Está en la página 1de 12

1. What are the components of GRC? 2. What are the upgrades happened in GRC 5.3 from GRC 5.2?

3. Is it possible to have a request type by which we can change the validity per iod of a user? If possible, then what are the actions? 4. What's the latest Support Pack for GRC 5.3? How it differs from the previous one? 5. What are the issues faced by you in ERM & CUP after golive? 6. Can we change Single roles, objects & Profile description through mass mainte nance of role? If yes, how? 7. What are the prerequisites for creating a workflow for user provisioning? 8. How will you control GRC system if you have multiple rulesets activated? 9. Can we view the changes of a role, happened in PFCG, through GRC? 10. How will you mitigate a user against an authorization object which is decide d as sensitive by Business? 11. Give an example of SOD with object level control & also decide the Risk impl ication from the Technical standpoint. 12. Is it possible to assign two roles with different validity period to a user in one shot through GRC? If yes, how? 13. What's the use of Detour path? How Fork path differs from Detour path? 14. How can you enable self password reset facility in GRC? 15. Can we have customized actions for creating request types in CUP? 16. Which SOX rules got inherited in SAP GRC? 17. How many types of Background job you are familiar with? Why Role/Profile & U ser Sync. job is required? 18. Where from can we change the default expiration time for mitigating controls ? What's the default value for the same? 19. How will you do the mass import of role in GRC? 20. Explain the total configuration & utility of SPM? 21. Can we create Logical systems in GRC? If yes, how & what can be the advantag es & disadvantages of the same? 22. Can we have different set of number ranges activated for request generation? 23. Explain, how can we create derived roles in ERM? What will be the significan t changes in methodology for creating composite roles? GRC is a tool that helps improve controls. From a security perspective it automa tes monitoring of SoD's, allows automated provisioning of emergency access and a utomation of the user provisioning process Security Q's: Explain the authorisation concept in detail Explain how config relates to security Explain why SU53 is not always accurate GRC Q's: Explain in detail how the different components of the Access Controls suite inte grate with each other Explain the key problem areas in implementation of RAR Explain the key problem areas in implementation of CUP Some GRC Questions: 1. What are the components of GRC? 2. What are the upgrades happened in GRC 5.3 from GRC 5.2? 3. Is it possible to have a request type by which we can change the validity per iod of a user? If possible, then what are the actions? 4. What's the latest Support Pack for GRC 5.3? How it differs from the previous one? 5. What are the issues faced by you in ERM & CUP after golive? 6. Can we change Single roles, objects & Profile description through mass mainte nance of role? If yes, how? 7. What are the prerequisites for creating a workflow for user provisioning?

8. How will you control GRC system if you have multiple rulesets activated? 9. Can we view the changes of a role, happened in PFCG, through GRC? 10. How will you mitigate a user against an authorization object which is decide d as sensitive by Business? 11. Give an example of SOD with object level control & also decide the Risk impl ication from the Technical standpoint. 12. Is it possible to assign two roles with different validity period to a user in one shot through GRC? If yes, how? 13. What's the use of Detour path? How Fork path differs from Detour path? 14. How can you enable self password reset facility in GRC? 15. Can we have customized actions for creating request types in CUP? 16. Which SOX rules got inherited in SAP GRC? 17. How many types of Background job you are familiar with? Why Role/Profile & U ser Sync. job is required? 18. Where from can we change the default expiration time for mitigating controls ? What's the default value for the same? 19. How will you do the mass import of role in GRC? 20. Explain the total configuration & utility of SPM? 21. Can we create Logical systems in GRC? If yes, how & what can be the advantag es & disadvantages of the same? 22. Can we have different set of number ranges activated for request generation? 23. Explain, how can we create derived roles in ERM? What will be the significan t changes in methodology for creating composite roles? Some SAP Security Questions: 1. How a transaction code works? 2. Can we set any password limitations/exceptions in SAP? If yes, how? 3. What's the basic difference in between SU22 & SU24? 4. What exactly is SU25? What's the significance of it's 2a,2b,2c & 2d sections? 5. Other than SU53, how can you get missing authorisation details? 6. How can we reset the password for 1000 users at one shot? Is it possible? 7. Is it possible to derive a role which is not having any t-code but have some manually entered authorization objects? If yes, how? 8. Can we reset our self SAP password? Please note, you don't have SU01's author ization. 9. Suppose my Dev system has 3 clients. In one of the client, I'm making some ch anges in a tcode. Will the changes get reflected in other client's also? If yes, how? 10. Through which tcode I can do a mass user comparision? What's the daily backg round job for the same? 11. What does PRGN_STAT & TCODE_MOD table consist of? 12. What does we check through SM50 & SM51? 13. Which are the necessary objects for controlling the t-code SU01? 14. Can we give display access for DEBUGGING to a user? If yes, how? 15. What are the SAP default Service users & what are their default passwords? W hat password does system bydefault generate for these Service User/s while insta lling a new client within the system? 16. From where we can create new Authorization field? 17. Is it possible to assign ABAP role to Portal user? If yes, how? 18. How can we gain control over Infotypes? 19. Why we have to generate the profile again after saving the authorization dat a while role creation/modification? 20. When does a profile become 11 character string? 21. How can we find out the roles that got directly generated into Production & not imported from Quality System? Please note, you don't have any Quality user i d. 22. How CUA can help from Management standpoint of a Business, having SAP instal led?

