Sap Security Master Data
Resume:
Ahmed S Mohammed
SAP Security & GRC Consultant
Cell: 313-***-****
Email: **********.***@*****.***
Professional Summary
18+ years of experience in SAP Security Administration
Experience in Implementation Design Security across multiple SAP Components (ECC6.0, CRM 4.0, 7.0, BOBJ 12.1.10, 14.2.8.3 BI/BW-BPC 10.1, EBP/SRM 40.0, 7.0, GRC 5.3,10.0, 10.1.12 Enterprise Portal 7.5, Solution Manager 7.1, 7.02, Vendavo 8.1, S4 HANA 1610,1909 SAP HANA database 1.SP12,2.SP04 SAP Cloud Platform SAP Analytics Cloud)
Experienced in 3 full life cycle implementations of Security/Authorization on various SAP components.
Used GRC Master data upload generator (MDUG) template to prepare GRC master data and upload in mass at one or more clients.
Experience setup workshop with process lead and business lead to identify functional/organizational restriction
Setup meeting with Functional, developer and HANA modelers to gather technical requirement such as technical name of objects, info providers, composite providers, schemas, tables, views, packages to build SOD clean roles
Worked on S4/HANA 1610 FPS02 (feature pack stack) for simple finance (SFIN).
Create customize Fiori Catalogs, Groups and Tiles and maintain Target mapping using /UI2/FLPD_CUST as per the business requirement.
Activation of Odata/SICF services in Maintain services /IWFND/MAINT_SERVICES for respective apps in scope.
Maintain authorization objects in SU24 correspond to Fiori application/Odata service
Experience manually Adding existing catalogs in CUST scope to transport requests to other clients/systems using SE80 /WD_ANALYZE_CONFIG_USER
Create project specific HANA security roles that includes restrict such as system privileges, object privileges, package privileges like REPO.EDIT_NATIVE_OBJECTS, REPO.ACTIVATE_NATIVE_OBJECTS, REPO.MAINTAIN_NATIVE_PACKAGES etc.
Create END user roles to restrict specific to tables and views.
Experience in Creation of non-prod role for Developer, Security admin, Transport admin, Basis admin and HANA Modeler.
Experience in User specific trace to analyze missing authorization in HANA DB.
Grant or Deny access to user or user group on BI reporting folders, applied folder level, Web Intelligence reports restrictions.
Expert in Promotion Management in order to promote folders, reports, access levels, group and any decency objects to BOBJ higher landscape.
Experience in SAP Analytical Cloud user provisioning and custom role creation.
Worked on role assignment to respective team, models and planning stories.
Worked on Assigning permissions apply model security and assign permissions to individuals and team.
Experience in GRC Implementation and Upgrade 10.0, 10.1 and 12 Access Control, Process Control and Policy Management.
Experience in Role Conflict identification & remediation
Involved in SAP GRC suite implementation meetings with the business users to know about the SOD conflicts at permissions level.
Configured GRC Superuser Privilege Management (SPM) which enables users to perform emergency activities outside their roles as privileged users in a controlled and auditable environment.
Experience in Access Controls implementation and administration for ARM, ARA, EAM and BRM.
Experience in Process Control creation of Automated Controls, Manual Controls, Business Rules and Data Sources.
Upgraded GRC 10.0 to 10.1/12 Access Control, Process Control and Policy Management.
Experienced in scheduling automated and manual controls.
Experienced in uploading master data using MDUG.
Executed SOLMAN_SETUP to update roles and to create template users in Solman.
Education:
Post Graduate Diploma in Computer Application - India
Bachelor’s in commerce – India
Certification:
SAP Certified Technology Professional - Security with SAP NetWeaver 7.0 (XXXXXX2674)
Experience Summary
Nutrien – Calgary, Canada May 2020 – Present
SAP Security and GRC Consultant
Implemented GRC 12 Access Control (ARM, ARA, BRM and EAM). Build custom SOD rules for two business entities, combined 2 sets of risks in one global rule set.
Build custom BRF+ SOD detour rule and configured mitigation policy to restrict access request approvals without mitigating control.
