
Lakshmi Challagulla
- SAP Security Admin
- San Antonio, TX
- Member Since Jun 02, 2023
Lakshmi Challagulla
Summary
· Over Eight years of extensive experience as SAP R/3 Security Administrator with in-depth knowledge in designing and implementing SAP security solutions, Data security and Authorization concepts.
· Highly experienced in SAP Security with ECC, SCM, BW, CRM, SRM, GRC, Portal, Hana and Fiori.
· Strong experience in SAP Security Administration, GRC, User Administration, Change Management ,Portal Security, UME, Authorization Objects, Analysis Authorizations in BI, Roles, Profiles, Trouble shooting and Production Support.
· Good Experience in full lifecycle SAP implementations
· Strong understanding of dual rail strategy & it's implications and Dual Maintenance in SAP Upgrade projects
· Expertise in Sail Point and Identity Access Management (IAM). Created IAM roles and policies. Run Security Audit reports and Managed users for roles.
· Involved in work load analysis, escalation and deliverables management.
· Experience in creating analysis authorizations using RSECADMIN.
· Good repute for my efficient communication with the client; efficient skills in people management and effective knowledge transfer to offshore team particularly during the transition and upgrade phases.
· Extensive experience in Segregation of duties. Interacted directly with financial directors and local application managers to implement mitigation controls.
· Troubleshooting via SU53 and system trace (ST01) to record authorization checks for the user sessions and tracing the missed authorization.
· Used CATT scripts for creating and maintaining users, roles, profiles and authorizations.
· Created Analysis authorizations using RSECADMIN, troubleshoot analysis authorization problems.
· Knowledge of IBM Tivoli Identity Management.
· Producing SoD Analytical Reports (both Summary and Detail) against Users, User Groups, Roles and Profiles using Risk Analysis and Remediation /Compliance Calibrator.
· Mitigation and remediation of users and roles for SOX using User/Role Analysis in Analysis and Remediation /Compliance Calibrator.
· Determining and report if any risks will be introduced by simulating the addition of transactions, Roles, or Profiles to a User ID.
· Responsible for providing customers with Implementation, Development, Enhancement and Support activities for their SAP applications, worked as Solution architect.
· Generating AGR* & USR* reports
Technical skills
· ERP : SAP R/3 Enterprise 4.7.0d, ECC6.0
· SAP Modules: ECC, BI, CRM, SRM, BOBJ, GRC, S/4 Hana, Fiori and Portal.
· Databases: Oracle 8i, 9i, SQL, PL/SQL, SQL Server, and MS Access.
· Programming Languages: C/C++
· Scripting: Python
· Operating Systems: MS-DOS, Windows 98/NT/XP/2000, UNIX, AIX, LINUX
Project Experience
Andeavor San Antonio, TX
SAP Security Admin Oct’16 to till Date
Roles & Responsibilities:
· Gathered requirements for Business and provides security and technical expertise to development of roles to satisfy business requirements.
· Works with business areas and project teams to troubleshoot issues with security objects and identify and implement appropriate solutions.
· Experience with ECC, BW, BOBJ HR, BPC, GRC, HANA, Fiori and Solution Manager Modules.
· Experience with GRC Access Controls and had Basic knowledge on GRC configuration
· Created roles for GRC Access Controls and performed testing of GRC roles
· Documented the steps of GRC for each Process Area and helped Business with testing
· Studied the Organization structure, jobs, roles and the SOD matrix for the Security developed in SAP and handled SOD conflicts for Sarbanes Oxley Compliance
· Working with respective functional heads for SOD & security changes based on SOX violations at T-code level & Object level.
· Created and managed users in S/4 Hana. Created roles in S/4 Hana and restricted operations on objects.
Granted roles to users in Hana.
· Worked on SAP HANA DB to grant users privileges and troubleshot issues related _SYS_REPO and other technical users
· Created DBMC user in Hana and given privileges. Solved access issues related to object privileges for users.
· Analyzed issues while connecting to SAP HANA DB through Power BI.
· Created and maintained users in FIORI through LDAP. Developed roles in Fiori front End system and assigned roles to users in Fiori system and backend S/4.
· Analyzed issues related Fiori Deal Capture by running trace both in front and Back-end systems.
· Worked with UX team to solve Fiori config issues.
