Sap Security Analyst Resume
Hoffman Estates, IL
SUMMARY:
- Certified SAP Security Consultant with 6+ years of as SAP Security/GRC Consultant and Basis Administrator in Implementation, Upgrade, Rollout and Support projects.
- Worked on multiple, successful, simultaneous implementation projects - - two full project lifecycles and 4 other short-term engagements encompassing R/3, ECC, HR, BI, SRM, SCM, CRM, XI, APO and GRC.
- Complete understanding of Internal Control and Standard operating procedures of SAP Security.
- Good at Security/User Administration, CUA and Authorization objects maintenance, Problem analysis and troubleshooting, ECATT Scripts, Auditing and GRC tools.
- Excellent analytical and dynamic troubleshooting skills possessing inter-personal abilities and a self-starter with good communication skills and leadership qualities.
- Experienced in SAP Security with releases from 3.1, 4.6 B to ECC 6.0 including security for SAP GRC, BW/BI, HR, EP,FI/CO, Sol-Man, SCM, SRM, MM, SD, APO, GTS, Single Sign-On (SSO).
- Created and Used eCATT and LSMW scripts for mass changes in security.
- Configured, Implemented and Maintained security for Central User Administration (CUA).
- Implemented access control on security related tables (AGR *, USR *) and sensitive authorization objects (S TABU DIS, S PROGRAM, etc.).
- Configured and rebuild SOX Compliant security roles based on business requirements.
- Worked on SAP Governance Risk & Compliance product suite (VIRSA) Risk Analysis & Remediation (RAR) (Compliance Calibrator 5.x), Compliant User Provisioning (CUP) (Access Enforcer 5, 5.x), Enterprise Role Management (ERM) (Role Expert) and Super User Privilege Management (SPM) (Fire Fighter 5.x).
- Experience in Trouble shooting ECC and BW issues using RSSM, RSSMTRACE and RSECADMIN, ST01, SU53 and ST03.
- BW/BI--Worked extensively on BI 7.0 Security with management of Analysis Authorizations at Characteristics, Key Figure, and Hierarchy Node Level using T-Code RSECADMIN and secured Info area/Cubes/Objects.
- Defined Authorization-Relevant InfoObjects using InfoObject Maintenance (RSD1).
- Good understanding of BI Workbench, DSOs, Cubes and Multi-Cubes, Queries and Reports.
- HR--Used PA20, PA30, and PA40 to secure HR Master Data including Position level security.
- Thorough usage of HR Switches and Restricted Infotypes using authorization objects P PLOG, P ORGIN, P PERNR, P ABAP and various other Authorization objects and Extensive knowledge on HR security table.
- Experience on HR Security, Structural Profiles and Organizational Structures PA, PD, Payroll, Time, ESS and MSS Modules.
- EP--Design, Develop, Testing of Enterprise Portal User IDs, Roles and iViews, User administration and Content Development.
- FI/CO--Enterprise Structure, Financial Accounting Global Setting, General Ledger (G/L) Accountings, Accounts Receivables and Payables, Interest Calculation, Dunning, Assets Accounting, Reporting and Closing.
- Posting and Parking G/L Documents (FB50, FB60, FB70, and FV50/60/70) and restriction by document type by authorization object F BKPF*.
- Searching SAP Marketplace for SAP notes in order to troubleshoot the problems arising out of daily system administration activities.
PROFESSIONAL EXPERIENCE:
Confidential, Hoffman Estates, IL
SAP Security Analyst
Environment: SAP R/3 ECC 4.6C & ECC 6.0, BI 7.1, HR 6.0, SRM 5.0, SCM 5.0, GRC 5.3, Service Management Tool suite (SMT) 2.3.2, IBM AIX, Linux, Oracle 10.2
Responsibilities:
- Worked with Business Analysts and Techno Functional Team members to design technical security solutions including table, report, program, and interface security for the production environment.
- Assist in documenting and maintaining security policies and procedures and all SAP authorizations, profiles and roles on SAP ECC 6.0, Netweaver 7.x, HR/HCM 6.0, BI 7.0, SRM 5.0, SCM 5.0.
- User Creation/Deletion/Lockdown/Password management for SAP technical and functional consultants in Development, Quality, and Production instances.
- Follow the established standards and naming conventions dictated as per client’s security schema.
- Extensively used Profile Generator to design/create and modify IT Single, Composite and Derived role specs and role build up.
- Develop profiles/roles which including complex design restrictions.
- Co-ordinate comprehensive testing of all profiles and authorizations to ensure accuracy and Segregation of Duties.
- Worked with Business Users in placing mitigations for conflicting and critical roles.
- Schedule the various background jobs to perform the risk analysis based on business unit.
- Transported the generated roles and profiles using SAP Transport Management System.