Used master data upload generator (MDUG) to prepare master data and upload in mass.
Created custom fields for validation service now tickets, custom role search for access request.
Integrated GRC Access Request Management with SailPoint and GRC Access Control (EAM, ARA, ARM) with HANA DB.
Activated GRC procedures in HANA DB.
Implemented Fiori Apps - Access Approver – Compliance Approver – Check Request Status.
Created security roles in S4 and Fiori gateway system for Finance Project
Experienced in implementing standard Fiori Apps, creation of tile catalog, tile group, activating OData Services.
Added OData Services, System Aliases in Activate and Maintain Services in Fiori gateway and S4 systems.
Suggested developers how to restrict custom CDS views using Access Control on currency type, company code, division, plant, distribution channel etc.
Experienced in trouble shooting Fiori Apps issues, used developer traces, /IWFND/ERROR_LOG, stauthtrace.
Extensively used user specific trace for trouble shooting missing privileges.
Designed and restricted HANA DB roles on Scheme, System Privileges, Objects Privileges, Analytic Privileges.
Created SOD free roles in HANA dbase for Basis, Developer, Modeler, End user and Security Admin. Transport, Job Monitor, Virtual Table,
Restricted developers’ access to specific package, schema, table, views and calculation views etc.
Designed/Created HANA dbase roles for Business Users to access models and restricted the roles at calculations views, packages and analytical privileges.
Experienced in executing SQL queries to pull the reports like effective privileges, granted roles, granted privileges, locked users, inactive users etc.
Experienced in trouble shooting BOBJ issue, AO reports, WEBI reports.
Advice and help sustainment team for all security related issues in BW, BOBJ, Fiori, S4, HANA, GTS.
FTS International – Dallas, USA April 2019 – May 2020
SAP Security and GRC Consultant
Configured GRC Superuser Privilege Management (SPM) which enables users to perform emergency activities outside their roles as privileged users in a controlled and auditable environment.
Implemented GRC Access Risk Analysis (ARA) build custom SOD rule set and Critical Actions rule set.
Design and configured Access Request Management (ARM) to automate Firefighter ID request workflow.
Configured MSMP workflows to support multi levels of approvals driven by request types and conditions contained within the request for different stages.
Defining, Updating/Modifying the SAP Global rule sets as per Organization-business requirement.
Created critical actions risks for security administration, transport administration, direct changes and table maintenance for SOX compliance
Excellent knowledge of SOX, Audit issues and Segregation of Duties (SoD) issues as per Compliance Standards.
Lead process documentation, risk assessment and testing efforts of SAP R/3 IT General Controls (ITGC) for SOX compliance.
Worked with internal and external auditors and resolved all audit issues.
Worked on ECC role redesign project and UAR project.
Configured custom rule set to facilitate ITGC controls and to automate ad-hoc reports.
Delta Airlines – Atlanta, USA Dec 2018 – Mar 2019
SAP HANA and SAC Security Consultant
Experienced in SAP Analytics Cloud created custom roles BI Admin, BI Content Creator, BI Content Viewer, Manager and BI Security Admin.
Experience in SAP Cloud Platform roles Application User Administrator, Cloud Connector Admin, Developer, Support User and Administrator.
Created SAC roles using Dimension Security approach to restrict access to individual values in model to specific user.
Approved and rejected role requests in tenant.
Extensively used permission settings to restrict role at Dimensions, Event Category/Event Process, Public and Private files and Explorer and Personal Data Acquisition.
Created users and assigned permission to individuals within a model and model permissions to a role on Analytics Cloud
Created roles Manager, Content Creator, Admin, Viewer, Planner Reporter and restricted them on Global and Individual levels.
In HANA dbase (native) created users and assigned granted roles, system privileges, object privileges, packages, analytic privileges and application privileges.
Created SOD free roles in HANA dbase for Basis, Developer, Modeler, End user and Security Admin. Transport, Job Monitor, Virtual Table,
Restricted developers’ access to specific package, schema, table, views and calculation views etc.
Designed/Created HANA dbase roles for Business Users to access models and restricted the roles at calculations views, packages and analytical privileges.