GRC is a tool that helps improve controls. From a security perspective it automa tes monitoring of SoD's, allows automated provisioning of emergency access and a utomation of the user provisioning process Security Q's: Explain the authorisation concept in detail Explain how config relates to security Explain why SU53 is not always accurate GRC Q's: Explain in detail how the different components of the Access Controls suite inte grate with each other Explain the key problem areas in implementation of RAR Explain the key problem areas in implementation of CUP Some GRC Questions: 1. What are the components of GRC? 2. What are the upgrades happened in GRC 5.3 from GRC 5.2? 3. Is it possible to have a request type by which we can change the validity per iod of a user? If possible, then what are the actions? 4. What's the latest Support Pack for GRC 5.3? How it differs from the previous one? 5. What are the issues faced by you in ERM & CUP after golive? 6. Can we change Single roles, objects & Profile description through mass mainte nance of role? If yes, how? 7. What are the prerequisites for creating a workflow for user provisioning? 8. How will you control GRC system if you have multiple rulesets activated? 9. Can we view the changes of a role, happened in PFCG, through GRC? 10. How will you mitigate a user against an authorization object which is decide d as sensitive by Business? 11. Give an example of SOD with object level control & also decide the Risk impl ication from the Technical standpoint. 12. Is it possible to assign two roles with different validity period to a user in one shot through GRC? If yes, how? 13. What's the use of Detour path? How Fork path differs from Detour path? 14. How can you enable self password reset facility in GRC? 15. Can we have customized actions for creating request types in CUP? 16. Which SOX rules got inherited in SAP GRC? 17. How many types of Background job you are familiar with? Why Role/Profile & U ser Sync. job is required? 18. Where from can we change the default expiration time for mitigating controls ? What's the default value for the same? 19. How will you do the mass import of role in GRC? 20. Explain the total configuration & utility of SPM? 21. Can we create Logical systems in GRC? If yes, how & what can be the advantag es & disadvantages of the same? 22. Can we have different set of number ranges activated for request generation? 23. Explain, how can we create derived roles in ERM? What will be the significan t changes in methodology for creating composite roles? Some SAP Security Questions: 1. How a transaction code works? 2. Can we set any password limitations/exceptions in SAP? If yes, how? 3. What's the basic difference in between SU22 & SU24? 4. What exactly is SU25? What's the significance of it's 2a,2b,2c & 2d sections? 5. Other than SU53, how can you get missing authorisation details?

6. How can we reset the password for 1000 users at one shot? Is it possible? 7. Is it possible to derive a role which is not having any t-code but have some manually entered authorization objects? If yes, how? 8. Can we reset our self SAP password? Please note, you don't have SU01's author ization. 9. Suppose my Dev system has 3 clients. In one of the client, I'm making some ch anges in a tcode. Will the changes get reflected in other client's also? If yes, how? 10. Through which tcode I can do a mass user comparision? What's the daily backg round job for the same? 11. What does PRGN_STAT & TCODE_MOD table consist of? 12. What does we check through SM50 & SM51? 13. Which are the necessary objects for controlling the t-code SU01? 14. Can we give display access for DEBUGGING to a user? If yes, how? 15. What are the SAP default Service users & what are their default passwords? W hat password does system bydefault generate for these Service User/s while insta lling a new client within the system? 16. From where we can create new Authorization field? 17. Is it possible to assign ABAP role to Portal user? If yes, how? 18. How can we gain control over Infotypes? 19. Why we have to generate the profile again after saving the authorization dat a while role creation/modification? 20. When does a profile become 11 character string? 21. How can we find out the roles that got directly generated into Production & not imported from Quality System? Please note, you don't have any Quality user i d. 22. How CUA can help from Management standpoint of a Business, having SAP instal led?