- Mass transport of changes done to development and end user team roles to various instances available.
- Critical authorization objects such as S TABU DIS, S PROGRAM, and S DEVELOP were restricted and monitored.
- Worked with security related tables such as AGR TCODES, AGR USER and AGR DEFINE etc.
- Worked in close coordination with Audit team for user role removal in SAP R/3 and supported audit team in generating audit reports.
- Regular analysis and monitoring on SAP Security tables and reports using user information system (SUIM).
- Management of Analysis Authorizations using RSECADMIN.
- Generated special authorizations with 0BI ALL.
- Assigned authorizations to role using S RS AUTH authorization object.
- Day-to-Day troubleshooting user requests and authorization issues using SU53, ST01 and ST03.
Confidential, San Antonio, TX
SAP Security Analyst
Environment: SAP R/3 ECC 6.0, BI 7.1, HR 6.0, GRC 5.3, HP Service Manager 7.11, HP-UX, Oracle 10g
Responsibilities:
- Created User Id’s for the technical and functional consultants and provided the required access in non-production and production systems.
- Created Portal accounts for the users and provided required authorizations.
- Updated Transactions Codes, Functions, Risks, Rules, Rule Matrix in GRC.
- Utilized the GRC Compliance Calibrator tool to verify requests for business correctness and test for any Segregation of Duties (SOD) conflicts and audit issues.
- Submitting various audit reports.
- Mitigate the user id against a particular risk to reduce or minimize the SOD violations.
- Schedule the various background jobs to perform the risk analysis based on business unit.
- Transported the generated roles and profiles using SAP Transport Management System.
- Mass transport of changes done to development and end user team roles to various instances available.
- Regular analysis and monitoring on SAP Security tables and reports using user information system (SUIM).
- Used PFUD for reconciliation of user master records and SUPC for profile generation.
- Day-to-Day troubleshooting user requests and authorization issues using SU53, ST01 and ST03.
- Worked on BI Authorizations including standard authorization and analysis authorizations.
- Assigned Analysis Authorization to User or Role to User in BI.7.0.
- Worked on S RS *, S RSEC and S RS AUTH authorization objects.
- Implemented support team roles and fire fighter access roles for production and non-production systems for ECC, BI, and PI/XI systems.
- Configured roles and authorization objects to secure reporting and super users.
- Built and Maintained roles in BI for Query management and Admin workbench.
- Worked with Business Explorer and Web Application Designer for integrating reports to web.
- Creating BW Roles and giving authorizations to Power Users to Publish Reports in Role Menus.
- Creation of FIREFIGHTER IDs, assigning FIREFIGHTER ID to FIREFIGHTER ID owners, assigning FIREFIGHTER ID to Controllers.
- Audited Roles and Profiles as per Sarbanes-Oxley (SOX) compliance requirements like Segregation of Duties (SOD) and analyzing Risk Assessment using VIRSA / VRAT.
- Liaison with SAP system owners in Finance & Control, Materials Management, HR, Sales & Distribution, Supplier relationship Management to draw out business needs and translated them into specifications.
- Created OSS User Id’s, Developer keys, Registered Objects on Service Marketplace.
Confidential, Skillman, NJ
Sr. SAP Security Administrator
Environment: SAP R/3 4.7EE & ECC 6.0, BI 7.0, HR 6.0, CRM 7.0, EP 7.0, GRC 5.3, Solution Manager 7.0, HP-UX, Oracle 10g
Responsibilities:
- Used SAP templates for data gathering and buildup of Role Matrices for IT team.
- Worked on the creation of IT Single and Derived Role Specs and Role build up.
- Worked with OTC (Order to Cash) team, in building the Role Matrices.
- Worked with Business experts in placing Mitigations for Conflicting and Critical roles.
- Worked with Internal Auditors in creation of User and Role Mitigations and uploaded them.
- Worked on Compliance Calibrator 5.1 tool in processing the SOX requests figuring out the root cause.
- Configured and defined FF IDs and Firefighters, assignment of FF ID to Owners and Controllers, and logging of all transactions executed during firefighting.
- Configured and defined the access provisioning approval process by combining roles and permissions with workflow using Access Enforcer tool.
- Configured the Role Expert Tool to automate the creation and management of Role Definitions.
- Unit testing the created IT Roles in the Development box.
- Developed eCATT Scripts for performing mass activities like test user creation, role assignments, assigning users to user groups.
- Implemented Line Authorizations on transaction codes like OB52 to restrict access to specific records.
- Converted some authorization fields into Org values using report PFCG ORGFIELD CREATE.
- Assisted in setting up ALE and configuration of Central User Administration (CUA) system to perform user administration centrally.
- Migrated existing users from child system to central system and maintained.
