Neeraj Uppal SAP Security Consultant Cell: 503-333-4373 Email: uppal.sap@gmail.com SAP SUMMARY: Over 7 yrs of SAP Security experience on various SAP modules such as FI/ CO, MM, POSDM, MAP, BW/BI, BPC, BOBJ, PP, P&D, SD, HR, GRC Experience in full life cycle Implementation using ASAP Methodology in various versions of R/3 including 4.5B, 4.6C, R/3 4.7, ECC 5.0 and ECC 6.0 Extensive experience with Automatic Profile Generator (PFCG), User Administration, Central User Administration (CUA), Authorization object maintenance, Problem analysis and troubleshooting, SAP GUI & CATT and ECATT Scripts, transporting roles, HR Security, Auditing, Segregation of Duties (SOD) and Sarbanes-Oxley Compliance etc. Experience in performing SAP Security upgrades from 4.7 to ECC 6.0 and BW 3.5 to BI 7.0 Experienced in leading SAP security teams in audit efforts by helping in defining the audit rules and automating the reports by defining the programs specifications Experience in setup of BI security for user roles (query users, administrative users and power users) Experienced in leading and guiding the security teams in unit testing of the roles using the business process procedure (BPPs) Experienced in Strategizing and implementation of SAP Security model, processes and procedures, defining various Role Matrices and designing templates. Experience with helpdesk, resolving ticket issues and troubleshooting support problems using Remedy, Peregrine and Lotus Notes. Experience on Audit projects and working as a liaison between the security team and auditors. Administration in assigning the Automatic Profile Generator and Authorization object maintenance. Experienced extensively in creating and modifying Single Roles, Composite roles and Derived roles Strategizing and Implementation experience in Central User Administration (CUA) in both single and multi system landscapes. Experience in implementing Line Authorizations and troubleshooting of authorizations. Strong experience in implementing and working with HR Security including Structural Authorizations and Position Based Security (PBS). Experience with using Audit Information Systems (AIS) logs (SM19, SM20 and SM18). Experience in implementing security in BW including infoobject level security and BI 7.0 Solving ticket issues in Security related tables and reports/programs. Problem fixing in assign of Authorization Groups, User Groups and User Administration. Documentation in various security processes, procedures, auditing; knowledge transfer and an active team player. Technical skills SAP : Front End : Data Warehouse : Language : Database : Operating System : SAP R/3 4.6B, 4.6C, 4.7, ECC 5.0, ECC 6.0, MM, FI/CO, HR, SD, PP SAP Enterprise Portals 7.0 SP2/SP4, Sabrix SAP BW 3.5 and BI 7.0 ABAP/4, Java 2.0, Unix Oracle 11g, MS Suite Windows NT, Windows 2000, UNIX Completed Bachelor’s of Science from India. Neeraj Uppal SAP Security Consultant Cell: 503-333-4373 Email: uppal.sap@gmail.com Project Details Client Role Version Industry : Dawn Foods, MI (Oct 2011 – Present) : SAP Security Lead (Implementation) : ECC 6.0, BI 7.0, BPC, HCM, Sol Man : Manufacturing ECC 6.0 Involved in gathering end user requirements and implement SAP R/3 security authorizations. Building SAP roles and define jobs by coordinating with functional project team members. Work with business owners to define the authorizations needed for users. Set-up SAP authorization profiles and roles that represent the different end users job definitions. Use SU02 to examine authorizations in existing roles to identify improper authorizations and correct them. Created CATT scripts for creating mass users, deleting mass users, assigning roles to users, locking and unlocking mass users in a CUA system. Worked on critical authorization Objects like S_TABU_DIS, S_DEVELOP, S_RZL_ADM, S_ADMI_FCD and S_TRANSPRT. Worked on SU24 to maintain Check Indicators for the Transaction Codes. Extensively used tables like AGR_USERS, AGR_TCODES, AGR_1251, AGR_DEFINE etc. Resolved daily SAP Security issues. Maintain various role matrices for roles, authorization objects to keep track of the modifications made the roles. Maintenance of User Master Record & Support End Users with Security issues. Restrict open authorizations to sensitive Transaction codes. Perform UNIT testing on created roles. Effectively analyzed trace files and tracked missed authorizations for user’s access problems and inserted missing authorizations manually. Used SU24 to maintain Check Indicator Defaults and Field values, reduced the scope of Authorization checks. Extensively used SU53 and ST01 for analyzing the authorization errors BI 7.0 / BPC Built Analysis Authorizations using the transaction RSECADMIN. Build and tested BPC roles and provide Security appropriate authorizations to the team. Setup security at the Info objects level (field-level security). Created Custom Reporting Authorization Objects using transaction RSSM. Linked the Custom