Answers to Security Questions: 1. How a transaction code works? Ans. When a TCODE is accessed the main authorization object S_TCODE is checked f or field TCD The following sequence specifies the order of controlling objects in SAP 1. Client Field is used to allow working only on the client specific data and su bsequent changes in SCC4 allow working on Cross Client and Rep objects. It is no t possible to work with other clients data 2. User id and password are checked 3. Control the Access by using SM01 (Transaction code is locked for every user g lobally). example SCC4,SE03,SE06,SE38,SE37 are locked 4. Maintain S_TCODE to access the Transactions. The Authorization Object S_TCODE is checked whether user has access to this transaction All the transactions are checked against this authorization object (S_TCODE). if the entries are not available in this Authorization Object the user is denied the access and it is documented in SU53(Missing Authorizations) 5. Checks for the minimal authorizations in the table TSTCA (TSTC is table for transaction codes). TSTCA Provides Authorizations for Transactions TCode Checks whether the TCode is assigned or not, if the TCode is assigned then it allows to login to that transaction. But in order to execute there are minimal authorizations that are assigned to TC ODE in Table "TSTCA" example for TCode SU01 S_USER_GRP has to be maintained with a uthorization field and activity (Class and ACTVT) 6. Checks the Transaction SU24 for Assigned Authorization Objects It displays the list of Authorization Objects that are assigned to a Transaction 7. Checks authority-check command in the programs(it is a custom code/sap standard code which contains command authority-check followed by Author

ization Object, Authorization Field, Activities and Field Values) Note: The Allowed authorizations are displayed in SU56 and the current missing A uthorizations are displayed in SU53 Each Action is defined in Table TACT (table actions/activities) 2. Can we set any password limitations/exceptions in SAP? If yes, how? Ans. Yes we can .using security parameters For that we have to set the parameters in RZ10 Like :login/falield_to_user_auto_unlock Login/fails_to_user_session_end Login/min_password_letter: Login/min_password_len: Login/min_password_digit: Login/min_password_uppercase: Login/min_password_lowercase: Login/min_password_diff: Login/min_password_:special : Login/no_automatic_user_sapstar: Login/disable_multi_gui_login: Login/multi_logon_users; Login/system_client: etc 3. What's the basic difference in between SU22 & SU24? Ans- SU22 displays and updates the values in tables USOBT and USOBX, while SU24 does the same in tables USOBT_C and USOBX_C. The _C stands for Customer. The profile generator gets its data from the _C tables. In the USOBT and USOBX tables the values are the SAP standard values as shown in SU24. With SU25 one can (initially) transfer the USOBT values to the USOBT_C table. 4. What exactly is SU25? What's the significance of it's 2a,2b,2c & 2d sections? Ans- USOBT Contains the List of Transactions and their associated Authorization Objects USOBX contains the list of Transactions vs. Authorization Objects and Check Indi cators. Note: Run only once to fill the customer tables, if it ran more then once it set the customer tables to default values. Execute SU25 These Two tables USOBT and USOBX are SAP Standard Tables which maintains the SAP Standard Authorizations. Customers are not allowed to modify in these two table s. So, they are advised to copy these standard tables into customer tables USOBT _C and USOBX_C. If modification is performed on standard tables they are lost during upgrade. As part of the SAP System Post Initialization? Transaction SU25 is executed Select the option 01? initially fill the customer tables?Under Profile Generator Installation 2. A. Preparation: Compare with SAP values This step will provide the delta between the SAP standard tables USOBT and USOBX and the respective custom tables USOBT_C and USOBX_C. The hanges from the SAP sta ndard tables will be updated in the custom tables. To transport these tables you have to perform step 3 later on. 2. B. Compare Affected Transaction In this step an overview of affected transaction will be displayed that were mai ntained by the customer in SU24 [maintaining SU24 for SAP standard], and have bee n updated by SAP with the upgrade now. It can be determined whether the customer specific entries are to be kept or to be adapted based on the SAP suggestions tha

