
Hari Krishna
- Sr. SAP Security Consultant
- Long beach, CA
- Member Since Jun 02, 2023
Hari Krishna
•. Total 6+ years of experience in SAP Security as a Security consultant with Strong techno functional background.
• Worked as SAP Security Administrator in implementation, support and upgrade projects on different operating systems and Database platforms and R/3 versions 4.7, ECC 5.0, ECC6.0, BW 7.0, BW 7.3, PI/XI and Solution Manager 7.1. Designed and modified Security based roles for FI, MM, SD, CO, WM and PP modules.
• Expert in analyzing and translating business requirements into technical specifications in collaboration with application developers.
• Extensively worked with Profile Generator (PFCG), Role creation (single, composite and derived roles)
Modifications and User Administration by using SU01.
• Created custom Transaction codes and Custom Authorization objects as needed. Worked on Segregation of Duties, provisioning Sensitive Access in GRC. Worked with Compliance Team in creation of Mitigation Controls and Remediation of Risks.
• Experience in CUA administration and maintenance.
• Very good knowledge of producing and analyzing reports in SAP using SUIM, and security related tables
(AGR*, USR*, etc.), and customized Query reports.
• Experienced in adhering to the Change Management Process for transporting roles, tables, security objects and maintaining the change documents& RFC's in Solution Manager.
• Extensive experience in resolving all kinds of tickets and troubleshooting security authorization problems with respect to Service Level Agreements (SLA).
• Ability to manage multiple tasks of production support and implementation projects.
• Used S_DATASET and S_PROGRAM to restrict critical programs through SE38 and SA38. Experience in writing SECATT scripts for mass changes in the system.
• Expert in using Transport Management System. Knowledge in SAP Basis functions including Configuration and Maintenance, Transport management, SAP Client management, Users administration, Security administration, SAP Workload analysis, Performance tuning.
• Spool Administration including configuring printers and troubleshooting spool request.
• Expertise with the BI Analysis Authorization (RSECADMIN) to maintain security for reporting users and troubleshooting the reporting problems.
Willing to relocate: Anywhere
Authorized to work in the US for any employer
WORK EXPERIENCE
Sr. SAP Security Consultant
Molina Healthcare - Long beach CA Nov 2016 to Present
Responsibilities:
• Configured CUA and connected child systems to CUA (central user administration).
• Worked in role designing and deleted old roles and created new roles with new naming convention with few changes as per the requirements of functional teams.
• Created Business Partner (BP) for users in solution manager.
• Used STAUTHTRACE t-code for resolving the authorization related issues for users.
• Support new SAP Security role redesign project by PwC and its post go live hyper care.
• Support GRC AC 10 to 10.1 upgrade
• Made changes to Job templates in GRC as per the requirement and security.
• Support CUA - logs, connections issues for all production and non-production systems.
• Performed maintenance tasks such as client refresh activities.
• Extension License measurements activities for maintaining correct user types.
• Support HR related Security as well as ESS/MSS issues.
• Worked simultaneously on several new projects which were relatively break fix or new implementation
• Creation of process flows, and creating project documentation for all break fix projects.
• Indulged in audit related activities related to role changes and firefighter access.
• Extensive use of SU24 for all custom t-code changes.
• Performed critical maintenance tasks such as Disaster Recovery.
• In depth analysis of Governance revolving Security, Risks associated with operational activities, Remediation and it's compliance on a regular basis.
• Formulated complex mapping documents to establish relationships between the Info Objects, Analysis
Authorizations and their respective roles.
• Used the Analysis tab of RSECADMIN extensively to simulate users running queries in BEx and used the
Error logs to determine missing authorizations.
• Manually assigned Analysis Authorizations to users in RSECADMIN as well as in PFCG roles to ensure a lean user assignment approach that eliminates redundancies.
SAP Security Consultant
State farm – Chicago Oct 2015 to Nov 2016
Responsibilities:
• Worked with Profile Generator (PFCG) in creating roles, profiles, single roles, composite roles and Derived roles. Created new roles as per the client requirement for ECC 6 Systems: FI, CO, HR, MM, SD, PP Modules, based on concepts of Task Roles and Position Roles.
• Created Custom Authorization objects using SU21 as per the Business needs.
• Designed and maintained roles for HR/HCM (Organizational Management, Compensation Management, Performance Management, and Personnel Administration), BI/BW, MSS, and Portal for Global Implementation.
• Maintenance of HR Organizational structure to administer and control user access, including time-delimited access.
• Made the BI Security roles as granular and optimum so that info objects can be utilized as much as possible without creating too many Analysis Authorizations.
• Created Roles Using PFCG and Analysis Authorizations using RSECADMIN.
• Securing Generic user accounts like SAP* by creating user master data and changing password and locking the accounts.
• Securing the systems by not allocating wide access profiles like SAP_ALL, SAP_NEW to users. Designing
Security for SRM 7.0 and integrating with SAP Portal 7.0.
• Created roles in SAP Portal 7.0 for SRM Users
• Creating and maintaining OSS users, Developer Keys to systems.
• Tracing user Authorization errors (ST01, SU53, SM19, SM20, and RSECADMIN).
• Created Mass Roles and Users using SECATT Scripts.