Authorization Object to the Info provider Created roles restricting access to Info cubes, ODS objects, specific queries and workbooks. Assigned the Analysis Authorizations to the role using the object S_RS_AUTH. Troubleshoot authorizations related problems using RSECADMIN Made the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID “authorization-relevant” in the info object maintenance tool RSD1. Troubleshoot analysis authorizations related problems using RSECADMIN. Build security and successful testing of various objects related to Dashboard. HCM: Worked with Dynamic actions and info type’s tables. Worked on Authorization Objects P_ORGIN, P_ABAP, P_PERNR, P_ORGXX etc. Assigned structural profiles to users using the program RHPROFL0 Maintained authorization profiles using OOSP. Experience on NWBC and fixing Security related issues. Setup and maintained Organizational Structure including Organizational Units, Jobs, Positions, Cost Center assignments etc. Assigned tasks to positions and integrated all these into the enterprise organizational plan. Assigned the various organization units and positions to cost centers. Neeraj Uppal SAP Security Consultant Cell: 503-333-4373 Email: uppal.sap@gmail.com Central User Administration Implemented Central User Administration (CUA) within R/3 and BW system landscape Performed user administration activities in the CUA System landscape Troubleshoot CUA related issues Delinked/Linked child clients from CUA setup during client refreshes using the program RSDELCUA Client Role Version : P&G, OH (March11 – Sep 11) : SAP Security Analyst (Implementation) : ECC, BI 7.0, BOBJ, Portals ECC 6.0: Worked on SU10 to perform mass operations. Analyze and troubleshoot security issues using SU53 , ST01 and SUIM Worked closely with Audit team for SAP Security Audit and generated Audit Information Systems (AIS) logs (SM19,SM20 and SM18) Managed and maintained USOBT_C and USOBX_C tables by using SU24 /SU25 Create and maintained custom transactions by using SE93. Performed user administration activities such as creating, deleting, renaming, locking and unlocking users, and resetting passwords, maintaining logon data and assigning roles to the users. Created User Groups by using transaction code SUGR. Fix the bugs related to roles and authorizations in order to build security in R/3 Experience in Transport Authorization and provided production support for roles. Managing Standard and Custom Authorization Object. Transport Roles using the change request method and also the Download/Upload method for transporting the roles to systems not in the transport landscape. Transported the generated roles and profiles using SCC1 and SE09/SE10. BI 7.0 / BOBJ Created Analysis Authorizations to compensate for deactivated objects such as S_RS_ICUBE, S_RS_ODSO etc. Built Analysis Authorizations using the transaction RSECADMIN. Assigned the Analysis Authorizations to the role using the object S_RS_AUTH. Troubleshoot authorizations related problems using RSECADMIN Made the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID “authorization-relevant” in the info object maintenance tool RSD1. Created and loaded profiles as per the requirement from the Cube DSO’s Involved in BAT, UAT and GO-LIVE activities. Worked with the Business Objects team to create authorizations for the financial reporting. Involved in testing crystal reports, live office connections/bindings and X-Celsius reports for the dashboard. Worked closely with the business teams to fix authorization on Business Objects, Advanced Analysis and Dashboard. Build and maintained BW hierarchies as per requirement for various dimensions. Build security and successful testing of various objects related to Dashboard. PORTALS Working on creating and transporting roles. Created transport packages to move roles from development portals to other systems in the landscape Performed user administration activities such as creating user ids, copying user ids, assigning roles, assigning groups etc. Created groups and assigned roles to groups. Neeraj Uppal SAP Security Consultant Cell: 503-333-4373 Email: uppal.sap@gmail.com Client Role Version Industry : Nike, OR (Feb 2010 – Feb2011) : SAP Security Analyst (Implementation) : ECC 6.0, BI 7.0, GRC, Sol Man, MAP, POSDM : IS-Retail Roles and Responsibilities: Provided SOD and Role matrices templates to the Business owners. Interacted with the Role owners and the team lead for maintaining the correct restrictions on the Transaction codes and the activities within the Transaction codes. Worked closely with ECC Developers on LSMW for Data migration. Extensively used Automatic Profile Generator (PFCG) to create and maintain Parent and Child/Derived roles and to Upload and Download of roles. Transporting the change requests from the Development environment to Testing/QA environments. Created custom transaction Codes for restricting access to custom tables, views and programs. Created transaction