t come in with the upgrade. 2. C. Roles To Be Checked This step will provide an overview of the roles that are actually affected by th e upgrade. The roles can be worked on individually according to prioritization, and can then be transported 2. D. Display Changed Transaction Codes Sometimes SAP transactions are replaced or become obsolete. This step will provid e the necessary overview. Per double-click the affected transactions can be repl aced by SAP suggestions. 3. Transport of Customer Tables This step will allow you to transport the changes performed in 2.A. and B. The t ables mentioned above will be completely transported [not only the delta]. 5. Other than SU53, how can you get missing authorisation details? Ans. You can use Trace function, ST01, you can trace the user activity and from the log you can see the authorization missing. Start an authorization trace using the ST01 transaction and carry out the transa ction with a user who has full authorizations. On the basis of the trace, you ca n see which authorizations were checked 6. How can we reset the password for 1000 users at one shot? Is it possible? Ans. Using Scatt program . 7. Is it possible to derive a role which is not having any t-code but have some manually entered authorization objects? If yes, how? Ans. No its not possible . why becoz it never carry the manually added authoriza tion objects 8. Can we reset our self SAP password? Please note, you don't have SU01's author ization. Ans. Yes using SU3 tcode 9. Suppose my Dev system has 3 clients. In one of the client, I'm making some ch anges in a tcode. Will the changes get reflected in other client's also? If yes, how? Ans. If its standard tcode means it will reflect (Cross client objects changes w ill happen . but in client specific object it wont reflect ) 10. Through which tcode I can do a mass user comparison? What's the daily backgr ound job for the same? Ans. User Comparison/User Master Reconciliation: The Roles which are assigned to the user are not effective immediately until a u ser comparison is performed. It is performed by the following means: 1. During assignment of Roles to the Users and selecting the option USER COMPARI SON 2. Execute Transaction PFUD (profile Update) so that User Master Records are rec onciled 3. The above two options consumes more time when they run in the peak hours. So it is recommended to schedule a Report PFCG_TIME_DEPENDENCY Execute Transaction SA38?specify the Report Name? PFCG_TIME_DEPENDENCY Schedule to run in the background mode. This report reconciles the user master records 11. What does PRGN_STAT & TCODE_MOD table consist of? Ans. The transport that is created from performing each step of SU25 contains th e following tables: PRGN_STAT

SMENAKTNEW SMENAKTT SMEN_DATES SSM_LANGU TCODE_MOD USOBT_C USOBX_C 12. What does we check through SM50 & SM51? Ans: SM50 local work process over view SM51global Work Process over view When u doing sytem trace we can check the user logging in to which app sever in SM51 13. Which are the necessary objects for controlling the t-code SU01? Ans. S_USER_GRP S_USER_PRO S_USER_AUT 14. Can we give display access for DEBUGGING to a user? If yes, how? 15. What are the SAP default Service users & what are their default passwords? W hat password does system bydefault generate for these Service User/s while insta lling a new client within the system? Ans: Default users DDIC,SAP* .default passwords master password,pass. 16. From where we can create new Authorization field? Ans. In tcode SU20 Authorization Field: it is a field, or a data element in the database tables tha t needs to be protected. Example: PO, Material Number, Username etc 17. Is it possible to assign ABAP role to Portal user? If yes, how? 18. How can we gain control over Infotypes? 19. Why we have to generate the profile again after saving the authorization dat a while role creation/modification? Ans. While modifying a role the values which we wil give in the role that wil re flect to the user only after generating profile only . that y we have to do 20. When does a profile become 11 character string? 21. How can we find out the roles that got directly generated into Production & not imported from Quality System? Please note, you don't have any Quality user i d. 22. How CUA can help from Management standpoint of a Business, having SAP instal led? Ans. By using CUA we can maintains the users form central system or client 1) Explain me about your SAP Career? 2) Tell me your daily monitoring jobs and most of them you worked on? 3) which version of SAP are you working on? Is it a java stack or abap stack? 4) Tell me about derived role? 5) what is the main difference between single role and a derived role 6) Does s_tabu_dis org level values in a master role gets reflected in the child role?? 7) Tell me the steps to configure CUA?

