r/3 security roles and responsibilities:

CENTRAL USER ADMINISTRATION:

Extensively used Central User Administration (CUA) for distribution and manageme
nt of users and roles in a SAP population of 10,000+ users.
Configuring CUA, Enabling and Disabling CUA for a child system and creation of n
ew users, deletion, lock/unlock, assignment of roles & analysis of logs by using
SCUL.

SU01:
Created users and maintained user master and established Security policies and p
rocedures.
Ability to effectively interact with diverse end user community.
Distribution of Initial passwords or password resets from respective system.
Maintaining password policy.
Familiar with different types of User types.
Creating system, communication, service and reference users.
Assigning reference user to users.
Perform user administration (creating, changing, maintaining, deleting user acco
unts and assigning roles,provisioning roles ???)

SU10 and MASS USER:

Experienced extensively in User Information System.
Experience in writing Catt scripts & Ecatt scripts.
Used CATT script for mass generation of roles and user assignments.
Mass users lock/unlock, mass user termination, validity extension, mass role ass
ignment and user group change.
Mass user administration and mass locking using SU10, Mass user comparison using
PFUD.
Used SU10 mass change transaction to assign user to user groups and change other
parameters
Massively maintenance of Users; like creation and assigning Roles to Mass users.
Familiar with LSMW Scripting for creating mass users and password reset for mass
users.
User Master Record maintenance and mass user administration through SU10, LSMW &
ECATT.
Manage user administration utilizing SU01 and SU10 (mass changes) in creating, c
opying, deleting, locking, unlocking users and provisioning roles.

ROLES:
Configured Profile Generator and transported settings to all clients, setup Secu
rity for the developers.
Created, generated profiles, Authorizations, object classes, objects, and roles
and assigned to user master.
Established Security testing procedures and tools for roles, authorization objec
ts etc.
Manually modifying profiles and roles to remove the SOD conflicts present in the
roles.
Perform UNIT testing on created roles.
Performed transports and mass transports of roles
Familiar with Text Compare and User compare of roles.
Assigning Roles to Users and Performing User Comparison as business requirement.
Maintaining organizational values as and when required while creating / modifyin
g single or global roles
Check access to Critical and Sensitive roles and Users.
Modifying the roles as per the SOD matrix.
Analyzed all user, who accesses to SAP R/3 are properly authorized and approved
Suggesting appropriate roles based upon the SU53 screen shot for solving missing
authorizations in production system as per the Business process.
Created various support roles like Developer maintain, Developer display, Basis
maintain, basis display, Functional maintain and functional display.
Secured roles by Company Code, Plant, Cost Center, Profit Center, and Purchasing
Organization etc.
Creation and maintenance of activity groups using Role Maintenance.
Adapting Predefined Activity groups and authorization profiles
Build definitions of end-users and mapping of appropriate profiles
Re-designed all SAP roles and implemented a common security policy for all SAP l
andscapes.
Make sure that security authorization procedures are adhered to and users do not
receive authorizations that are outside of company guidelines.
Develop or upgrade roles based on projects or support tickets in Remedy. Activat
e
roles and authorizations in Production.
Involved in creating new Roles &Profiles as well as changing the existing Roles,
Adding the roles, profiles to the user upon request
Worked on maintaining template roles, derived roles, single roles and composite
roles using profile generator in SAP R/3 System for various modules such as HR,
MM, FI and SD etc

MISSING AUTHORIZATIONS and Authorizations:

Effectively analyzed trace files and tracked missed authorizations for user acce
ss problems and inserted missing authorizations manually.
Monitored access to key authorization objects to debug access.
Performed Troubleshooting on authorizations related problems using SU53,ST01,RSS
M.
Followed key Security standards such as maintaining check indicators for authori
zation objects and Transaction Codes, Putting proper controls in Place for secur
ing programs and tables.
Monitored access to key authorization objects to debug access.

