Ashok Bhagavatula

  • Sr. SAP Security Administrator
  • San Francisco, CA
  • Member Since May 10, 2023

Candidates About

 

Ashok Bhagavatula

Objective:

Ø  Senior SAP Security/GRC Administrator position

Areas of Expertise

Ø  Over 11 years of experience as a Security Administrator in SAP R/3(ECC 6.0, 5.0), BW (BI 7.0, BW 3.5), BOBJ, CRM 7.0, 5.2, SRM, GTS, Solution manager 7.0, PI/XI, VIRSA/GRC, Solman, CUA.

Ø  Upgrade experience from 4.6C to ECC 5.0, ECC 5.0 to ECC 6.0, BW 3.5 to BI 7.0 to BW 7.4 and CRM 5.2 to CRM 7.0, GRC 5.3 to 10.1

Ø  Security Experience with various modules like PP/MM/QM/IM/WM/PM//FI-CO/AP/GL/SD/VC/CS/MDM/CRM etc

Ø  BI Security- Secured BI Info Areas, Info cubes, Queries, Info objects, Hierarchy and Info objects. Successfully upgraded BW3.5 authorizations to BI7.0 Analysis authorizations. Restricted Analysis Authorizations (Using RSECADMIN Tool) at Characteristic Values, Attribute Values, Hierarchies and Key Figure level. Extensively used new BI tools like Authorization Monitoring and Legal Audit. Defined Authorization-Relevant Characteristics and Attributes using Info Object Maintenance (RSD1). 

Ø  HR Security - Designed and Developed HR Security in Personnel administration and Payroll accounting, Benefits, Compensation, Time Management, Travel, Payroll, E-Recruitment, Personnel Development and Org Management modules. Implemented Structural Authorizations to Restrict PD Objects.

Ø  GRC -Designed, configured and maintained GRC 10 Access Control.  Worked with SOX team to make updates to GRC rule set.  Developed workflows in GRC.  Integrated GRC with Active Directory.  Deployed password self-service.  Planned, designed and developed roles for major ECC and CRM implementation. Developed detailed project plans, standard operating procedures, processes and training documents.  Worked closely with an offshore team of security analysts to support a major SAP implementation

Ø  Able to immediately provide support for any current SAP Implementation project

Ø  Experienced in providing many proven SAP best practices solutions for common SAP security support issues, GRC, SOX, Role Redesign, or other challenges.

Ø  Collaborate with other team members and business representatives to ensure that security settings meet the requirements of the business and align with the defined controls and standards

Ø  Able to immediately provide support for any current SAP Implementation project

Ø  Excellent Computer Skills with particular emphasis on Microsoft Word, Excel, Access, PowerPoint and Visio.

 

Professional Experience:

 

PG&E                                                                                                          April 2015 – Present

San Francisco, California

Sr. SAP Security Administrator

Environment: ECC 6.0, SRM, HCM, EWM, BI 7.4, BO 4.0, Solution Manager, GRC 10.1

 

Responsibilities:

 

Projects:

JE Automation Project - Finance

Integrated Supply Chain Management Project - SCM

BPC Upgrade 7.5 to 10.1 on Hana Database

BW Upgrade 7.02 to 7.4 on Hana Database

 

 

Ø  Design and Implement HANA-BI Security

Ø  Created custom roles in HANA DB for Developers, Modelers, Administrators and Business users

Ø  Created Analysis Authorizations (RSECADMIN / RSECAUTH) to restrict BI reporting users.

Ø  Optimized the authorization relevant checks on Info Objects in BI.

Ø  Integrated BI with BOBJ.

Ø  Define Authorization-Relevant Characteristics and Attributes using Info Object Maintenance (RSD1)

Ø  Restricted Analysis Authorizations (Using RSECADMIN Tcode) at Characteristic Values, Attribute Values, Hierarchies and Key Figure level. 

 

Ø  GRC

 

Ø  Upgrade from 5.3 to 10.1

Ø  Master Data Setup in GRC10.1for new roles

Ø  Setup UAR – User Access Review Requests for periodic review

Ø  Review, approve and mitigate risks for access change requests

Ø  Designed, configured and maintained GRC 10.1 Access Control.