Extensively used user specific trace for trouble shooting missing privileges.
Experienced in executing SQL queries to pull the reports like effective privileges, granted roles, granted privileges, locked users, inactive users etc.
Defined Audit Policies – System Configuration, Objects Activation, User and Role Management etc.
Experienced in defining Password parameters - last_used_password, minimum_password-lifetime, maximum_password-lifetime, maximum_unused_initial_password_lifetime, password_expire_warning_time, disable password lifetime.
IBM – Canada May 2018 – Sep 2018
SAP Security and GRC Consultant
Experienced in SAP Analytics Cloud, created custom roles using the Dimension Security approach to restrict access to individual values in model to specific user.
Approved and rejected role requests in tenant.
Extensively used permission settings to restrict role at Dimensions, Event Category/Event Process, Public and Private files and Explorer and Personal Data Acquisition.
Worked closely with the Basis Team to compare the Services and activated them via SICF as per the Configuration guidelines from the SAP Fiori Library.
Used STAUTHTRACE/ST01 trace mechanisms to analyze the S4 HANA Authorization issues and transaction /N/IWFND/ERROR_LOG to analyze the Gateway Authorization Issues. Compared the issues with SAP standard solution when the channels are blocked.
Extensively used PP02 to assign roles and structural authorizations to position
Experience in OOAC to switch on authorizations. OOSP and OOSB to create and assign PD profiles.
Created generic PD profiles using function module RH_GET_MANAGER_ASSIGNMENT and RH_GET_ORG_ASSIGNMENT.
Extensively worked on P_ORGIN, P_PERNR, P_ABAP, PLOG, P_ORGXX HR Objects.
Analyses Automated control false positives. Modified controls using a brf+ rule.
Worked on Fallback receiver issue in process control.
Created Data base, business rules, automated and manual controls.
Experienced in exporting and importing Data Sources and Business Rules.
Experienced in transporting Data Sources and Business Rules and resetting the connector status for data sources and business rules.
Supported position-based security for a Government client.
Experience in Configuration GRC Access Request Management (ARM) to automate provisioning, tests for segregation of duties (SOD) risks, and streamlines approvals by the appropriate business approvers to unburden IT staff and provide a complete history of user access
Experienced in Configuration, Implementation Centralized and De-centralized GRC Emergency Access Management (EAM)which enables users to perform emergency activities outside their roles as privileged users in a controlled and auditable environment.
Experience in Configuration and implementation GRC Access Risk Analysis (ARA)
Configured MSMP workflows to support multi levels of approvals driven by request types and conditions contained within the request for multi stages.
Experience in modifying MSMP workflow as per business requirements
Worked on Risk Analysis and Remediation and Analytic Reports Analysis, which supports real-time compliance to detect, remove, and prevent access and authorization risks by preventing security and control violations before they occur.
Worked with GRC Compliance team in establishing the security controls in order to follow SOD principles.
Worked with Compliance Team in modifying the functions and risk ids.
Developed SOD (segregation of duties) matrix with cooperation of functional people.
Managed and trained off shore support team.
Texas Instrument - Plano, TX Sep 2012 – Dec 2017
SAP Security and GRC Consultant
Worked on S4 HANA 1610/2 for simple finance.
Experience in Fiori Catalogs, Groups and Tiles.
Experience in SAP HANA security including User Management, Roles, and Privileges.
Created .hdb repository and catalog roles on HANA to control schema/object level access.
Worked in HANA Life Cycle Manager and Export/Import with delivery unit.
Activated Odata services for Fiori Apps
Mapped Fiori apps with corresponding business role (composite role) obtained from workstreams based on the outcome of design workshops.
Analyzed the issues from a technical and functional perspective and checked the authorizations and services related to SAP Fiori Apps.
Worked closely with the Basis Team to compare the Services and activated them via SICF as per the Configuration guidelines from the SAP Fiori Library.
Used STAUTHTRACE/ST01 trace mechanisms to analyze the S4 HANA Authorization issues and transaction /N/IWFND/ERROR_LOG to analyze the Gateway Authorization Issues. Compared the issues with SAP standard solution when the channels are blocked.