Effectively analyzed trace files and tracked missing authorizations for users ac
cess problems and inserted missing authorizations.
Tracing missed files and authorizations for users access problems and inserted m
issing authorizations manually.
SU24 changes to Authorization Objects, Creating Authorization Groups, Analysis o
f Critical Authorization Tables, Analyzing Missing Authorizations, security supp
ort during Go-Live activities, Adding Auth Objects Manually, User Master Reconci
liation, Transporting Auth Objects etc.
Created Authorization groups using Generate table view and assigned them in a Ro
le using S_TABU_DIS also update the auth group in Auth. Obj. Check under Transac
tions.
Worked on critical authorization Objects like S_TABU_DIS, S_DEVELOP, S_RZL_ADM,
S_ADMI_FCD and S_TRANSPRT.
Protect SAP functions with authorization object S_TCODE..
Handled, Analyzing and solving the missing authorizations and day-to-day securit
y issues that Being raised by users.
Effectively analyzed trace files and tracked missing authorization for users by
communicating with users.
Access problems and inserted missing authorizations manually.Restrict table acce
ss through authorization groups.
Restrict table access through authorization groups.
Creating and Assign authorization groups to tables.
Maintaining customizing Authorization objects & Fields

GENERAL:
Did configuration settings and maintained various parameters required as per the
organization standards by keeping the SAP best practices.
Accustomed to providing support for a 24X7 environment.
Address daily issues and accounts through the Support central tool.
Daily activities like User registration for password self service, user unlockin
g, password resetting.
Day to day technical support and resolution of Security issues.
Configured, built and maintained SAP application Security.
Knowledge transfer to team members provided ongoing Security related support for
all Security milestones during different phases.
Supported Unit and integration testing, go live and post go live.
Experienced in 3 full cycle Security implementation for modules such as FI/CO, M
M,SD, PP,HR, PS,QM,CRM,GTS and PM.
Worked on security tickets and satisfied the client by reducing the ticket volum
e to a manageable number.
Responsible for attending the complaint calls, trouble shooting and daily proble
m solving.
Responsible for managing all aspects of the Design, Development and Implementati
on of security solutions for medium to highly complex projects.
Working with the Business Process Owners to restrict sensitive transactions and
security authorizations and ensured segregation of duties across business areas.
Involved in implementation of core template, rolling out and support the solutio
n, where creating a new authorization roles/profiles and defining the roles with
out SOD Conflicts.
Ability to lead complex design decisions and to present & defend design decision
s across functional areas.
Deep knowledge of SAP Authorization Concepts & ability to analyze security acces

s requests.
Experience with common SAP security transactions and tables.
Setup Role Design meetings with Business and functional teams to gather requirem
ents for SAP ECC 6.0 Implementations.
Resolving tickets on authorization issues, logon failures, Password reset.
Created SAP service IDs, System and communication IDs and OSS logon IDs.
Extensive experience with resolving ticket issues and troubleshooting security a
uthorization problems while adhering to Service Level Agreements (SLA).
Ability to manage multiple tasks of production support and implementation projec
ts.
Experienced in adhering to the Change Management Process for transporting roles
and tables, security objects and maintaining the change documents.
Good understanding of ASAP Methodology.
Worked with the Business Process Owners to restrict sensitive transactions and s
ecurity authorizations, and ensured segregation of duties across business area
s.
Perform unit testing, positive and negative testing on user accounts to ensure t
he appropriate access levels on created roles.
Analyze user related information including roles and profiles, by utilizing tran
saction User Information System.
Designed and documented security administration policies and procedure for produ
ction environment. Changing roles as per business request.
Restriction of regular and temporary user accounts
Ticket handling-related to various issues ranging from user expiration to missin
g authorizations.
Maintain password restrictions
Experienced in working for Full Life Cycle Implementation, Go-Live, Post Go-Live
, and Production Support projects.
Extensive experience in Requirement gathering, Design, Development, and Maintena
nce of SAP applications security.
Interfaced extensively with clients to gain insight and develop solutions to mee
t customer business needs across the entire SAP landscape.
Involved with technical team in setting up SAP system for auto log-out, password
length and expiration and specifying impermissible passwords.
Maintained the list of illegal passwords.
Performed reconciliation of user master record and roles using PFUD.

TABLES and REPORTS:

Continuously improved Security configuration to reflect best practice and to pre
pare for system audits.
Supported Internal and External Security audits in the production System every Y
ear
Supported Internal and External Security audits in the production System every m
onth.
Generate security reports for the department managers and to the management for
Sarbanes Oxley Auditing(SOX).
Supported Internal and External Security audits in the production System every Y
ear.
Strong knowledge of Security related tables and reports/programs.
Extensively used Tables like USR02, USER_ADDR, AGR_DEFINE, AGR_USERS, and AGR_12
52.
Acted as Liaise with Audit department to establish and review critical and sensi
tive authorizations, implemented improvements to meet audit requirements. Using

SM18, SM19, SECR.

