Security Sap
Resume:
Krishnakumar Balusamy
Mail Id: ***************@*****.***
Ph: +91-741******* Current Employer: Accenture
Objectives:
To obtain a challenging position that will utilize my skills and experiences and which will also provide me with the opportunity for growth and advancement.
Profile Summary:
I have been working as SAP security consultant for more than two years, in which I have played different roles in various phases of projects like Production support, pre-Go live security development.
I have majorly played my role on ECC system which covers modules of MM, SD, PM, PP, LE, FI. Besides I have worked on HR & BI security as well.
Job Experience:
Engagement 1: Telecom
Tenure: 1year
Role Description: This was my first project where I started build my career on SAP security. Here I played security Analyst role for giving support for ECC and BI systems (ex: User provisioning, Role management)
Engagement2: Mining
Tenure: 1.2 years
Role Description: This was my second project where I strengthen my technical skills on SAP security. Here I have involved security core activities of Audit settings, Pre-Go live role buildings and implementing the Business process accordance with Sap security.
Technical skills:
R/3 Security:
1) Have worked in User Management, Roles & Authorization management
2) Involved in Role Building process from scratch during Go –live after receiving the requirements from onsite. I am aware of Scripting which involves Mass security updates like mass user creation, mass roles creation, mass authorization updates etc.
Worked on SECATT scripts, (SHDB recording), VB scripts (GUI scripts).
3) Troubleshooting knowledge (SU53, ST01 & Authority-check program level check), knowledge on authority check at SU24 level and Program level. Few times, I have worked with ABAP resource for troubleshooting issues for customized transactions
4) Have worked on CUA and have troubleshooting knowledge on CUA,
- User management from CUA (SU01)
- Moving mass users from a system into CUA once it is linked newly to CUA (SCUG)
- Changing the settings for default user master record changes (transaction: SCUM)
- IDoc movements (BD87, SCUL)
- List of systems linked to CUA (SCUA)
-I have involved activities of setting up CUA (Creating Logical systems, Crating Distribution Model, Adding BAPI etc)
5) Having knowledge of RFC settings and security involved in it. (Different types of RFC settings trusted, non-trusted and how to maintain RFC connection user)
6) Having knowledge of BASIS & Security authorization objects and its functionalities.
7) Knowing the process of Changing Normal authorization field to Organization unit & Post step for it.
8) Involved on Audit settings (SM19, SM20, and SM18) in SAP environment.
9) Performed SU24 updates like linking an auth object for a transaction, switching the check indicator, changing the proposed field values and performing expert mode of profile generation to meet the client requirement & involved SU25 Upgrades. Immense Knowledge on different type of authorizations like Standard, maintained, changed and manual. Worked on converting changed/manual authorizations into standard/maintained authorizations using SU24 and expert mode for a role
10) Having knowledge and have used relevant Security Tables (user related, role related, profile related, authorization related, HR tables)
11) Worked on tools like Security Weaver, VIRSA to check SOD
12) Basic understanding of SAP modules integration, BASIS, Support pack, WEB AS etc
13) Implemented SAP notes and solved Early Watch Alert report for production environments.
14) Having knowledge of all the Password and security related Parameter settings.
15) Have knowledge on creating custom auth objects through SU21, adding auth fields into an auth object.
16) Have worked on different type of roles like Single (master and derived) roles and Composite roles. Have worked on menu structure for a role, merging the menu structure, Collapse menu structure, Organization Management for HR roles
17) Having knowledge of Role profile clean up, composite role reconciliation (PFUD) and know how to set up Batch job for automating this process in Production environment.
18) Worked on running security reports (PFCG_TIME_DEPENDENCY, PFUD, SUPRN_REGENERATE_DEPENDENT, SUPC, SUIM reports for users, roles, profiles, change documents, comparisons)
19) Knowledge on Active Directory groups and Single sign-on process
HR Security:
1) Having functional understanding of HR Organization assignment & staffing. Understanding of HR terms like personnel number, Position, Job, Task etc
2) Having strong understanding of HR important Authorization objects and the field names available in HR auth objects.
3) Worked on HR enhancements, su24 updates for Custom HR ABAP programs.
4) Have exposure on Structural Authorization (Creation of PD Profile, assigning to Various Org elements, linking PD profile to SAP user-id by running HR report RHPROFL0)
5) Knowing the Process of creation of Custom Authorization objects in HR area & post steps for it.
6) Knowledge on HR info types and HR tables
BW/BI- security:
1) Having functional idea of BW/BI (OLAP) between OLTP and BI terminologies of Info cube, Info provider, and info object.
2) Have worked on Creating Custom authorization objects (RSSM tcode in BI).
3) Have worked on creation of Analysis authorization (RSECAUTH/RSECADMIN)
4) Have worked on analysis authorization assignment directly to users /through roles. Also know the process of doing trace of analysis authorization.
Portal-security:
1) Knowing the Basics idea of UME & LDAP functionalities & how it works.
2) Assigning roles, groups to portal user-id’s
Security Tool (Security Weaver):
1. I have worked on Security Weaver (3rd party tool), which can be integrated with SAP and enhance the security process in better way.
2. This tool facilitates security team to provide broader access in Production environment for desired time period. Since this tool records every broader access tcodes, this can be reviewed at any time.
3. This tool have SOD check program which is being used to check SOD/SOX for user, role. This program has simulation option for role assignment /role modification to check SOD.
4. This tool has Batch job which can be customized to meet our client requirement for automating user inactivity process. Basically every Production environment should be protected from the users who haven’t logged for certain period of time.
Moreover I have played role of managing people and planning and tracking the status of the team.
Contact this candidate