- 9 years’ experience in managing overall SAP Security in S/4 HANA, SAP UI5 Application, ECC, HANA, FIORI, BI, SRM, CUA, Enterprise Portal, Solution Manager (CHARM) and HR systems in multiple SAP projects.
- 7 years’ experience in configuration, customization, implementation,testing and operational support of GRC Access Control Suite 12.0 and 10.x versions ARA, EAM, ARM, BRM in compliance with Segregation of Duties (SOD) and the Sarbanes Oxley Act (SOX).
- 1 year experience in S/4 HANA and FIORI Security design and implementation in Healthcare and Manufacturing domain projects.
- SAP Security design and configuration for SAP UI5 Web Application in S/4 HANA HUB Deployment Architecture.
- Implemented transactional, analytical, factsheets, transactions Applications in FIORI Launchpad.
- Customized business catalogs and groups in FIORI Launchpad Designer.
- Managed SAP HANA Security in HANA Studio and WebIDE with Catalog and Repository roles for required system, object, analytic and package privileges.
- Implemented complex MSMP workflows with BRF Plus rules for Access requests, ARA and BRM modules.
- Proven expertise in handling Authorization functionalities in large projects involving many complex security requirements in AGILE methodology.
- Recognized as a valued resource in effectively leading the team, managing multiple modules, implementing process improvements, adapting and mentoring the team to new implementations as HANA, FIORI, S/4 HANA systems.
SAP Security & GRC Consultant
- Designed Backend and Front end PFCG roles for SAP UI5 Web Application in S4 HANA and FIORI in HUB Deployment Architecture.
- Implemented role changes for new functionality in SAP UI5 Application by maintaining Authorization object level and Organization level restrictions in ODATA services in backend S4 HANA System to provide required access in SAP UI5 Web application.
- Maintained SU24 Check Proposal and default values for ODATA services in S4 HANA System.
- Trouble shooting issues in SAP UI5 Application using STAUTHTRACE for analyzing maintained authorization in ODATA services.
- Identified and resolved authorization issues in FIORI Apps via /IWFND/ERROR LOG.
- Maintained custom notification templates via SE61 and View GRFNVNOTIFYMSG to include additional details in the notification emails sent to requestors and approvers.
- Tested and validated GRC enhancements by developing test scripts for various scenarios.
- Developed Business roles in GRC for provisioning user access in multiple systems in different landscapes and connector groups.
- Configured and implemented MSMP workflows utilizing BRF Plus application framework in multiple scenarios for automating user provisioning, emergency access and access risk management.
- Implemented Business roles in GRC to combine roles from S/4 HANA and FIORI systems while user provisioning in order to simplify the role assignment in S/4 HANA and FIORI systems.
- Worked in Agile methodology using JIRA Tool and implementing Security changes across landscapes based on business requirements.
- Worked in Agile methodology handling JIRA stories, prepare documentation for requirements specification, testing and provide demo as part of Change Approval process.
SAP Security & GRC Lead
- Implemented transactional apps for ECC, SRM and S/4 HANA systems in FIORI launchpad utilizing FIORI Apps Library.
- Activated application specific ODATA services via /IWFND/MAINT SERVICE and SICF services.
- Created custom business catalogs and groups in FIORI Launchpad designer for required FIORI Apps.
- Implemented front end PFCG roles with required business catalogs and groups in FIORI.
- Implemented backend PFCG roles with required IWSV ODATA services and authorization object values in S/4 HANA System.
- Implemented Analytic apps in FIORI by creating custom catalog in FIORI Launchpad designer with required application specific Target Mappings.
- Implemented Factsheet Apps by creating App specific search connectors via STC01 in S/4 HANA system.
- Implemented FIORI Apps for SAPGUI enabled transactions by creating custom Semantic objects via /UI2/SEMOBJ SAP in S/4 HANA system.
- Created custom business catalog via Maintenance tool for App Descriptors for required Semantic Action and transaction codes.
- Configured database users in HANA system with required roles and privileges.
- Configured catalog roles (in HANA Studio) and repository roles (in HANA WebIDE) with required system, object, analytical, package and application privileges for administrators and modelers.