variants for SE16 and SM30. Created Authorization groups and assigned Tables and Programs to the groups. Implemented Line Authorizations to restrict records and transaction codes using the critical Authorization Object S_TABU_LIN. Worked on critical authorization Objects like S_TABU_DIS, S_DEVELOP, S_RZL_ADM, S_ADMI_FCD and S_TRANSPRT. Performed reconciliation of user master record and roles using PFUD. GRC 5.3: Working extensively on Compliance user provisioning (CUP) for access issues. Reviewed, Analyzed and manually removed the roles from the backend system using Access Control. Helped the users by role administration and guiding them on CUP usage. Worked with SAP Development on SAP GRC products for version 5.3 Extensive experience of role maintenance using Risk Analysis at object level. Have done risk simulation for impacting Composite roles with assigned users. Extensively used the GRC suite of products (Compliance Calibrator, Firefighter, Role Expert and Access Enforcer. BI 7.0 Created Analysis Authorizations to compensate for deactivated objects such as S_RS_ICUBE, S_RS_ODSO etc. Built Analysis Authorizations using the transaction RSECADMIN. Assigned the Analysis Authorizations to the role using the object S_RS_AUTH. Troubleshoot authorizations related problems using RSECADMIN Made the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID “authorization-relevant” in the info object maintenance tool RSD1. Setup security at the Info objects level (field-level security). Created Custom Reporting Authorization Objects using transaction RSSM. Created roles restricting access to Info cubes, ODS objects, specific queries and workbooks. Troubleshoot authorizations related problems using RSSMTRACE and ST01 Worked closely with MAP team for Query Creation, Planning and Assortment issues. . SOLUTION MANAGER Created roles based on the requirements provided by the Solution Manager team. Developed Solution Manager roles by customizing the role templates provided by SAP Worked closely with Functional Team to fix issues related to Tech Specs and Func Specs. Developed roles for different functions performed in the Solution Manager like Implementation and Distribution, configuring the service desk, Change Request Management, Solution Monitoring and Job Schedule Management Resolved issues using SU53, ST01 and Debug mode. Neeraj Uppal SAP Security Consultant Cell: 503-333-4373 Email: uppal.sap@gmail.com Client Role Version Industry : Astra Zeneca, DE (Aug’09 – Jan’10) : SAP Security Analyst (Production Support) : ECC 6.0, BI 7.0, PI/XI : Pharmaceuticals Worked extensively on Automatic Profile Generator (PFCG) for creating single, derived roles for modules such as SCM, PP, MM, SD, and FI/CO. Extensive interaction with Business Organization Managers to understand User and Role Mitigations and Critical Transactions. Designed various forms and templates for new user requests, roles, modifications, change management process etc. Transported Roles Using SE10 and STMS. Worked on SU24 to maintain Check Indicators for the Transaction Codes. Created and maintained Authorization Groups for Tables and Reports and assigned them accordingly. Analyze and troubleshoot security issues using SU53 , ST01 and SUIM Supported other teams by providing requested information. Check Roles for Missing Objects, Maintained the display changed transaction codes using SU25. Supported the Testing Team according to request. Setting up SAP system for auto log-out, password length and expiration and specifying impermissible passwords. Maintained Authorization objects using the transaction SU24. Transported the generated roles and profiles using SAP transport management system. Worked with security related tables such as AGR_TCODES, AGR_USERS and AGR_DEFINE etc. Worked with table authorizations to control access to tables and created custom table authorization groups and assigned to tables using transaction SE54. Review and correction of sensitive authorizations such as S_TABU_DIS, S_ADMI_FCD, S_DEVELOP etc. AUDIT Reviewed the Organization structure, jobs, roles and the SOD matrix for the Security developed in SAP and handled SOD conflicts for Sarbanes Oxley Compliance. Supported audit team for generating audit reports as per the audit rules provided by the auditors Worked with process experts for SOD conflicts and assigned appropriate roles to the users Setting up SAP system for auto log-out, password length and expiration and specifying impermissible passwords. Worked closely with Audit team for SAP Security Audit and generated Audit Information System logs. Working closely with Audit team for user-role conflict removal in R/3 and BI. Perform regular system audits to detect deviations of established procedures, role mapping, unauthorized system activity and report findings to management Supported Internal and External security audits in the production system· Created Security reports as Key Controls for SOX including