Created users and assigned permission to individuals within a model and model permissions to a role on Analytics Cloud
Created roles Manager, Content Creator, Admin, Viewer, Planner Reporter and restricted them on Global and Individual levels.
Implemented and Upgraded GRC 10.0 to 10.1 Access Control, Process Control and Policy Management.
Experienced in scheduling automated and manual controls.
Created Data base, business rules, automated and manual controls.
Experienced in uploading master data using MDUG.
Involved in SAP GRC suite implementation meetings with the business users to know about the SOD conflicts at permissions level.
Experience in Configuration GRC Access Request Management (ARM) to automate provisioning, tests for segregation of duties (SOD) risks, and streamlines approvals by the appropriate business approvers to unburden IT staff and provide a complete history of user access
Experience in Configuration and implementation GRC Business Role Management (BRM)
Experience in Configuration and implementation GRC Emergency Access Management (EAM)which enables users to perform emergency activities outside their roles as privileged users in a controlled and auditable environment.
Experience in Configuration and implementation GRC Access Risk Analysis (ARA)
Configured MSMP workflows to support multi levels of approvals driven by request types and conditions contained within the request for multi stages.
Experience in MSMP workflows using rule kind initiator, routing, agents and notification with rule types BRF+, BRF+ flat rule (lineitem by lineitem), Function Module, ABAP based rules.
Experience in modifying MSMP workflow as per business requirements
Worked with GRC Compliance team in establishing the security controls in order to follow SOD principles.
Experience in generating UAR data for role assignment approvers, generated SOD rule set and transported to production.
Developed SOD (segregation of duties) matrix with cooperation of functional people.
Maintaining the Check Indicators and Activating and Deactivating the Authorization Objects.
Designed and implemented enterprise security using PFCG and SU24. Analyze user SU53 and SU56 outputs.
Involved in all aspects of SAP security from setting up naming conventions for roles, profiles, test ids, custom objects and user groups to interact and work closely with various functional teams to collect role requirements, configuration of single and enabler roles, transport of roles, creation of test ids, deployment activities and post implementation support.
Creating users and assigning them to user groups in portals.
Created SAP OSS ID’s, maintain User Master Data, maintain system connections (R/3, http), opened messages to SAP, as needed.
Responsible for supporting custom functionality thru various phase of project including unit testing, Integration Testing, Stress Testing, User Training and Go-live.
Extensive experience in Production support, mass user maintenance using SU10.
Created users and assign them to roles and user groups in Vendavo.
Executed SOLMAN_SETUP to update roles and to create users in Solman.
Involved in Security Role Re-designed project, Blueprint stage for the estimate preparation for the security requirements.
Followed SAP standard procedures, extensively used SU24 to maintain standard objects in PFCG roles.
Upgraded ECC 5.0 to 6.0using transaction code SU25, steps 2a,2b,2c & 2d, assessment of authorizations and redesign.
Used BP and PPOMA_CRM, extensively in CRM system to associate sales code to Business partner and assign position to Org structure and debug user issues.
Used BP, PPOMA_CRM, PPOSA_CRM, extensively in CRM system.
Used PPOMA_BBP to change attributes, USER_GEN to create user, ZSECMOVDOCS to delete a user in EBP system.
Environment: SAP R/3 ECC 6.0 GRC 10.0,10.1 SRM 7.0, CRM 7.0, Solman 7.1, EWM, 7.2 PI & PO, MDG, BW-BPC 10.1, Vendavo 8.1, S4 HANA
FMC – Philadelphia, PA July 2011 to August 2012
Sap Security Analyst
Roles and Responsibilities
Implemented security for HR module at Personnel Area, Info type levels, Employee Group level etc
Integrated Logon names and Personal Numbers and Positions for all HR Organizational management and HR Personal Administration
Interacted with Portals configurators and developers in implementing Portals security for HR ESS and MSS
Migrated SAP backend roles into Portals
Worked on creating and transporting roles for ESS and MSS
Created project member roles for system administration, content administration etc.