- Implemented row level restrictions for Query users by creating Analytical privileges with required attribute restrictions on information views.
- Resolved authorization issues using authorization trace in HANA Studio.
- Transported repository objects across Dev and Production HANA system landscapes using Export/Import in HANA Studio.
- Involved in cross tenant database access in Multi - Tenant HANA Database System.
- Excellent understanding and practical experience in SAP GRC Access Control Suite 12.0 implementation, post configuration and operational support of Access Risk analysis (ARA), Emergency Access management (EAM), Access Request management (ARM) and Business Role management (BRM) components.
- Implemented FF ID based Firefighting by creating FF ID role in backend systems, assigned FF ID role to FF IDs and maintained the FF identifier role in GRC paramter SPRO configuration.
- Implemented Centralized Firefighting and provided EAM launchpad access to FF users in GRC.
- Implemented password self service(PSS) functionality in GRC with the required SPRO configuration.
- Involved in UAR review performed bi-annually as part of Audit process via GRAC UAR REQUEST GEN for the approved list of roles and triggered UAR requests to Reviewers in GRC NWBC.
- Requirement gathering from project/business teams for role design and implemented security roles in Profile Generator (PFCG) based on task-based role design strategy in compliance with SOD design principles in SAP ECC, BI, SRM and Portal.
SAP Security & GRC Lead.
- Streamlined the User Provisioning process and ensured that Access requests were handled promptly avoiding unnecessary delays/missouts.
- Implemented multi level inheritance in Finance module roles to restrict access to AP/AR/GL/IC modules (via F BKPF KOA object) and users were provided access only to specific module/sub module in FI.
- Incorporated process improvements by standardizing role modification steps and avoided inconsistent role design and rework.
- Created SOP documents for all SAP security processes including Custom transaction Questionnaire, QA test document, Peer review document.
- Conducted regular standup meeting with team to discuss on current tasks/issues, ensure transparency and pro actively identify delays.
- Handled critical production issues efficiently by coordinating with approvers, functional, basis teams to perform required role changes and provided production access on time.
- MSMP workflow configuration for the creation and maintenance of functions, risks creation and assigning mitigating controls and Access requests for new, change, delete users, firefighter access utilizing BRF Plus Application framework in MSMP workflows.
- Utilized S DEVELOP to restrict ABAP Workbench program debug/modify access in Production system.
- Restricted table and program access to specific users via S TABU DIS, S TABU NAM, and S PROGRAM authorization objects.
- Implemented authority checks in custom transaction codes based on the analysis of tables and authorization objects accessed by the transaction code.
- Coordinated SAP Security UT and UAT as part of Security testing and Go Live phases.
- SNC configuration for SAP end users to enable SSO Login and trouble-shoot/support users while facing issues with SSO Login.
- Maintained SAP HR Mini master record in PA30 and position in PPOCE in ECC.
- Created the ORG structure in ECC and replicate it to SRM system and troubleshooting issues in replication from ECC to SRM.
- Provided access to shopping carts and purchase orders using BBP PD PO and BBP PD SC authorization objects in SRM.
- RSECADMIN Tool in creating Analysis Authorization with required characteristic restrictions, assignment to users and troubleshoot issues using error logs.
- Created RFC (Request for change) requests in CHARM for moving transports from Dev to Prod systems.
SAP Security & GRC consultant
- Role re-design including standard module/system specific role naming convention, description, and long text format to maintain consistent role design across all landscapes.
- Implemented Segregation of duties by creating 500+ derived roles to restrict user access to their location specific plant/company codes organization values.
- Created SECATT scripts for derived role creation and updating org values in derived roles and thereby reduced time efforts for mass roles creation.
- Developed module specific common display All roles for large user base in FI and SD modules.
- Process improvement implemented by creating Peer review process/document to ensure the correctness of auth values while role creation/changes.
- Identified custom transactions as per team usage history and proposed auth checks to be included in the custom programs to ensure that authorization checks are performed for critical custom transactions.
- Performed role level simulation before role changes to proactively identify SOD risks and remediate/mitigate risks upon discussion with business teams.
- Created team specific Business roles for support users in GRC to simplify user provisioning by including multiple technical roles and assigning role owners to business roles.