critical transactions/objects and user administration. BI 7.0: Manually adjusted the BW roles to conform to BI 7.0 security. Setup BI security for user roles (query users, administrative users and power users) Built Analysis Authorizations using the transaction RSECADMIN. Assigned the Analysis Authorizations to the role using the object S_RS_AUTH. Created Custom Reporting Authorization Objects using transaction RSSM. Linked the Custom Authorization Object to the Info provider Created roles restricting access to Info cubes, ODS objects, specific queries and workbooks. Built authorizations to grant access to data on various levels of detail Setup security at the Info object level (field-level security) and key figure level. Neeraj Uppal SAP Security Consultant Cell: 503-333-4373 Email: uppal.sap@gmail.com Client Role Version Industry : SPX, WI (Aug 2007 to June 2009) : SAP Security Administrator (Implementation/Upgrade) : ECC 6.0, BI 7.0, GRC : Manufacturing Roles and Responsibilities: Provided SOD and Role matrices templates to the Business owners. Interacted with the Role owners and the team lead for maintaining the correct restrictions on the Transaction codes and the activities within the Transaction codes. Maintained User Master Records including Address information, user groups, validity periods etc. Created ECATT scripts for creating mass users, deleting mass users, assigning roles to users, locking and unlocking mass users etc. in a CUA system, also used SU10 for other mass user related tasks. Analyzed and understand existing SAP security environment and design, business requirements to upgrade from SAP R/3 4.7 to ECC 6.0. Extensively used Automatic Profile Generator (PFCG) to create and maintain Parent and Child/Derived roles and to Upload and Download of roles. Transporting the change requests from the Development environment to Testing/QA environments. Created custom transaction Codes for restricting access to custom tables, views and programs. Created transaction variants for SE16 and SM30. Created Authorization groups and assigned Tables and Programs to the groups. Implemented Line Authorizations to restrict records and transaction codes using the critical Authorization Object S_TABU_LIN. Worked on critical authorization Objects like S_TABU_DIS, S_DEVELOP, S_RZL_ADM, S_ADMI_FCD and S_TRANSPRT. Worked on SU24 to maintain Check Indicators for the Transaction Codes. Extensively used tables like AGR_USERS, AGR_TCODES, AGR_1251, AGR_DEFINE etc. Extensively Used SUIM (User Information System) to pull various reports for audit monitoring Trouble shoot authorization errors using SU53 and by system trace Performed reconciliation of user master record and roles using PFUD. GRC 5.2 / 5.3 Working knowledge of Compliance user provisioning using GRC Access Control. Reviewed, Analyzed and manually removed the roles from the backend system using Access Control. Worked with SAP Development on SAP GRC products for version 5.3 Extensive experience of role maintenance using Risk Analysis at object level. Have done risk simulation for impacting Composite roles with assigned users. Extensively used the GRC suite of products (Compliance Calibrator, Firefighter, Role Expert and Access Enforcer Utilized the VIRSA’s Compliance Calibrator tool to check for Segregation of Duties conflicts at transaction code level and authorization object level Maintained the Conflicting T-codes, Critical T-codes in the Rule Architect Created the Business Process, Functional Groups, Risk ID’s, Rule ID’s for the Compliance Calibrator according to the Organization Requirement Assigning the Mitigation control on the roles Worked with Role Expert to creating and modifying roles Worked extensively with Firefighter to resolve emergency and show stopping issues. Created Firefighter ids Processed production tickets in Access Enforcer (AE) Mitigated risks in AE Created users and provision access as requested. BI 7.0 Upgraded BW 3.5 to BI 7.0 Neeraj Uppal SAP Security Consultant Cell: 503-333-4373 Email: uppal.sap@gmail.com Manually adjusted the BW roles to conform to BI 7.0 security. Created Analysis Authorizations to compensate for deactivated objects such as S_RS_ICUBE, S_RS_ODSO etc. Built Analysis Authorizations using the transaction RSECADMIN. Assigned the Analysis Authorizations to the role using the object S_RS_AUTH. Troubleshoot authorizations related problems using RSECADMIN Made the infoobjects 0TCAACTVT, 0TCAIPROV, 0TCAVALID “authorization-relevant” in the info object maintenance tool RSD1. Setup security at the Info objects level (field-level security). Created Custom Reporting Authorization Objects using transaction RSSM. Linked the Custom Authorization Object to the Info provider Created roles restricting access to Info cubes, ODS objects, specific queries and workbooks. Troubleshoot authorizations related problems using RSSMTRACE and ST01 Secured Reporting Users by using S_RS_Comp1 (Secure by query