- Created Roles Specific to Indirect Procurement for IBM users.
- Modified already live production system roles to remove indirect procurement Orgvalues and authorizations.
- Used GRC tool to check SOD violations for SOX Compliance.
- Responsible for changing roles for compliance with SOD.
- Developed mitigation strategies for violation of SOD have to monitor critical usage.
- Generated Audit Information Systems (AIS), logs (SM19, SM20, SM18).
- Created custom T Codes using SE93 to restrict access to data as per business needs.
- Performed reconciliation of user master record and roles using PFUD.
- Restricted and Maintained Infotypes using authorizations objects like P Orgin, P Orgxx, P Pernr, and T-Codes like PA20, PA30, and PA40.
- Maintained HR organizational structure to administer and control user access, including time-delimited access (e.g. temporary assignments to positions).
- BI--Created and maintained BW authorizations on hierarchies (RSSM).
- Extensively used authorization objects like S RS COMP, S RS COMP1, S RS ODSO, S RS IOBJ to develop and implement new analysis authorization concept.
- Used RSECADMIN for management and analysis of authorizations and secured Info area/cubes/objects, Good understanding of BI Workbench, ODS/DSOs, Multi-Cubes, Queries and Reports.
- Extensively worked on SAP BW administration workbench - BW Info objects, Info Cubes.
- Created/Modified User IDs in Enterprise Portals and connected to Backend SAP Systems, Assigned Roles to Users.
- Designed, Developed, Test and Implemented Transactional iViews.
- Extensively supported Enterprise Portal security.
Confidential, Indianapolis, IN
SAP Security Administrator
Environment: SAP R/3 4.6 & ECC 5.0, BW 3.5, BI 7.0, SRM 5.0, HCM Security, HP UNIX, GRC 5.3, Remedy, MSSQL, Windows NT, Oracle
Responsibilities:
- Supervised Configuration and implementation of SAP Virsa Compliance Calibrator (5.3), Firefighter/Role Expert (5.3), and Access Enforcer Workflow (5.3) applications in accordance with SOX/SOD compliance to deliver a controlled environment for critical transactions.
- Created manual mitigated audit controls with Segregation of Duties (SOD) in Compliance Calibrator.
- Worked closely with the integration teams during GRC design phase, identified functional and process gaps where required, recommended and implemented solutions to gaps.
- Extensively modified, created and maintained Roles, Users, and did Profiles & Authorization Administration using PFCG, SU01/10, etc.
- Developed eCATT scripts for Mass user creation and maintenance to greatly reduce the duration of security deployment.
- Implemented access control on Security related tables (*AGR *, USR *) and sensitive authorization objects (S TABU DIS, S PROGRAM, etc.).
- Role building, Unit, Integration & User Acceptance testing, Production Support and developed on-going security policies and procedures.
- Created custom T Codes using SE93 to give limited access to required tables, created packages SE21, and executed projects using SPRO.
- Studied and Corrected the Role structures as a part of pre-upgrade process.
- Corrected the wrongly implemented Derived role concept to sync parent and child roles.
- Renamed the roles to follow a fixed naming convention.
- Upgraded the roles from SAP R/3 4.6C to ECC 5.0 using SU25.
- Analyzed and prepared reports on Segregation of Duties (SOD) issues.
- Extensively used SUIM and security related tables such as AGR TCODES, AGR USERS, AGR 1251, AGR 1250, AGR DEFINE etc to generate reports.
- Analyzed the existing BW security setup and proposed pre-upgrade steps
- Used Manual Migration (not RSEC MIGRATION) for upgrading BW 3.5 to BI 7.0.
- Identified root cause of the BI authorization issues using “Analysis” Tab under RSECADMIN Tcode.
- Identified all the roles with Queries and Infoproviders making use of RSRREPDIR, AGR HIER tables.
- Unit testing, UAT was performed on the upgraded roles using “Execute as” button under RSECADMIN.
- Monitoring, Auditing and troubleshooting on the user access related issues was performed using “Generation logs” and Execute as” button under RSECADMIN Tcode.
- Created Technical specs for SRM. SUS and ROS roles.
- Desinged the role to position mapping, segregating Transactions into roles with out SOD violation.
- Mapped the backend and Portal roles for SUS and SRM.
- Customized Business Package roles for SRM, ROS and SUS to meet the client requirements.
- Created roles to highlight only specific Tcodes on the portal screen, though having many other Tcodes.
- Created Separate roles for Shopping cart creation & approval, Web-payment approval, Catalog Management, Customer Assistance, Basis, Security, Workflow Admin, User Org Admin.
- Updated SU24 for Custom Transactions (Table & Program Specific) to pull in the correct Auth Groups.
