SAP Security Administrator

Summary:

• Overall 6+ years of experience in SAP Security and Authorizations with strong understanding of information security practices.
• Experienced in working for Full Life Cycle Implementation, Go-Live, Post Go-Live, and Production Support projects.
• Extensive experience in Requirement gathering, Design, Development, and Maintenance of SAP applications security.
• Interfaced extensively with clients to gain insight and develop solutions to meet customer business needs across the entire SAP landscape.
• Extensive User and Role maintenance experience.
• Broad experience in maintaining single, composite, and derived roles using Profile Generator (PFCG).
• Central User Administration (CUA) experience to create users, assign roles, and maintenance.
• Experience in designing and implementing SAP HR Security using position based Security.
• Hands on Experience on HR/HCM Security, Structural Profiles, Organization Structures PA, PD, Payroll, Time, Travel, E-Recruiting and ESS and MSS Modules.
• Very good knowledge of producing and analyzing reports in SAP using SUIM, and security related tables (AGR*, USR*, etc), and customized Query reports.
• Designed and Implemented Security in SAP Solution Manager
• Installation and configuration of OSS connectivity for remote support.
• Experience setting up users and security on Enterprise Portal and creating users/user groups through UME for SAP Netweaver.
• Experience in Netweaver Security, Configure and Maintain UME Datasources with LDAP Server.
• Experience in setting up Single Sign-On concept.
• Extensive experience with resolving ticket issues and troubleshooting security authorization problems while adhering to Service Level Agreements (SLA).
• SAP security Process Evaluation and Advisory experience.
• Ability to manage multiple tasks of production support and implementation projects.
• Experienced in adhering to the Change Management Process for transporting roles and tables, security objects and maintaining the change documents.
• Good understanding of ASAP Methodology.

SAP BI Security:

• Set up security by Info Area, Info-Cube, Info-Object, QUERY and WORKBOOKS.
• Configured roles and authorization objects to secure reporting users.
• Developed Custom Authorization Objects for queries developed by the users.
• Limiting the Query access within the BEX Analyzer.
• Implemented Info Object Security (field-level security) for Reporting Users and also created custom reporting authorization objects.
• Securing the data presented in Queries by Hierarchy node.
• Maintaining authorizations for Hierarchies.
• Creating Queries and restricting access through Variable filled Authorizations.
• Implemented Hierarchy & Tree structured Security for BW Queries in multiple.
• Tracing the SAP-provided objects and custom reporting authorization objects to debug an authorization.
• Tracing the users, SAP objects and custom reporting authorization objects to debug an authorization error, resolving the issue by giving required authorizations (RSRTRACE)
• Trained & knowledge transferred the security personnel for BW, BI Technology.
• Building security for Administrative users using SAP provided scripts, templates.
• Interacting with functional and technical consultants for problem diagnosis in BI.
• Worked with the t-code for creating custom authorization objects & S_RS_AUTH for assigning authorization objects for BW query end user roles.

Education:

• Post Graduate Diploma in Computer Applications, INDIA
• Bachelor of Commerce, Sri Venkateshwara University, INDIA

Technical Skills:

ERP : ECC 6.0/5.0, SAP R/3 Enterprise 4.7/4.6C/4.6B/3.1i, BI 3.5/7.0, CRM 6.0/7.0
Modules : FI, CO, HR/HCM, MM, SD, BW/BI, PP, MDE, Solman
Operating Systems : Windows 2000/NT
Databases : Oracle 9i/8i, SQL Server, MS Access
Security Audit Tools : SAP GRC (SAP Access Control 5.2, 5.3), VRAT, VFAT

Professional Experience:

Confidential,
IN April 11 - Till Date
SAP Security Consultant

MJN is a Manufacturing company located in Evansville, Indiana USA. They produce varieties of baby foods for Infants, Children and Adults. It was one of the first companies in the United States to focus scientific research on nutrition for Infants and Children. They have Production plants in Netherlands, North America, Latin America and Asia Pacific countries and Sales offices across World.