Created transport packages to move roles from development portals to other systems in the landscape
Set permissions on folders
Performed user administration activities such creating user ids, copying user ids, assigning roles, assigning groups etc.
Created mass user ids using the export and import method
Created groups and assigned roles and user id to groups.
Experience in Role Conflict identification & remediation.
Involved in SAP GRC suite implementation meetings with the business users to know about the SOD conflicts at transaction code level.
Worked with internal and external audit team, which supports real-time compliance to research, remove, and prevent access and authorization risks by preventing Sox violations before they occur. Provided support and assistance for all Sox testing.
Configured GRC 5.3 Complaint User Provisioning (CUP) to automate provisioning, tests for segregation of duties (SOD) risks, and streamlines approvals by the appropriate business approvers to unburden IT staff and provide a complete history of user access.
Experience in Configuration GRC Super User Privilege Management (SPM) which enables users to perform emergency activities outside their roles as privileged users in a controlled and auditable environment.
Upgraded GRC Access Control 5.3 to 10.1.
Environment: SAP R/3 4.7, ECC 6.0 GRC 5.3,10.0, BI 7.0, EP 6.0, CRM 5.0.
Philips Electronics – Rosemont, IL May 2008 to June 2011
SAP Security Administrator
Roles and Responsibilities
Involved in Blueprint stage for the estimate preparation for the security requirements.
Created Custom MDM Roles using Function/Field restrictions and assigned roles to users as per their job duties.
Expertise in handling Admin node in MDM repository for all security jobs
Security leads for Hardware migration project.
Used BP and PPOMA_CRM, extensively in CRM system to associate sales code to Business partner and assign position to Org structure and debug user issues.
Used BP, PPOMA_CRM, PPOSA_CRM, extensively in CRM system.
Extensively worked on CRM objects B_BUPA_RLT, B_BUPA_BZT, B_USERSTAT, B_USERST_T, CRM_ORD_LP, CRM_ORD_PR
Configured GRC Superuser Privilege Management (SPM) which enables users to perform emergency activities outside their roles as privileged users in a controlled and auditable environment.
Worked on Risk Analysis and Remediation, which supports real-time compliance to detect, remove, and prevent access and authorization risks by preventing security and control violations before they occur.
Developed SOD (segregation of duties) matrix with cooperation of functional people.
Actively involved in meetings to study controls with relevance to SOX (Sarbanes-Oxley Act) and worked on resolving the SOD issue with regards to SOX.
Generated Audit Information Systems (AIS) logs (SM19, SM20) for external auditors.
Created master/derived/composite roles for Retail users.
Created new Roles for Data Archiving projects and added /PBS to the archiving T-Codes for Documentum.
Implemented Hierarchy based security in BI 7.0 and extensively worked on RSECASDMIN.
Maintaining the Check Indicators and Activating and Deactivating the Authorization Objects.
Designed and implemented enterprise security using PFCG and SU24. Analyze user SU53 and SU56 outputs. Develop CATT scripts to create mass users, assign roles and update user profiles.
Creating and assigning roles and users in EP6.0 using UME (user management engine)
Uploading ABAP roles to Enterprise Portals 6.0.
Creating users and assigning them to user groups in portals.
Configured and Implemented Central User Administration (CUA) for DEV, QA (Except PROD). Creating and maintaining User IDs in CUA.
Created SAP OSS ID’s as needed.
Worked on all security related issues including Web and Single Sign-On issues.
Troubleshoot security/authorization related problems using SU53, ST01, RSECADMIN (for BI) and SUIM. Providing on Call Support.
Worked with BI/BW authorizations and hierarchy nodes authorizations and maintained user authorizations.
Environment: SAP R/3 4.7, ECC 6.0 GRC 5.3, BI 7.0, EP 6.0, CRM 5.0.
Little Fuse - Des Plaines, IL Oct 2006 to Apr 2008
SAP Security Analyst
Roles and Responsibilities
Worked on upgrade projects from R/3 Enterprise to ECC 6.0 including upgrade & post-upgrade steps, assessment of authorizations and redesign.
Worked on Rule Architect and Mitigation control. Extracted Virsa Report to identify Conflicting Transaction and SOD violation.
