profile parameter specifies the exactness of the logon timestamp? logon/update_logon_timestamp Which profile parameters specifies the number of seconds until an inactive user is automatically logged out? rdisp/gui_auto_logout 6 security advantages that a three-tier system landscape can offer? Changes take place in only one location Developers do not have access to production data. Test in a QA system before they take effect in prod. Control the point in time when changes take effect Reduce accidental or unauthorized changes Keep a record of changes for auditing purposes Which transaction allows you to see if the TMS Quality Assurance approval procedure has been set up? STMS What are the 3 standards approval steps and their authorization object, value and default value? By request owner Default: inactive. Values of S_CTS_ADMI: CTS_ADMFCT Value: TADM and TQAS By user department. Inactive. Values of S_CTS_ADMI: CTS_ADMFCT Value: QTEA or TADM and TQAS By system administrator. Default: inactive. Values of S_CTS_ADMI: CTS_ADMFCT Value: TADM and TQAS 24 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com Which transaction allows you to approve a transport request? STMS At which level is it possible to enforce the changes? System and client level What defines the transport routes? Transport routes define where changes are made, and how the changes migrate through the system landscape after they have been released. In which transaction can you release the change request to transport? SE09 or SE10 What are the 5 steps of a transport 1. Release the change request 2. Review the log files 3. Import the SAP system objects into the target system. 4. Review the log files created by the Workbench Organizer. 5. Test your imports thoroughly 25 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com 4 roles and responsibilities in the transport process Team members: Releasing their own Project leader: Verifying the contents of a change request prior to release Transport administrator: Execute the transport tasks Quality Assurance (QA) team: tests the entire functionality and integration 3 security checks to consider before the development work are moved to production? - Link custom programs to custom transaction codes - Include AUTHORITY-CHECK statements for all programs - Ensure proper controls are in place if this custom program (or function module) accesses critical tables What are the authorization object and their fields that allow you to work with transport? S_TRANSPRT is the authorization object for the Transport Organizer. Fields: Activity, Request type CUST: Customizing requests DTRA: Workbench requests TASK: Tasks (repair or correction … Which authorization object and its field enforce the administration function in the change and transport system? S_CTS_ADMI, field: CTS_ADMFCT TABL: Maintain transport routes, call certain tools INIT: Set system change option IMPA: Import all transport requests IMPS: Import individual requests TADD: Perform an “add to buffer” … What are the predefined authorizations in SAP systems that apply to the 5 various roles for the transport process? Quality Assurance (QA) team: not defined Administrator (transport super user): S_CTS_ALL Project leader: S_CTS_PROJEC Team members and developers: S_CTS_DEVELO End users: S_CTS_SHOW 26 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com What is the table for maintaining system clients? T000 What do the values of the table TMSTCRI prevent? You can protect certain objects from being changed by imports by defining a set of security-critical objects in table TMSTCRI. You are then warned of changes to these objects in transport requests. What are the four primary authorization objects used in background processing? S_BTCH_JOB: Job Operations, Values DELE, RELE (release), SHOW, PROT (Display job logs) S_BTCH_NAM: protects what user IDs can execute S_BTCH_ADM: Value Y for the Background admin S_RZL_ADM: Field Name, 01 (Create), 03 (Display) if the background job executes an external cmd. SM36: create background jobs. What are the transactions to create and monitor background jobs? SM37: monitor background jobs. User ID is stable; the user never changes jobs The password does not have to be reset. No one can log on Facilitates security administration and maintenance of background schedule. 4 reasons to use specific System user IDs for background jobs 27 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com Which authorizations are needed to allow a user to have a look only at their spool request? Give them S_TCODE with SM37 and SP02 No other authorization objects are required to view spool Which SAP standard roles gives access required to administer background jobs SAP_BC_BATCH_ADMIN What 3 kind of job steps can be executed when creating a background job? ABAP program External command: from the operating system are executed from SAP External program: at the operating system (Ex: file read) Which 2 authorizations are needed in order to create background job with external program job steps? You must have activity 01 for the authorization object S_RZL_ADM (maintain) and access to S_LOG_COM (execute) Which authorization object define which printers you can print to? S_SPO_DEV 28 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com Which authorization object enforce actions you can take with spool requests (Admin) and enforce access to a spool request that does not belong to you? S_SPO_ACT Which authorization object enforces administering the spool system (Admin)? Values SP01, SP0R, SPAA, SPAB, SPAC, SPAD, SPAM, SPAR, SPTD, SPTR S_ADMI_FCD Which authorization object limit the number of pages a user can print to a specific printer? S_SPO_PAGE What is the SAP standard role for spool administration? SAP_BC_SPOOL_ADMIN 4 examples of external commands executed within SAP? - Database backup tools such as brbackup - Operating system environment commands - List directories and space available at the operating system - Execute sap router 29 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com What are the 3 ways to execute external commands? - External commands can be executed either with - Transaction SM49 (SM69 to create) - ABAP programs - In background job steps How is the external command defined in the SAP system? An external command is an alias defined in the SAP system that represents an operating system command. What are the authorizations needed to create and maintain an external command? SM69, S_RZL_ADM with the value 01,03(Activity field) What are the 3 different fields of the S_LOG_COM authorization object? Command (name of external command) Opsystem (operating system for the command) Host (symbolic host name of target system) Standard list download What are the 2 ways in use to download lists? Application-specific implementations for downloading (Excel for ex) 30 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com Which authorization object protects the standard list download? S_GUI Which authorization objects protect the file access? Authorizations object S_DATASET. The minimum activities required are 33 (normal file read) and A6 (read file with filter). What are the 2 user types that should be used for RFC communication? User IDs in RFC destinations should be set up as communication or system users: Æsomeone cannot log on with the userID Æthe passwords normally do not expire Which transaction lists each RFC destination and the user involved? RSRFCCHK Which authorization object is checked when a user invokes a RFC? object S_RFC 31 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com What are the 3 fields of the authorization object S_RFC? - Type of RFC object to be protected - Name of RFC to be protected - Activity Which profile parameter can you use in order to specify the use of S_RFC? auth/rfc_authority_check How is the authentication done when an RFC destination has no user Id provided and the current user field is selected? When this RFC destination is invoked, the user ID that will be used is the ID of the person who invoked this RFC destination. What are the values possibilities for the profile parameter auth/rfc_authority_check? 0 = No authorization check 1 = Authorization check active (no check for same user, no check for same user context and SRFC-FUGR). 2 = Authorization check active (no check for SRFCFUGR) 9 = Authorization check active (SRFC-FUGR checked) What is the default Communication RFC user set up for the transport management? TMSADM 32 ADM950 – SAP Security consultant certification flashcards – julien.moix@gmail.com How is the system called to set up a trusted relationship and allow user logging based on this trusted relationship for transport? TMS Trusted Services Which authorization object gives access to many administration functions? S_ADMI_FCD 33