• Maintained Program authorization groups and Table authorizations groups (SE54) to protect access to programs and tables. Transported Roles from development system to Quality system for testing and finally in to production system.
• Setup ALE environment for Central User Administration (CUA).
• Used Central User Administration (CUA) to handle & distribute users and profiles.
Generating Reports using Transaction Code SUIM.
• User Creation, Administration, locking and unlocking passwords using Transaction code SU01 and Mass user creation using SU10.
• Performed Risk Analysis at user level and role level and to mitigate risks for the users using Risk
Analysis. Analysis and Remediation of SOD violations against the various risks in SAP GRC 5.3.
• Role based simulation of SOD at transaction Code Level, Authorization object level, Critical role level and Mitigation level. Creation of a new mitigation Control to reduce risk at user, Role and Profile levels. Mitigation is used only when we are not able remediate or completely remove a particular risk.
• Mitigate the User ID against a particular Risk to reduce or minimize the SOD violations.
• Created Remote Functional Calls (RFC) connections between different systems in the landscape for communication purpose. Configured Transport Management System (TMS) in order to transfer the data between the systems.
• Excellent knowledge of SOX, Audit issues and Segregation of Duties (SOD) issues in GRC 10.0.
• Under Risk Analysis and Remediation, Performed User & Role Analysis to identify existing SOD violations. Performed remediation and mitigation against various risks associated with roles and users in ARA GRC 10.0
• Expert in creating and assigning Fire Fighter (FF) ID's and extracting Fire Fighter logs in ARA GRC 10.0.
• Expert in creating documentation for all the procedures/process and training manuals. So that they can be used as reference for any new team member or to train an end users as needed.
Environment: ECC6.0, SAP Portal 7.0, GRC 10.0
SAP Security Consultant
Cybermate Infotek Limited, India June 2011 to August 2015
Responsibilities:
• Developed and Designed Single roles, Composite roles, Derived roles and secured roles by organizational levels such as Company Code, Plant, Cost Center, Profit Center and Purchasing Organization for different Modules SAP Modules - FI, CO, MM, SD, PP, HR, WM, BI 7.4, BOBJ, Solution Manager for SAP Implementation.
Transported Roles from Development to Testing and Production systems.
• Created of Single, Composite and Derived roles using PFCG. Restricted Activities of the Authorization Objects
(S_RS_AUTH) for a user as per the Requirement.
• Extensive experience with resolving Ticket issues and troubleshooting security authorization problems while adhering to Service Level Agreements (SLA).
Experience in adhering to the Change Management Processes for transporting roles and tables, securing objects and maintaining change documents.
• Background Job management using T-Codes: SM36, SM37.
• Client management Creating, Deleting and Copying clients using SCC4, SCCL.
• Experience in Central User Administration (CUA) and maintenance.
• Worked on Users & Security including T-Codes like: SU01, PFCG, SU21, SUIM, SECATT, ST01, SU53, SU24 etc.
• Developed Authorization Profiles for FI, CO, SD, and MM in Development, Test and Production
Environments.
• Transported Profiles to Test Environment and carried out Level-Zero Testing.
• Created and Maintained of Activity Groups and Custom Authorization Objects.
• Worked with Table Authorizations and created new table Authorizations Groups in SE54 to protect Tables.
• Extensively used RSECADMIN tool to build Analysis Authorizations.
• Assigned the Analysis Authorizations access to users using Authorization Object S_RS_AUTH.Resolved issues related to Authorizations objects using T-Code RSSM.
• Analyzed user's outputs and corrected security deviancies using T-Codes: SU53, SU56, and ST01.Locked and ensured that the Standard SAP Super Users (SAP*, DDIC, SAPCPIC) were set-up as system or background users with passwords changed (monitoring using report RSUSR003) in all SAP systems.
• Worked with Security related Tables such as USR02, USR04, USR10, AGR_TCODES, AGE_USERS, USR*, AGR* and USGRP.
• Perform License cleanup activities in over 20 systems and has good knowledge on license administration in
SAP. Worked on giving custom BI authorizations S_RFC, S_RS_AUTH, S_RS_COMP, and S_RS_CO
• Performed unit testing, positive testing and negative testing on user accounts to ensure appropriate access levels on created roles.
• Responsible for Documenting root cause of an issue.
Environment: ECC 6.0, BI 7.4
EDUCATION
Bachelors in Electronics and Computer Engineering March 2011
JNTU
ADDITIONAL INFORMATION Technical Skills:
ERP: SAPR/3Versions(4.7, ECC5.0/6.0), SAP EP 7.3, SAP BI (7.4, 7.3), SAP PI 7.3, Solution Manger 7.1, SAP CRM 7.0 EHP2, Enterprise Portal […] Governance Risk & Compliance (GRCARA, ARM 10/5.3), SAP SCM, SAP GTS.
Operating systems: Windows […] Windows 8, Windows Server (2003, 2008, 2012), Linux red hat, HP UNIX, IBM AIX, Solaris.
Programming languages: C, C++, Java, And Visual Basic, HTML Databases: Oracle (9, 10g, 11g), DB2, MS SQL
Operating tools: Microsoft office (word, Power point, Excel), MS Project, MS Access