A financial services company is implementing Kerberos-based Single Sign-On (SSO) for its SAP S/4HANA landscape. During testing, users in a trusted domain can log on seamlessly, but users from a newly acquired company in a separate forest fail to authenticate. The network firewalls are confirmed to be open. Which of the following is the most critical configuration to check for resolving cross-forest authentication issues?
A user reports being able to see a Fiori tile on their launchpad for a new analytical app but receives an authorization error upon opening it. The security administrator has confirmed the OData service authorizations are correct in the PFCG role. Which of the following is the next most probable cause of the authorization failure?
An organization is configuring Central User Administration (CUA). The administrator wants to ensure that certain fields, like the user's department, can only be maintained in the central system and are read-only in the child systems. Which transaction is used to configure this field-level distribution behavior?
A project requires securing RFC connections between an SAP S/4HANA system and a legacy SAP ECC system using SNC with the SAP Cryptographic Library. Which TWO of the following are mandatory steps for this configuration? (Select TWO)
During an internal audit, it was discovered that a sensitive custom table containing employee salary data did not have logging enabled. The security administrator has now activated table logging for this table in the technical settings. What is the direct consequence of this action?
A company is migrating from SAP ECC to SAP S/4HANA. The security team needs to adapt existing roles for the new SAP Fiori Launchpad. What is the purpose of transaction SU25 steps 2a, 2b, and 2c in this context?
True or False: In an SAP S/4HANA Cloud, Public Edition environment, it is a recommended best practice to create business roles from scratch to ensure a perfect fit for organizational requirements.
A security consultant needs to implement an authentication flow where users logging into an on-premise SAP Fiori Launchpad are authenticated by a central corporate Identity Provider (IdP). The IdP supports SAML 2.0. Which components are essential to establish this trust relationship? ```mermaid sequenceDiagram participant User as User's Browser participant FLP as Fiori Launchpad participant IdP as Corporate IdP participant GW as SAP Gateway User->>FLP: Access Launchpad FLP-->>User: Redirect to IdP User->>IdP: Authenticate (e.g., password, MFA) IdP-->>User: Issue SAML 2.0 Assertion User->>GW: Present SAML Assertion GW->>GW: Validate Assertion GW-->>User: Grant Access / Session Cookie ```
An administrator is creating a new role using PFCG. After adding a transaction to the role menu, they navigate to the Authorizations tab and discover the status light is yellow. What does this indicate?
What is the primary function of the `secinfo` and `reginfo` files in an SAP Gateway environment?