Responsibilities:

Provided support for ECC 6.0,HR, BI and CRM . Resolve Security Tickets entered into HP Quality Center within the approved SLAs.
Customizing the standard role like Full authorizations for all transaction types in the B2B Webshop,SAP_CRM_ECO_ISA_WU_B2B_FULL , SAP_CRM_ECO_ISA_WU_B2B_VIEW, SAP_CRM_ECO_ISA_WU_B2B_ORDER, Full authorizations for transaction type order in B2B Web shop.
Providing Authorizations for Admin in SVE application SAP_CRM_ECO_SVE_WU_ADMIN
Customizing Authorization assigned to reference users for self-registering users in B2C Web shop SAP_CRM_ECO_ISA_WU_B2C
Interacted closely with the Data Owners of various agencies to determine appropriate security roles to assign users.
Creating IViews, Worksets and Roles in SAP Portal 7.0 for BI & MSS Users.
Resolving both End users and power user’s authorization problems.
Created roles for Managers and administrators in Solman for Solution Monitoring.
Review logs in CUA using SCUL.
Implement and configure Super user Privilege Management formerly Firefighter.
Worked with Internal Control team for Role Remediation and User Remediation.
Worked in all risk control processes including IT general controls, testing plans, testing execution in an integration testing environment and control remediation.
Created analysis authorization RSECADMIN to implement field level security for financial report by company code and sales organization.
Designed Firefighter roles, business roles, Background roles and error handling roles (support services) for business area SD, PP, PM, MM and CRM. Maintaining, Creating, Modifying existing roles (Single, Composite and Derived) for project team.
Co-ordinate Functional Unit testing (FUT), Integration Testing (IT), for Roles and authorizations to ensure accuracy and segregation of duties.
Resolved security defects created by Tester in HPQC and periodically used HPQC progress report to monitor defects.
Provide structural authorization through PD profile in PO13.
Assign role in position with transaction PO13 and Run RHPROFL0, when required.
Expertise in SAP Security and Authorizations which includes User Management, User Administration, Monitoring, User Tracing (ST01)
Implemented access control on security related tables (AGR_,USR_ and Custom Tables) and sensitive authorization objects (S_TABU_DIS, S_PROGRAM, etc.).
Support Basis team for user master export and import, lock mass user during systems maintenance.

• Environment: ECC 6.0, BI 7.0, CRM 6.0, NetWeaver 7.0, Solman 7.0, GRC AC 5.3

Confidential,
PA Sept 09 - Jan 11
Sr. SAP Security Consultant

Heinz is a $ 10.7 Billion Global Company. Heinz is the most global U.S.-based food company, with a world-class portfolio of powerful brands holding number-one and number-two market positions in more than 50 Countries. Heinz employs approx 35,000 employees across the globe. One of there famous brand is Heinz Ketchup.

Responsibilities:

• Worked with profile generator (PFCG) in creating roles, profiles, composite roles, composite profiles, derived roles, and global roles.
• Setup ALE environment for Central User Administration (CUA).
• Maintaining Users in CUA System and Daily checking CUA logs through (SCUL).
• Used Central User Administration (CUA) to handle & distribute users & profiles.
• Creating new roles as well as deriving and extending existing roles.
• Created new roles for ECC 6 systems: FI, CO, HR, MM, PP, QM, and SD modules, based on concepts of task roles and position roles.
• Created new roles as per the new business processes, in accordance with SOX compliance.
• Responsible for complete lifecycle, from designing, unit testing, integration testing, user mapping, go-live and post production support.
• Provide daily SAP R/3, CRM, APO, BW, SCM, EBP and HR security production support such as ID requests, access requirements and troubleshooting problems. Defined and maintained authorizations and roles.
• Designed, developed, and maintained roles for HR / HCM (Organizational Management, Personnel Administration, Succession Planning, Compensation Management, and Performance Management), BI / BW, ESS, MSS, and Portal for Global SAP Implementation.
• Maintenance of HR organizational structure to administer and control user access, including time-delimited access.
• Involved in Implementing Structural Authorization and Extensively used the following T-Codes:
• OOPS - Turn on PD PA Switch.
• OOAC - Turn on Structural Authorizations Main Switches.
• PPOM_OLD - Creating Organizational Plan.
• PA40 - Creating Personnel Master Record.
• OOSP - Creating structural authorization profiles.
• Made the BI Security Roles as granular and optimum so that the Info Objects can be utilized as much as possible without creating too many Analysis Authorizations.
• Optimized the Roles and Analysis Authorization for maintenance purposes.
• Used the roles as the medium to assign the analysis authorization objects rather than direct assignment.
• Created roles using PFCG and Analysis Auth using RSECADMIN.
• Used SAP best practices like setting the following InfoObjects as “authorization-relevant” and using them in Analysis Authorizations 0TCAACTVT, 0TCAIPROV, 0TCAVALID.
• Resolved BI Authorization issues using RSECADMIN logs and worked with BI developers to modify the reports as per the business requirements and including the authorization variables in the reports.
• Researched and applied OSS Notes (SNOTE) to resolve hierarchy node security, and RSECAUTH / RSECADMIN performance issues.
• Maintained authorization fields (SU20) for the authorization object R_PM_NAME (Planning Folder) in BI.
• Troubleshoot and supported BW and BPS security roles and analysis authorizations.
• Designing Security for SRM 5.0 and integrating with SAP Portal 7.0.
• Configure UME (User Management Engine) Data sources in Netweaver Systems.
• Creating iViews, Worksets and Roles in SAP Portal 7.0 for SRM Users.
• Maintaining the Users and Authorizations in SAP XI systems.
• Maintain Users and authorizations in CRM system.
• Experience in running program CRMD_UI_ROLE_PREPARE and created a text file and then imported into an empty PFCG security role.
• Created roles for Managers and administrators in Solman for Solution Monitoring.
• Creating and Maintaining OSS Users, Developer Keys and SAP Router connections to the Systems.
• Traced user authorization errors (ST01, SU53, SM19, SM20 and RSECADMIN).
• Maintained Assignment of Authorization Objects (SU24).
• Created custom Authorization Classes and Authorization Objects (SU21).
• Maintained program authorization groups (Report RSCSAUTH) and table authorization groups (SE54) to protect access to programs and tables.
• Locked and ensured that the standard SAP Super Users (SAP*, DDIC, SAPCPIC) were set-up as system or background users with passwords changed (monitoring using report RSUSR003) in all SAP systems.
• Creating Mass roles and Users using SECATT and LSMW scripts

Environment: ECC 6.0, SAP R/3 Enterprise 4.7/4.6C/4.6B/3.1i, BI 3.5/7.0, CRM
2007/5.0/4.0, APO 3.10, SCM 4.0, SRM 5.0 (EBP), EP 6.0, NW 2004s, Solman 4.0

Confidential,
PA Jan 09 – Aug 09
SAP Security Consultant
Versatile, multi-national chemicals manufacturing company, active in the paint, adhesives and cleaning products industries, construction and building.

Responsibilities:

• Coordinating and interacting with key business users, project stakeholders, technical team and functional consultants for gathering functional requirements and design of Security Architecture, naming conventions and processes in compliance with the Sarbanes-Oxley(SOX) 404 act and analyzed all business roles and mapped them to transaction code according to business process requirements.
• Designed, Developed and maintained Single roles, Composite roles, Master and Derived roles and Secured roles by Organizational levels such as Company Code, Plant, Cost Center, Profit center, Purchasing Organization etc. for different SAP Modules –SD, MM, WM, PP, HR/HCM, FICO, APO, BI7.0, Business Object (BOBJ), MDM, XI/PI, Solution Manager(Sol Man) and Enterprise Portal7.0 for SAP Implementation
• Developed/created and assigned analysis authorization by Characteristics(Unit/Time/Technical), Characteristics values, Attributes, Hierarchies, Key Figure, Infoarea level, Infoobject level, Infocube, ODS, PSA, Query, Info providers and Workbook for SAP BI Reporting users, BI users, SAP BI Administrators, and Query users.
• Used transaction RSECADMIN for creating custom authorization objects and S_RS_AUTH for assigning authorization objects for BI query end user roles.
• Worked on BEx analyzer using transaction RRMX and restricting the users to see the queries using S_RS_COMP and S_RS_COMP1.
• Used Enterprise Portal7.0 User Management Engine(UME) for Creating Portal Users/User Groups, Assign roles/user group to the users, Lock/Unlock Users, User Mapping.
• Used Central User Administration (CUA) to handle User Administration/maintenance activities : setting up userIDs, assigning roles, resetting password, locking/unlocking users (SU01, SU10,SCUA,SCUL,SCUM)
• Setting up testing environment for Unit Testing, Integration Testing, UAT and managed security authorizations test defects using HP Quality Center(HPQC).
• Troubleshoot user roles, tracing the users, security authorization objects and custom reporting authorization objects to debug/troubleshoot an authorization error, resolving the issue by giving required authorizations (SUIM, SU53,ST01, RSECADMIN,RRMX) in different modules
• Responsible for communication, coordination, and teamwork within the team and end users.