owner) and, S_RS_FOLD (Disable the Info Areas button) in the BEx Analyzer Open Queries dialog box. Client : Alcatel-Lucent, NJ (March 05 to June 07) Role : SAP Security Analyst (Implementation) Version : ECC 5.0, GRC, BW, HR Industry : Telecom Roles and Responsibilities: Assisted in creating and maintaining security policies and procedures, and all SAP authorizations, profiles and roles Created and modified Single roles, Composite roles and derived roles using the Automatic Profile Generator (PFCG) from the Role Matrices provided by the functional team. Setup Traces for authorization purposes and Security Audit Logs for audit purposes. Used SU10 to perform mass operations. Created CATT scripts for creating mass users, deleting mass users, assigning roles to users, locking and unlocking mass users. Used Transport Management System (TMS) to perform transports and mass transports of roles. Modified Check Maintain flags in SU24 as needed Created and maintained table Authorization Groups SE54 and assigned Authorization Groups to tables Created Custom Transactions Code for tables and programs using SE93 Effectively analyzed system trace (ST01) and User Authorization data (SU53) and tracked missing authorizations for user access problems and inserted missing authorizations manually. Worked extensively on User Information System (SUIM) for audit purposes. HR Security Implemented Position Based Security by assigning Roles to Positions. Assigned users and roles to positions using both PFCG and PPOM_OLD Implemented Structural Authorizations by Evaluation path method in the Org Structure. Maintained Employee Master Data using transaction codes PA30, PA40 Experienced in creating Context-sensitive Authorizations using P_ORGINXX Developed enterprise structure to fit company needs including personnel area, personnel sub-area, employee group and employee sub-group. GRC 5.1 Extensively worked on Compliance Calibrator to identify, analyze and resolve all SOD and Audit Issues, simulate the role and assign the role to the user using PFCG Assisted Internal Auditors in framing new Rules for combination of new T-codes in ECC 5.0. Worked with Internal Auditors in creation of User and Role Mitigations and uploaded them. Configured and used Firefighter. Extensively worked on Firefighter tool (/n/VIRSA/VFAT) Giving emergency access to the required critical t-codes through Firefighter tool Neeraj Uppal SAP Security Consultant Cell: 503-333-4373 Email: uppal.sap@gmail.com BW 3.5 Worked with the Internal Audit team to prepare the BW systems for Audit for the current fiscal year. Identified gaps and problems in BW role designs and resolved some of the gaps Identified BW specific audit rules to generate reports for auditors Extensively used SUIM for getting these reports. Created an ECATT script for modifying 60 odd roles to add values to a field by making use of the program PFCG_ORGFIELD_CREATE Used transaction SUPC to generate the mass profiles Creating Custom Reporting Authorization Objects using transaction RSSM Created roles for restricting access to queries, workbooks, info cubes etc. Involved in testing of the roles along with the BW team members Troubleshoot authorizations related problems using RSSMTRACE and using RSSM Client Role Version Industry : NTUA, AZ (March 04 – Feb 05) : SAP Security Consultant (Production Support) : 4.6C : Utility Created and modified roles, and generated Profiles using Automatic Profile Generated (PFCG) in the Child Systems and assigned them to users in the Central System. Performed reconciliation of user master record and roles using PFUD and SUPC Gather Processes and Procedures documents, and Matrices to understand creation process, and naming convention of Manual Profiles, Activity Groups. Supported other teams by providing requested information. Converted the Manual Profiles created via SU02 to Roles using SU25. Handled the remaining missing Transactions in Menu Tab by analyzing table AGR_1251 Supported the Testing Team according to request. Created and modified Single roles, Composite roles and derived roles using PFCG. Maintained Users account by copying, renaming, change password, locking unlocking, assigning Roles etc. Perform Users Comparison to update User Master Record. Extensively used SUIM to analyze the user Authorizations. Created and handled transports from Development to QA boxes using SE09, SE10 and Upload Download Roles. Support Training Team to prepare documents for End User training GRC (Virsa) User/role remediation support for Sarbanes-Oxley Act (Section 404) using VIRSA Systems VRAT tool. Work with VIRSA systems VRAT tool in identifying conflicts single roles and composite roles. Detailed knowledge of SAP best practices for Application level security as well as segregation of Duties from standard rule set. Utilized the VIRSA’s Compliance Calibrator (VRAT) tool to check for Segregation of Duties conflicts at transaction code level and authorization object level.