· Worked on Third Party tools like Vertex, LDAP, AD, Track and HP
· Review of critical & sensitive authorizations, implementing improvements to meet audit requirements, made suggestion for security policies and standard/best practices.
· Performed Security tasks for Server Decommissions Monthly
· Worked on Service Now tickets with necessary role modifications, role assignments and transported roles to Production weekly releases
· Experience in analyzing critical issues with root cause and coordinating with respective teams to resolve the issue.
· Troubleshoot missing authorization problems exclusively using ST01 and suggest resolution.
· Created Local Business objects group and tied it to the LDAP group.
· Applied an access level to group on the Business objects folder by user security.
· Secured universes by data classification and applied security. Break inheritance for Internal groups on restricted or confidential universe folders so that it appears as “No Access”.
· Maintaining Credentials for OSS ID's in Secure Area.
· Worked on HR role modification and maintained user Info types in PA30
· Given KT to Entry Level Security analysts and helped them in Project
· Participated in Weekly Change Control Meetings and discussed with team regarding Meeting Notes.
· Modified roles as per the RBA Process with approvals
· Worked on Analysis Authorization issues in BW and added new Multiproviders in role restricted to particular Info Area
· Worked with Audit team in getting respective reports as per the requirement
· Performed Security tasks for Dress Rehearsals
· Worked on setting up Security tasks for Cutover Activities.
· Performed Cutover tasks during Go-Live and completed tasks as per the schedule
· Worked on Hyper care issues after Go-live and supported as Level 2 security for Escalations
· Worked as 24/7 On-call Support and scheduled meeting with Off-shore regarding Security updates and process
Harley- Davidson Powertrain Operations Milwaukee, WI
SAP Security Administrator Dec’14 to Aug’16
Roles & Responsibilities:
· Worked with functional team leads financial control teams to define the new transactions.
· Gathered requirements for the end users for ECC, BW, APO/SCM systems.
· Secured roles by Company Code, Plant, Cost Center, Profit Center, and Purchasing Organization etc.
· Analyzing all custom programs and transaction codes for authority checks.
· Analyzing all business roles and mapped them to transaction code according to business processes.
· Used PFCG t-code for Role and profile management and additions.
· Create and maintain user authorization, roles and profiles for SAP ECC, BW
· Used Derived roles to create new role and to transfer transaction codes from old ones to new ones.
· Perform user creation, modification, lock/unlock and validity date extension.
· Transport the generated roles and profiles using SAP transport management system.
· Identify missing authorizations via trace to use system ids to run custom program as background job in ER- Project.
· Work with testing team about how to test security profiles.
· Created Static roles in Identity and access Management with Role Owner details.
· Also created and Managed IAM polices for IAM roles and assigned suitable SAP roles to IAM policies.
· Assigned IAM roles to users in DEV, QA and PROD upon Approvals.
· Managed Services to the IAM policy as per the requirement
· Run few reports in IAM like Policies Governing a Role, Entitlements granted to an Individual, User and Account Reports and other Custom reports.
· Created users in LDAP, where user can login with credentials all system Landscapes using Single Sign on.
· Handle tickets and defects for authorization failures and Additional access issues.
· Documented the procedure for all SAP tasks process and controls.
· Identified missing authorizations via trace to use system ids to run custom program as background job in ER-Project.
· Worked on Authorization objects for securing Master data, Cluster data, Personal planning data, and Payroll data.
· Assigned roles indirectly in Organizational management.
· Worked on id administration for a large amount of users in Development, Quality, and Training and Production instances and provided developers key and reset the passwords.
· Worked with testing team about how to test security profiles.
· Provided knowledge transfer for SAP ECC, SCM, and BW security environment.
· Performed trouble shooting on security problems by using system traces.
· Working in collaboration with application managers to clean up the security Roles to eliminate segregation of duties conflicts
· Maintained system parameters for password rules through transaction RZ11.
· Worked closely with Audit team for user-role conflict removal in SAP R/3 and SAP BW.
· Worked with Functional team to gather required information as part of Blueprint in GT Project
· Worked with profile generator (PFCG) in creating roles, profiles, composite roles, derived roles, and global roles.
· Creating new users and maintained users on day to-day basis (Single roles, Composite roles and Derived roles).
· User master maintenance through Central user Administration.
· Supported audit team for generating audit reports.