Created users, roles and assigned required privileges for the database access.
Used (PFCG) Profile Generator for creation, modifying roles, composite roles, global roles & derived roles.
Resolved all SOX and Audit issues in R/3 system. Where applicable created mitigation control on some of the issues.
Maintaining the Security Audit logs and setting the Audit log Parameters.
Documented the procedure for all SAP tasks process and controls.
Created Roles for Org Management, IPC (Internet Pricing Configuration) Roles, Config team roles, Channel Management and Catalog Management Roles.
Worked on all security related issues including Web and Single Sign On issues.
Extensively used Org management related transactions and implemented HR based security.
Used BP, PPOMA_CRM, PPOSA_CRM, PO10 and PO13 extensively in CRM system.
Extensively used Automatic Profile Generator (PFCG) to create roles/profiles for various modules in R/3 system such as FI, GL, AP, AR, CO, HR & MM etc.
Created roles, Authorizations, object classes, objects, and assigned roles to user master.
Transported profiles between clients within R/3 system and between R/3 systems.
Created users, roles and assigned required privileges for the database access.
Used (PFCG) Profile Generator for creation, modifying roles, composite roles, global roles & derived roles.
Created users using SU01 and maintained user master and established security policies and procedures.
Extensively used SUIM to run the reports.
Extensively worked on Authorization objects, fields, authorizations, authorization profiles.
Performed transports and mass transports of roles and also used CATT scripts for mass user maintenance and assigning roles.
Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24and maintained check indicators for Transaction codes.
Resolved all SOX and Audit issues in CRM and R/3 system. Where applicable created mitigation control on some of the issues.
Performed User Annual review and User access checks to key authorization objects such as S_BTCH_ADM, S_ADMI_FCD, S_TABU_DIS, S_DEVELOP for debug access and etc.
Environment: SAP R/3 4.7, ECC 6.0, Virsa 4.x,BW 3.2, 3.5, CRM 6.0
AMSTD Piscataway – New Jersey Mar 2005 -Mar 2006
SAP Security Administrator
Roles and Responsibilities
Used Virsa Compliance Calibrator tool extensively for handling SOD conflicts for each user and role in both R/3 and SRM (EBP) system.
Analyzed and classified SAP Users for SAP Licensing issue using USMM and SU01
Assisted Sarbanes Oxley Compliance - SAP System Audit and documentation of significant Processes and controls.
Extensively used Automatic Profile Generator (PFCG) to create roles/profiles for various modules in R/3 and SRM (EBP) system.
Work with Business specialists to help them understand what SAP authorization objects are causing the conflicts and what all options exist for mitigating the conflicts.
Ran security reports for critical transactions and objects and for users who never logged on
Removed ranges from S_TCODE, SAP_ALL from users and created roles for them and removed all conflicting transaction from within the roles and cleaned all roles, in some instances removed single roles from Composite role to resolve the SOD conflict.
Secured roles by Company Code, Plant, Cost Center, Profit Center, and Purchasing Organization etc.
Continuously improved security configuration to reflect best practices and to prepare for system audits.
Established security testing procedures and tools and educated testing team about how to test security profiles.
Provided knowledge transfer for SAP R/3 security environment.
Used Derived activity groups to create new activity groups and to transfer transaction codes from old ones to new ones.
Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24and maintained check indicators for Transaction codes
Performed transports and mass transports of roles. Tracing missed files and authorizations for user’s access problems and inserted missing authorizations manually.
User maintenance (User creation/deletion/lockdown/activation/Password management).
Used Derived activity groups to create new activity groups and to transfer transaction codes from old ones to new ones.
Extensively worked on Authorization objects, fields, authorizations, authorization profiles.
Documented the procedure for all SAP tasks process and controls.
Environment: SAP R/3 4.7, ECC 5.0 Virsa (Compliance Calibrator), BW 3.5, EBP 5.0,
Education:
Post Graduate Diploma in Computer Application – India
Bachelor’s in commerce – India
Certification:
SAP Certified Technology Professional – Security with SAP NetWeaver 7.0 (xxxxxx2674)
Contact this candidate