PDF C_SEC_2405 Study Guide

For SAP-developed roles inSAP S/4HANA Cloud Public Edition, the following rules apply:

Authorization Defaults (A):

Authorizations are pre-defined based on default settings, ensuring standardization.

Catalog-Driven Maintenance (C):

Role maintenance fetches applications directly from catalogs, streamlining the process.

Catalog Assignment (D):

Business catalogs are assigned to role menus to define the apps and services users can access.

SAP Security References:

SAP Help Portal: Role Maintenance in SAP S/4HANA Cloud

SAP Catalog and Role Management Guidelines

Context:Activated OData services are linked with specific object types for authorization maintenance.

Solution Explanation:

IWSV:Assigned to activated OData services in SU24, representing individual service definitions.

SAP Security References:

SAP SU24 Role Maintenance Guide

SAP Gateway and OData Authorization Documentation

When comparing an imparting role to a derived role:

Preservation of Data (B):If organizational levels have already been maintained in the derived role, they are not overwritten to preserve specific configurations.

Conditional Data Transfer (C):Organizational data is transferred only when the authorization data in the derived role is being modified for the first time.

SAP Security References:

SAP Role Derivation Best Practices Guide

SAP Help Portal: Derived Role Maintenance

In theAdministration Console of Cloud Identity Services, the following log types are available:

Change Logs (A):These logs capture all modifications made to configurations, user data, or system settings.

Usage Logs (D):Usage logs provide details on how the system is being utilized, including user access patterns and system resource usage.

SAP Security References:

SAP Cloud Identity Services Administration Guide

SAP Help Portal: Log Management in Cloud Identity Services