Environment: ECC6.0, HR/HCM, ESS/MSS, MM, SD, FICO, PP, WM, BI7.0, SRM7.0/Enterprise Buyer/EBP, XI/PI, MDM, Enterprise Portal7.0

Confidential,
PA Apr 05 – Nov 08
SAP Security Consultant

Bayer Material Science is one of the world’s largest polymer companies. Business activities are focused on the manufacture of high-tech polymer materials and the development of innovative solutions for products used in many areas of daily life. The main segments served are the automotive, electrical and electronics, construction and the sports and leisure industries. Bayer Material Science had 30 production sites and employed approximately 14,400 people around the globe. Bayer Material Science is a Bayer Group company.

Responsibilities:

• Involved in revamping of security spec design, development & testing protocol design.
• Worked on Users & Security, including T-Codes like: SU01, PFCG, PFUD, SCAT, SCEM, ST01, SUIM, SUPC, SU24, SU53, and SU56.
• Developed authorization profiles for FI, CO, SD, MM in Development, Test and Production environments.
• Transported Profiles to Test environment and carried out Level-Zero testing.
• Administered Users, Authorization Data and Authorization Profiles.
• Trouble-shoot authorization problems using Repository Information System and tracing authorizations using SU53, SU24 and ST01.
• Created and Maintained Users.
• Carried performance tuning in HR Structural Profiles.
• Providing support for work book access hierarchies and node level access, Comprehensive knowledge exchange and documentation of security including Profile Generator, Day to day technical support and resolution of security issues.
• Maintenance of HR-Organizational structures, assignments (positions, roles).
• Modification of the User access based on the requirements based on SU53 transaction snapshot after seeking the Managers approval.
• Creation and Maintenance of activity groups and custom authorization objects.
• Creating BW roles and restricting them in Queries, Infocube, Infoarea levels.
• Worked with different objects related to BW/SEM administrator workbench (S_RS_ADMWB, S_RS_IOBJ, and S_RS_ISOUR).
• Secured Info Area, Info Cube, Info Object, ODS, PSA, Query and Work Books by maintaining hierarchy authorizations.
• Secured Reporting users by configuring roles and authorization objects.
• Activated the new info objects 0TCA* and 0TCT* and made them authorization relevant.
• Added 0TCAIFAREA as external hierarchy characteristics to 0INFOPROV.
• Identified all the org level info objects and confirmed they are Authorization relevant.
• In BI security created roles and analysis authorization based on the Info Cube and Info Area level.
• Used VIRSA tool to detect conflicts on Segregation of Duties as part of the SOX compliance.

Environment: SAP R/3 4.6C and BW 3.5

Confidential,
Hyderabad Mar 04 – Feb 05
SAP Security Consultant

Grasim Industries Limited, a flagship company of the Aditya Birla Group, ranks among India\'s largest private sector companies. Grasim ventured into cement production in the mid 1980s, setting up its first cement plant at Jawad in Madhya Pradesh and since then it has grown to become a leading cement player in India. Grasim’s cement operations through its subsidiary UltraTech span the length and breadth of India, with 11 composite plants, 11split grinding units, five bulk terminals and 74 ready-mix concrete plants.

Responsibilities:

• Creating and Assigning Roles (Activity Groups)/Profiles to Users using PFCG.
• Creation, Maintenance and transport of Activity groups.
• Fixing end user Roles/Profiles based on Change Requests created for breaks/fixes.
• User Administration and Password Management (Expiry of users and Profiles).
• Analyze Root Cause of Authorization Problems and fix the missing authorizations.
• Setup profile generator to create authorization profiles. Created users and assigned appropriate authorizations / profiles to them.
• Created Roles (Activity groups) by using Profile Generator and assigned them to users and Organizational units.
• Transported activity groups to target systems and generated. Verified the profiles assignment to users.

Environment: SAP R/3 4.6B