Ø  Worked with SOX team to make updates to GRC rule set.

Ø  Developed workflows in GRC.  Integrated GRC with Active Directory.

Ø  Developed detailed project plans, standard operating procedures, and training documents. 

Ø  Worked closely with offshore team of security analysts to support a major SAP implementation

Ø  Configured BRF + in GRC 10.1 Access Control

Ø  Configured MSMP Configuration in GRC 10.1 Access Control

Ø  Configured Business Role Management in GRC 10.1 Access Control

Ø  Worked Work Flows for EAM – Super User Access in GRC 10.1 Access Control

Ø  Pre & Post Implementation steps for GRC 10.1 for ARA,ARM,EAM& BRM Modules

Ø  Ran Risk Analysis on Single/Business Role level and worked with Business/Track leads to remediate/mitigation Risks

HGST                                                                                            September 2014 – March 2015

San Jose, California

Sr.SAP Security Administrator

Environment: ECC 6.0, SRM, BI 7.3, GRC

 

Responsibilities:

 

Ø  ECC Security

 

Ø  Analyzed the SAP Systems and provided recommendation to clean up and maintain the SAP positions and user profile

Ø  Worked on various Roles and eliminated the Transaction Codes which are causing conflicts from those Roles, Role Redesign, Mitigation and Role Remediation work

Ø  Responsible for the developing single/composite/derived roles using the Profile Generator (PFCG)

Ø  Troubleshooting authorization issues in SAP modules MM,PM,PP,PI,SD,FI,IM and WM

Ø  Resolving security related problems escalated by the other teams and end users (Remedy Tickets)

Ø  Analyzed the report generated in SU53 to find out the missing authorizations and resolve the User issues

Ø  Utilizing system trace (ST01), authority check (SU53), debug mode to analyze and fix Problems related to Security

Ø  Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.

 

Ø  GRC

 

Ø  Provision and manage users, support Risk Analysis and Remediation (RAR) to analyze and manage access risk during compliant user provisioning

Ø  Master Data Setup in GRC10 for new roles

Ø  Setup UAR – User Access Review Requests for periodic review

Ø  Review, approve and mitigate risks for access change requests

Ø  Implemented and configured GRC tool set – Risk Analysis and Remediation (RAR), Enterprise Role Management (ERM), Compliant User Provisioning (CUP)

Ø  Worked with Audit and Business Teams to create the RAR Rule Set, Mitigation controls and Firefighter access procedures.

Ø  Created Mitigation Controls, Mitigation Owners and Alerts in Compliance Calibrator to monitor critical transaction usage

 

 

 

 

 

 

 

PG&E                                                                                                   March 2014 – August 2014

San Francisco, California

Sr. SAP Security Administrator

Environment: ECC 6.0, SRM, HCM, EWM, BI 7.3, BO 4.0, Solution Manager, GRC 10.0

 

Responsibilities:

 

Ø  Role Re-Design project

 

Ø  Worked on various Roles and eliminated the Transaction Codes which are causing conflicts from those Roles, Role Redesign, Mitigation and Role Remediation work.

Ø  Scope of the Re-Design project includes Order-To-Cash, Logistics Execution, HCM, Financial Supply Chain Management (Biller Direct, Payer Direct, Dispute Mgmt, and Collections Mgmt), IT and Work Management.

Ø  Re-Design ECC, BI, CRM, SRM, SCM, EWM and HCM security.

 

 

Ø  ECC Security

 

Ø  Analyzed the SAP Systems and provided recommendation to clean up and maintain the SAP positions and user profile

Ø  Responsible for the developing single/composite/derived roles using the Profile Generator (PFCG).

Ø  Reviewed the role design process and developed the pre cutover and post cutover schedules and strategy.

Ø  Analyzed the report generated in SU53 to find out the missing authorizations and resolve the User issues.

Ø  Utilizing system trace (ST01), authority check (SU53), debug mode to analyze and fix Problems related to Security

Ø  Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.

 

Ø  BW 7.0 Security

 

Ø  Designed Security strategy and also responsible for Functional and technical designs and provided documents.

Ø  Migrating old BW 3.0B roles (profiles) to new BW 7.0 using the program RSEC_MIGRATION and responsible for design and creation of new roles upon business and IT requirements passing the SOX AUDIT.

