Technical Summary

• Over 3 years of experience in SAP security administration and GRC.
• Performed User, Authorization and Profile administration.
• Worked on GRC Access Control version 5.3 (All Components), Risk Analysis and Remediation(RAR), Compliant User Provisioning (CUP), Enterprise Role Management (ERM), Superuser Privilege Management (SPM)
• Very good understanding of SAP R/3 system integrity in technical as well as functional areas.
• Designed and built security roles for SD, MM, FI, CO, PP, PM, PS,
• Worked on versions, R/3 (ECC 5.0and ECC 6.0)
• Have complete familiarity with organization level security, single roles, composite roles and derived roles
• Running system trace to record authorization checks for the user sessions and tracing the missed authorization
• Global activating or deactivating of authorization checks
• Transported the generated roles and profiles using SAP transport management system
• Expert in trouble shooting using ST01, SU53

Professional Experience

Client: Confidential, Duration:-January 2009 to Till date
SAP Security Administrator
Remote Consulting project with Confidential,USA
Tasks: Production Support, Security Redesign, User Creation, Role Creation, Trouble shooting, GRC
Modules Supported: SAP Finance, SAP MM, SD, PP QM

User Administration:

• Familiar with Text Compare and User compare of roles
• Extensively used Tables like USR02, USER_ADDR
• SOD Analysis on User level using VIRSA GRC compliance calibrator
• Created Firefighter Service Users using SU01
• Assigned Firefighters to FF ids using /n/VIRSA/VFAT
• Maintenance of Firefighter Owners and Controllers on regular bases.
• Created multiple users in the system as per clients requirements
• Familiar with different types of User types
• Worked with basis and external vendors for setting up System/Communication user ids
• Created and familiar with use of user groups depending on the employee location
• Knowledgeable on the use of default values in the user master record such as date format and currency depending on the country
• Used SU10 mass change transaction to assign user to user groups and change other parameters like date format, cost center, address etc
• Trained user with use of SU3 transaction for them to update their own user parameters
• Identified all the user parameters like plant, company code, sales organization required working with functional teams
• Familiar with assigning user to role in CUA environment and non CUA Environment

SAP User Administration Production Support

• Familiar with Error ticketing process and used remedy software
• Used SUIM to perform security analysis for various purposes.
• Helped users by using sap change logs to identify the change which happened to their profile
• Trained junior people to create user ids in the system based on company policy
• Generated weekly report to see the users who have not used the system for 180 days
• Extracted reports like user assigned to roles, user by location, user by name from SUIM for functional teams and company HR
• Helped with locking accounts when the employee left the company

SAP Role Administration Implementation

• Very comfortable with PFCG transaction for creating roles
• Created role from Transaction, SAP Menu, and other roles
• Added help files and web location into the role
• Familiar with manual maintained and standard object in the role
• Worked with functional team to restrict the object values in the role
• Understand the role of organizational values for restricting roles
• Created multiple single and composite roles with proper technical name
• Understand the difference between parent and child roles.
• Familiar with Composite role concept and how it can reflect the job of the user
• Very comfortable with transporting role from one system to another
• Extensively used AGR_DEFINE, AGR_1251, AGR_1252 to extract data relevant to roles
• Familiar with the Yellow, Green and red statuses in the roles
• Inserted objects manually when required
• Manipulated SU24 to update the object values based on requirement
• Understand the implications of Upgrade from one version to another
• Used ST01 to advice the client and Functional team on object required to restrict the transaction

SAP Role Administration- Production Support

• Extensively used SU53 to interpret the error
• Used ST01 when the error message was not clear
• Identified the changes to roles from SUIM
• Generated useful reports for like Roles to transaction, Role to User and Roles to Composite roles etc
• Helped functional team with identifying the objects required for batch users.
• Helped the client secure the table and programs with authorization groups.

SAP Security Audit Compliance

• Checked for users who have any sap defined profiles
• Checked for user who have table access with SE16, SE17, SE11, SE16N in connection with object S_TABU_DIS and S_TABU_CLI
• Identified user with access to Sensitive transaction SE38, SA38 in combination with S_PROGRAM and S_DEVELOP
• Identified user with access to SM59 Connection who can created connections to external system
• Restricted access to User administration functions to specific group of users with object S_USER_GRP
• Create roles for security administrator so they cannot change roles in Quality system and production system
• Monitored the PFUD report for user comparison

SAP Security Testing and Documentation Support

• Helped user test both positive and negative testing
• Completed the unit test with test id so user will be able execute the transaction without any errors.
• Documented the on boarding process of the users and user removal process from the sap system
• Help client come up with users having elevated or extra access for limited amount of time
• Completed documentation on the User creation and role creation process plus the dos and don’ts in the system
• Trained and helped new SAP Security administrator with the transition process into the job
• Mentored the new SAP Security Administrator

Education: Associate Degree in Computer Science