8) Is RAR a java stack or Abap Stack? 9) What is the report which states the critical T-codes? and also What is the T-code? 10) What is the T-code to get into RAR from R/3? 11) Explain about SPM? 4) Tell me about derived role? Ans:Derived roles..To restrict the user access based on organizational level values. Derived role will be inherited by master role and inherit all the properties except org level values. 5) what is the main difference between single role and a derived role? Ans:Main difference--we can add/delete the tcodes for the single roles but we cann't do it for the derived roles. 6) Does s_tabu_dis org level values in a master role gets reflected in the child role?? Ans:If we do the adjusted derived role in the master role while updating the values in the master role thn values will be reflected in the child roles. 10) What is the T-code to get into RAR from R/3? Ans:/virsar/ZVRAT 11: Explain about SPM? Ans:SPM can be used to maintain and monitor the super user access in an SAP system. This enables the super-users to perform emergency activities and critical transactions within a completely auditable environment. The logs of the SPM user IDs helps auditors in easily tracing the critical transactions that have been performed by the Business users Ans 1) Elaborate about your complete SAP experience and yes be true with them. Ans 2) As a part of my daily job being a SAP Security consultant i have to take care of tickets monitoring and assigning them within the team. I have to take care of critical incidents and emphasize themon high priority for their faster resolution. I have to troubeshoot different authorization issues that come across in daily work with the users. Ans 3) You have to check this with your systems. Ans 8) RAR is Java stack. It was ABAP when it was called as Complance Calibrator. Ans 9) RSUSR005 1)What does the Profile Generator do? 2)What is the main purpose of Parameters, Groups & Personalization tabs 3)in SU01? purpose of Miniapps in PFCG? 4)What happens to change documents when they are transported to the production system? 5)what are the issues you faced with UME? 6)what is the Ticketing tool that you are using in your organisation?and explain?

7)what do you know abt LSMW? 8)Difference b/w su22 and su24 ? 9)what is the landscape of GRC? 10)What is the difference between Template role & Derive role? 1. we can create roles , transport , copy , download,modifications , all these thing done from pfcg tcode. 2.parameters : when ever user want some defaults values when ever he/she excute the t-code we can mainatian some pid's by taking help of abapers. group : based on user roles and responsibiltes security admin can asssign to particular group. personalization : this data provides by sap itself based on t-codes which are maintained at menu tab. 3. using mini apps we can add some third party functionality 6.remedy tools and some comapny internal tools used for geeting issues from client side . 7.lsmw is used for creating large number of user at a time . 8.su22 is maintaind standard t-codes and thier standard autorisation object ( usobx and usobt ). su24 : here we can mainatin customer related t-code and their authorisation objects ( usobx_c and usobt_c ). 9.grc land scape develop and production . 9. tempaltes rrole : it is provided by sap it self. dervide role : a role which is derived from a master role it can inherit the menu structure t-codes and all but it cant inherit the organisation level , here we can maintain orgnisation levels only . 4) Change documents cannot be displayed in transaction 'SUIM' after they are transported to the production system because we do not have the 'befor input' method for the transport. This means that if changes are made, the 'USR10' table is filled with the current values and writes the old values to the 'USH10' table beforehand. The difference between both tables is then calculated and the value for the change documents is determined as a result. However, this does not work when change documents are transported to the production system. The 'USR10' table is automatically filled with the current values for the transport and there is no option for filling the 'USH10' table in advance (for the history) because we do not have a 'befor input' method to fill the 'USH10' table in advance for the transport. what is the difference between PFCG,PFCG_TIME_DEPENDENCY&PFUD???

PFCG is used to create maintain and modify the roles. PFCG_TIME_DEPENDENCY is a background job of PFUD. PFUD is used for mass user comparison but the difference is if you set the background job daily basis it will do mass user comparison automatically What is the maximum number of profiles in a role ? What is the maximum number of authorization objects in a role? What is the maximum number of authorization in an object ? 312 profiles in a role , 150 authorization objects, not more than 10 authorization fields in object, please correct me if i am wrong Q)if u r using 10 firefighter ids at a time? How will the log reports goes to controller? Q)wt is ruleset? and how to update risk id in rule set? Q)wt is the procedure for Role modifications?explain with example? Q)who will done user comparision? 1) log reports send through ( mail , workflow or logdispaly ) these are available at options tab when we are assigning fids to the controller tab. 2) ruleset which contains ( busniessprocess , risks , function and action,authorisations ) is know as rule set. User comparision: This is done when ever role is already assigned to users and changes are done in that role. In order to get the changes adjusted in the roles, user comparision is done. Also during indirect asssignment of roles to user using t codes Po13 and po10, w e have to to do user comparision, so that the roles get reflected in the SU01 re cord of user. Generally this task is done PFCG_TIME_DEPENDENCY background job which runs once daily so that roles are adjusted after running this report. If changes are to be reflected immediately, user comparision is recommended. What are the Critical Tcodes and Authorization Objects in R/3. pfcg n su01 rz02 n rz03 what are the prerequisites we should take before assigning sap_all to a user even we have approval from authorization controllers ? prerequisites are follows before assigning sap_all to any user . 1.enabling the audit log ---- using sm19 tcode.