Ø  Expert in using RSECADMIN and building Analysis authorizations that are new to BI 7.0 security, Implemented new BW 7.0 security authorization objects.

 

 

 

REI                                                                                             October 2012 – February 2014

Seattle, WA

Sr. SAP Security Administrator

Environment: ECC 6.0, BI 7.0, HCM, CRM 7.0, SRM, CUA, GRC 5.3

 

 

Responsibilities:  

 

Ø  Successfully designed and implemented security  which contained Finance (AP, AR, GL, Fixed Assets, Costing), Parts (Logistics, Planning, Pricing, Order management) & Service (Service delivery, Contract Warranty, Install-base, Workforce management) functional areas across ECC, BI, EP, SCM, SRM, CRM systems

Ø  Designed Security for various modules like PP/MM/QM/IM/WM/PM/FI-CO/AP/GL/SD/VC/CS/MDM/CRM etc.

Ø  Configured and managed Central User Administration (CUA) environment. Administer Users using SCUA, SCUL, SCUG and SCUM

Ø  Involved in all aspects of SAP security from setting up naming conventions for roles, profiles, Unit/Integration Test ids, custom objects and user groups to interact and work closely with various functional teams to collect role requirements, configuration of single and composite roles, transportation of roles, deployment activities and post implementation support

 

Ø  CRM:

 

Ø  Developed the Security design for CRM 7.0

Ø  Worked with the CRM functional team to outline security requirements around several CRM services

Ø  Created OSS Ids, maintained OSS Connections and OSS accounts.

Ø  Set up CRM 7.0 security for Marketing and Campaign Management, Business Partner Security, E-commerce (Internet Sales) and Product Security

Ø  Worked with functional analysts in developing CRM security in accordance to CRM Business Role requirements and assigning PFCG roles to business roles.

Ø  Extensively used CRMD_UI_ROLE_PREPARE report to generate the necessary UIU_COMP settings corresponding to the CRM business role.

 

Ø  BW 3.5/BI 7.0 Security

 

Ø  Created Analysis Authorizations (RSECADMIN / RSECAUTH) to restrict BI reporting users.

Ø  Optimized the authorization relevant checks on Info Objects in BI.

Ø  Integrated BI with BOBJ.

Ø  Define Authorization-Relevant Characteristics and Attributes using Info Object Maintenance (RSD1)

Ø  Restricted Analysis Authorizations (Using RSECADMIN Tcode) at Characteristic Values, Attribute Values, Hierarchies and Key Figure level. 

Ø  Designed and developed a BW workgroups concept for the reporting power users to share queries within their business groups including development, Operations and Production support, Change Management, Security design and methodology, project planning and project management.

Ø  Worked with BW Technical Team to design security, identify Info Areas, Info Cubes, and created custom objects.

Ø  Upgraded BW from BW 3.5 to BI7.0. Migrated BW 3.5 Authorizations to BI 7.0 Authorizations using SAP’s Migration Tool (program RSEC_MIGRATION). Restricted Authorizations at various levels such as Query, Query View, Web Template, Web Item and Workbook.

 

Ø  GRC

 

Ø  Implemented and configured the entire GRC tool set – Compliance Calibrator (Risk Analysis and Remediation), Fire Fighter (Superuser Privilege Management), Role Expert (Enterprise Role Management), Access Enforcer (Compliant User Provisioning)

Ø  Worked with Audit and Business Teams to create the RAR Rule Set, Mitigation controls and Firefighter access procedures.

Ø  Configured Compliant User Provisioning for User Access request process.

Ø  Created Mitigation Controls, Mitigation Owners and Alerts in Compliance Calibrator to monitor critical transaction usage

 

 

 

The Home Depot                                                                      October 2007 – September 2014

Santa Clara, California

Sr. SAP Security Administrator

Environment: ECC 6.0, SRM, HCM, BI 7.3, Business Objects 4.0, Solution Manager

 

Responsibilities:

 

Ø  Upgrade ECC security from ERP 6.0 EHP 2 to EHP 5

Ø  Upgrade BI security from BI 7.0 to BW 7.3

Ø  Upgrade Business Objects security from BOE 3.1 to BO 4.0

Ø  Upgraded Security for various modules like PP/MM/QM/IM/WM/PM//FI-CO/AP/GL/SD/VC/CS/MDM/CRM etc.