· Studied the Organization structure, jobs, roles and the SOD matrix for the Security developed in SAP and handled SOD conflicts for Sarbanes Oxley Compliance
· Worked with process experts & head of departments for SOD conflicts and assigned appropriate roles to the users.
· Developed custom Authorization Objects for queries developed by the users.
· Knowledge of IBM Tivoli Identity Management.
· Worked on Creating TR using CHARM and QGM tools.
· Worked on Assigning Firefighter access to user upon Approvals.
· Handled critical and high issues during Integrating Testing and Cutover
· Supported Hyper care issues after GO_LIVE
· Given KT to our Off-shore support team to handle issues further.
Environment: ECC 6.0, 4.7 Enterprise Edition enabled 3- System Landscape, Oracle 9.2.0.6.0, HPQC, and Windows NT/2000
Tools: GRC, REV-TRAC, ITIM
Johnson Controls Milwaukee, WI
SAP Security Analyst July’13 to Nov'14
Responsibilities & Roles:
· Led SAP Security Support for SAP BI Upgrade Project from BW 3.5 to BI 7.0(Both Technical (Analysis Authorizations) and Functional Upgrade).
· Marked info objects Authorization relevant from RSD1.
· Created new analysis authorizations using RSECADMIN as per the requirements and restricted by company code and plants.
· Restricted data by Multiproviders instead of cubes to reduce maintenance.
· Worked on Authorization trace through transaction codes like RSSMTRACE, RSSMQ, RSUDO, RSSM, analysis and identifying Info Areas Info cube, and created custom authorization objects
· Recommended implementation of info object level BW security.
· Designed BW roles and went through complete phase from designing the roles, supporting unit and integration testing, going live and post go live support.
· Responsible for all SAP Security tasks, role design, development, configuration, troubleshooting, resolution, and documentation of all Production, Test, Development Systems of all SAP landscapes.
· Worked on Sail Point Identity and Access Management. Expertise in Password Management, Single Sign - on, Access request and Provisioning Roles.
· Analyzed the effects of system upgrades on the Security Access.
· Led Role Redesign Project to reduce number of Composite roles assigned to users to one composite and redesigned single role’s in composites to eliminate redundant authorizations assignments.
· Worked with the business in creating new roles – single roles and composite roles per requirements
· Coordinated the Functional Unit testing (FUT), and Integration testing.
· Worked on preparations for cutover, go-live and post go live security activities
· Analyzed the traces files and ABAP dumps to provide the appropriate access to the dialog as well as system users.
· Maintained check indicators, authorization values for authorization objects for the SAP transaction codes through SU24 and transporting to the other SAP Systems.
· Created BI analysis authorizations via RSECADMIN to implement field level & hierarchy security for org levels - company code, profit center and sales organization.
· Worked with SRM team for maintaining the users & roles in the SRM Org Structure.
· Worked on creating the SAP Profiles, Roles, Authorization Security for SRM Module.
· Extensively worked on creating SRM derived roles from master roles and maintaining the SRM & PPS roles for the catalogs, shopping carts, bid invitation, buyers,
· Work with SRM team for giving tcodes, authorizations for SRM Shopping Cart, Catalogs.
· Created the Users & Roles in the portal system and assigned the Portal based roles, user groups to the users in DEV, QA, and PROD portal System for Single Sign ON (SSO).
· Worked on the Portal, SAP Roles and Portal Sync Program for the user’s access in the SAP portal & SAP backend system
· Preparation of SoD Matrix for the Risk analysis and remediation in GRC.
· Producing SoD Analytical Reports (both Summary and Detail) against Users, User Groups, Roles and Profiles using RAR in GRC.
· Mitigation and remediation of users and roles for SOX using User/Role Analysis
· High Level solution/design formation and verification of solution with client
· Managing all phases in the project life cycle- Design, Execution, Testing, UAT, Production delivery
· Quality Management and Analysis during all phases in the project life cycle
· Manage day to day team activities and provide technical & functional guidance to the team
· Understanding the business process of our client and designing their SAP security roles
· Manage customer Relationships – Obtain feedback and responsible for customer satisfaction
Environment: ECC 6.0, 4.7 Enterprise Edition enabled 3- System Landscape, BI 7.0 ,BOBJ, GRC 10,SRM
Tools: GRC
Cardinal Health Hyderabad, India
SAP Security Consultant Oct’11 to Apr’13
Responsibilities & Roles:
· Security related support on New Dimension products like BW/BI.