- Segregated Authorization groups so that Admins and Super users get display/ update access to Tables.
- Created Mass Users using SECATT scripts on Dev/ Test/ Prd/ / Sand Box environments.
- Assigned users to Org Strucutre using USERS GEN, PPOMA BBP and BBPUSERMAINT.
- Maintained business partners to positions using BP Tcode.
- Maintained User Attributes in PPOSA BBP Tcode.
- Troubleshooted Access issues using ST01, ST05, ST22 and HR Org Structure assignment issues.
- Maintianed table T77S0 to turn OFF and ON the HR replication form HR system to SRM system.
- Fixed the portal issues, related to User Personal settings, BBPHELP link and Connection.
Confidential, Appleton, WI
SAP Security Administrator
Environment: SAP R/3 4.7EE, ECC 6.0, BW 3.5, GRC, HPUX, MSSQL, Windows NT, Oracle
Responsibilities:
- Created of super user ids and providing the required authorizations.
- Created the roles or changing the existing roles based on the requirement.
- Experienced with SAP GRC Compliance Calibrator for creating Function ID/ Risk ID, generating rules, evaluating SOD violations.
- Provided the Missing Authorizations after analyzing the SU53 dump.
- Running the System Trace (ST01) for authorization checks.
- Maintained the authorization checks in SU24 for the customized transaction codes.
- Provided day-to-day support to end-users.
- Transported the change requests to Test and Production Systems.
- Applied SNOTE and Support Packs.
- Created OSS user ids and opened the connections for SAP.
- Posted the OSS messages to SAP for critical problems.
- Provided the user information reports to the end markets using SUIM and tables.
- Set up SAP system for auto log-out, password length and expiration and specifying impermissible passwords.
- Monitored FAX from SAP through SCOT and RFC connections to external servers.
- Monitored external servers Right Fax Server and MQ Series Server.
- Performed security monitoring activities periodically.
- Provided the access to the BW reports to authorized users by creating/changing the roles.
- Secured the query access within the BEx Analyzer using authorization objects.
- Performed User Administration - Creating, Copying, modifying, locking, unlocking and deleting users.
- Created roles and assigned them to users and groups.
- Configured the portal for Single Sign On (SSO) using User Id, Password Mapping and SAP Logon ticket.
- Importing roles from R/3 Component system into Enterprise portal environment and assigning them to users.
Confidential
SAP Security Administrator
Environment: SAP R/3 4.6B, 4.7 EE, GRC, Windows NT, IBM AX, Oracle, MSSQL
Responsibilities:
- Involved in upgrade from 4.6B to 4.7 EE.
- Updated the authorization values from tables USOBX C and USOBT C using SU25 transaction steps.
- Worked as part of remediation team and assist in elimination of Segregation of Duties (SOD) conflicts inherent within the SAP security model.
- Created composite and single roles as per the requirement.
- Created derived roles from the master roles for different domains and added to the composite roles.
- Provided the missing authorizations after analyzing the SU53 dump and system trace (ST01).
- Assigned the roles to the users after analyzing the requirement and doing the user comparison (PFUD).
- Provided the HR authorizations with Structural Profiles.
- Created the positions for the structural authorizations and assigned them to the authorized users.
- Transported the change requests to Test and Production Systems.
- Provided the user information reports to the end markets.
- Helped the users in conducting the Quality Assurance Test for the access provided.
Confidential
SAP Basis Administrator
Environment: SAP R/3 4.6B, 4.6C, GRC, Windows NT, DB2, IBM AX, Oracle
Responsibilities:
- Created and deleted the users and did the role assignment to the users.
- Created and changed the roles as per the requirement.
- Providing the Missing Authorizations after analyzing the SU53 dump.
- Provided daily Basis support for their R/3 System.
- Daily system monitoring: system locks, system logs, update failures etc.
- Analyzed the ABAP dumps and the cancelled background jobs.
- Configuring the Transport Management System and transporting the transport requests.
- Worked with table space administration using SAPDBA.
- Performed Local Client copy.
- Monitored and scheduled background Jobs.
- Applied OSS Notes using SNOTE and Support Packs.
- Created OSS user ids and opened the connections for SAP.
- Posted the OSS messages to SAP for critical problems.
Confidential
Service Desk
Environment: SAP R/3 3.1, 4.6B, 4.6C, Windows NT, DB2, IBM AX, Oracle
Responsibilities:
- Created and deleted the users and did the role assignment to the users.
- Created and changed the roles as per the business requirement.
- Provided daily Basis support for their R/3 System at Level-I.
- Daily system monitoring.
- Analyzed the ABAP dumps and the cancelled background jobs.
- Configuring the Transport Management System and transporting the transport requests.
- Applied OSS notes and support packs.
- Monitored background Jobs.