Ø  Defined CUA model and configured on Solution manager

Ø  Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.

Ø  Troubleshoot security/authorization related problems using SU53, ST01 and SUIM

Ø  Perform reconciliation of user master record and roles using PFUD and SUPC

 

Ø  BI 7.3 Security

 

Ø  Created Analysis Authorizations (RSECADMIN / RSECAUTH) to restrict BI reporting users.

Ø  Optimized the authorization relevant checks on Info Objects in BI.

Ø  Define Authorization-Relevant Characteristics and Attributes using Info Object Maintenance (RSD1)

Ø  Restricted Analysis Authorizations (Using RSECADMIN Transaction code) at Characteristic Values, Attribute Values, Hierarchies and Key Figure level. 

Ø  Worked with BW Technical Team to design security, identify Info Areas, Info Cubes, and created custom objects.

 

Ø  HR Security

 

Ø  Design and Development of HR Security for various modules including Personnel administration and Payroll accounting, Benefits, Compensation, Time Management, Travel, Payroll, E-Recruitment, Personnel Development and Org Management modules.

Ø  Implemented Security using Structural and General authorization

Ø  Generated authorizations for users in organizational plan using RHPROFL0 report

Ø  Extensively used RHBAUS reports to improve the performance while using Structural authorizations.

 

Ø  Expertise in handling security related issues on all diverse applications including R/3, CRM and SRM

Ø  Enforced Best Business Practices during all phases of Project life cycle.

Ø  Involved in all aspects of SAP security from setting up naming conventions for roles, profiles, Unit/Integration Test ids, custom objects and user groups to interact and work closely with various functional teams to collect role requirements, configuration of single and composite roles, transportation of roles, deployment activities and post implementation support

Ø  Worked closely with Internal and External auditors to ensure SAP security design is compliant.

 

 

BHP Billiton                                                                                                 Jan 2007 – Aug 2007

Miami, Arizona  

SAP Security Consultant 

  

Responsibilities:  

                                           

Ø  Worked as a SAP R/3 Security analyst for SAP Applications support group

Ø  Created roles and User Ids for programmers, end users by extensively using SU01 and PFCG.

Ø  Used Derived activity groups to create new activity groups and to transfer transaction codes from old ones to new ones.

Ø  Supported users at different levels for the security issues in various functional modules.

Ø  Analyzed all custom programs and transaction codes for authority check and configured authorization objects for transactions in SU24 in order to automate Profile generator for custom transaction.

Ø  Handled Security development for various modules such as FI, MM, AM, SD, PP, QM, PM and HR.

Ø  Continuously improved security configuration to reflect best practices and to prepare for system audits.

 

 

 

 

Kohler Company, WI                                                                                     Jan 2006 – Dec 2006    

Madison, WI

SAP Security Consultant 

 

Responsibilities:  

 

Ø  Defined new Roles, redesigned the existing definitions and built smaller meaningful roles based on the concentration of job duties.

Ø  Worked with SAP Check indicator defaults and customized them based on the client’s security model.

Ø  Analyze, assign, delimit and create roles in a position based security model.

Ø  Analyzed all business roles and mapped business roles to transaction codes according to Business processes.

Ø  Designed and configured security roles to support corporate business processes, defined positions and developed structural authorizations for the security model.

Ø  Transported the generated roles and profiles using SAP Transport Management System (STMS).

Ø  Identified critical transactions and auth objects and monitored their assignments.

Ø  Used SM19 and SM20 to audit user activity during a firefighter role assignment.

Ø  Worked with derived roles and various org level objects

Ø  Performed Unit Testing on the roles.

Ø  Worked with the PM’s to assess the validity of the project timeline, help define timelines for deliverables, and work with the rest of the security team members to delegate deliverables.

Ø  Engaged in role redesign in the R/3 environment to handle SODs in existing roles for compliance purposes.

Ø  Worked with Internal Audit team to define mitigation controls and translated these controls to table entries in Compliance Calibrator for continuous monitoring.

Ø  Provided End user Technical support and change control.