Experience in Internal/External Audit Issues.
Audit Tools SM19 and SM20.
Creating authorization groups and maintaining tables in auth group.
Performing Audit activities, weekend activities, Month end activities and year e
nd activities.
Very good knowledge of producing and analyzing reports in SAP using SUIM, and se
curity related tables (AGR*, USR*, etc)
Analyzing Evaluate authorization check reports
Switching on audit and going through the audit reports
Extensively Used User Information System to generate various reports for audit m
onitoring
Worked with User Information System reports for weekly consolidation.
Very good knowledge of producing and analysing reports in SAP using SUIM, and se
curity related tables (AGR*, USR*, etc.), and customized Query reports.
Utilize SE16 and SUIM to retrieve various data
Analyzing SU53 reports
Switching on audit and going through the audit reports.
Periodically executed reports (RSUSR*) to detect security risks.
Maintained/Updated custom USOBT and USOBX table as per business requirements by
activating and deactivating authorization checks.
Worked on generating reports using SUIM and security tables.
Worked with table authorizations to control access to tables and created customta
ble authorization groupsand assigned to tables using transactionSE54

AUTHORIZATION CHECKS(SU24):
Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Au
thorization checks using transaction SU24 and maintained check indicators for Tr
ansaction codes.
Using system trace to record authorization checks in different sessions using Sy
stem Trace.
Locking and unlocking users and analyzing Evaluate authorization Check reports.
Worked on SU24 to maintain Check Indicators for the Transaction Codes.
Utilize Auth. Obj. Check Under Transactions to enable / disable security checks.

ROLE TRANSPORTS:
Transported the generated roles and profiles using SAP transport management syst
em.
Mass transport of roles.
Importing roles to Quality systems and creating test ids in QAS systems.
Responsible for working with business teams to test new and existing functionali
ty and migrating roles from dev to QA and production.

Generate transports for security to move profiles and roles to the proper client
s.
Performing User Export/Import.
Importing the new roles into the system.

UPGRATIONS:
Performed Security upgrade from 4.7C to ECC 5.0.
Supported on BW 3.5 to BI7.0 upgrade.
Performed Security upgrade from 4.7C to ECC 6.0.
Supported on BW 3.5 to BI7.0 upgrade.
Performed Security upgrade from 4.7C to ECC 6.0.
Experience in Security Upgrade including upgrade to ECC 6.0 , BI 7.0.

MISLENIOUS:
Leading the team and Managing team activities like allocation of work, coordinat
e the offshore team and ensure timely completion of tasks, associating with ABAP
and Functional members for solving issues.
Support Security Activities during QA& PRD Refreshes.
Supported Unit and integration testing.
Worked on Change Management Tool Revtrac.
Monitored queues on Ticketing tools irequest, Solman , Remedy , USD.
Working as a Global COE Security offshore lead for Roll outs to different plants
of Textron Business units
Created Transaction codes for the programs and ran the transactions.
Checking Locked Transactions, Validate access of IT and Non-IT users.
Tcodes lock by using SM01.
Mapping Tcode with Reports and Programs.
Created User Groups for easy administration and groups.
Restricting sensitive transaction codes and lock down sensitive transaction code
s
Worked with business process owners and functional head to design roles VS trans
actions matrix.
Performed unit testing and integration testing.
Security Validations for New Releases, assigning User Groups,
Used Access Now to facilitate business, basis, functional and development stream
requests for go-live access
Worked with Change Management group to design Role Mapping and exception map use
rs.
Worked with ITSM to manage helpdesk and production support tickets.
Maintenance of User Master(???) & Support End Users with Security issues.
Provided hyper care post implementation support for all SAP ECC 6.0 rollouts.
Worked with developers to setup security for Data Browser to give display only a
ccess to Data Browser.
Maintained User Master Records including Address information, user groups, valid
ity periods etc.
Utilize Data browser and User information system to retrieve various data.

TRACE & SUIM :

Extensively worked on user information system (SUIM).
Good Experience in trouble shooting authorization issues using ST01 & SU53 and S
UIM
Performing the User Trace by ST01.
Extensively used SUIM transaction code for security analysis.
Authorization trace for finding out authorization objects Control User access an
d to secure SAP R/3 Systems.

USER MASTER RECONCILATION and USER Groups:

Performed User Master Reconciliation.
Performed reconciliation of user master record and roles using User Master Data
Reconciliation.
Creating new user groups with Tcodes SUGR.
Maintaining user master records and terminating the users.
Massively user master data reconciliation by running pfcg_time_dependency job in
back ground.
User master data reconciliation by using PFUD as per requirement.

.
.
.