2.retreving the audit log-----using sm20 tcode. this process follows when your not implementing grc in your system. I have deleted single role from composite role now i want to find out the changes in composite role without using SUIM. Is there any other possibilitie to get? yes , it is possible from role screen its self . go to menutab go to utilities--->change documents . what is the difference between su25 & su24 , when we can make the authorization checks in su25 then what is the use of su24 T-code SU24 is used to select the check objects and default values for an authorization when any t-code or report is added to a role. On the other hand t-code SU25 is used at the time of system upgrade to perform below actions : 1) Initially fill the customer tables by copying from SAP tables. 2) Comparing the corresponding values between SAP tables and customer tables. 3) Find out which new t-codes are moved to Production system during upgrade. 4) Find out all t-codes whose name has been changed in upgrade, lets say ST03 is now called ST03N. why we are using the landscape in sap r/3 ? SAP systems are used in large industries where daily transactions are carried out at large scale. In order to avoid any affect on production system directly because of change and to avoid th e blockage of business process we are using landscape in R/3. Please rectify if my answer is not valid. How to Create SCAT program for any mass upload purpose? SCAT is similar to LSMW/BDC to upload/updated data in SAP from legacy system. The differences between SCAT and LSMW :LSMW and SCAT has different functionalities and different advantages, but common thing is they are used for data upload. SCAT is mainly used as a testing tool for follow-on transactions i.e. Purchase R equisition, Purchase order, Goods Receipt etc. Whereas LSMW is used for Master data (Materials, Customer, Vendor, BOM, Info rec ord etc) and some of the transactions data (Purchase order, purchase requisition ) There are many standard objects are available in LSMW so most of the consultants use LSMW, but again depends on the requirement.

Writing a CAT script to create user:1 Recording a test case 1.1 To record a test case, call Transaction SCAT and enter test case Zuser_creat . - Do not choose Enter. - Choose Test Case ? Record Transaction. Enter Transaction SU01, and choose Reco rd/Enter. - The system runs Transaction SU01. - Enter the user name TESTZ and choose Create. - Enter the user s title first name ZEBRA and the last name TEST. - Select the Logon data tab, enter init as the initial password, and repeat the password, profile select sap_all then choose Save. - Go back a screen and in the dialog box displayed, select End recording. - A message is displayed stating that the recording has ended. - Enter the test case title User maintenance. - In the field Component, enter BC-SEC-USR. - Save the test case. - In the field package class, enter $TMP. - Choose Save to save the attributes. - To save the test case functions, go back. 2 Entering parameters for a test case 2.1 To define parameters for a test case, call Transaction SCAT. - Enter the test case name Zuser_creat. - Select Functions and choose Change. - Double-click on TCD. - Then double-click on program SAPLSUU5 screen 0050. (first appearance of this rogram) - The first screen of Transaction SU01 is displayed. (If you backed out, enter he procedure name again and double-click on TCD.) - Double-click on the user name field. In the field Param. name, enter an "&", nd choose Copy/Enter. - Choose Next screen and double-click the last name. In the field Param. name, nter an "&" and choose Copy/Enter. - Go back until the Save folder appears, and choose Save. 3 Creating and using an external variant for the test case 3.1 To export the default parameters into a frontend file, in the test case, sel ect Goto? Variants ? Export Default. Note: The default file name is <the name of your test case>.txt. Do not change t he default values. 3.2 Open the file, with excel and edit and add another couple of user, and save the text file 3.3 To execute the test case using the external variant from file, from the init ial CATT screen, enter the test case name and choose Execute. In the field Variants, select External from file and choose Choose. Select the f ile created above, and choose Open. Under Processing mode, select Errors, and ch oose Execute. Note: When you use this method, the file must be imported each time the test cas e is executed (file remains only on PC).

p t a e