SAP Security and Authorization Consultant
Qatargas Operating Company Limited
Total years of experience :15 years, 4 Months
Administer SAP R/3 business controls via SAP NetWeaver access and authorization. Coordinates activities to enforce security in SAP R/3 modules (FICO, HR, MM, PM, PS, SS), GRC, Gateway, MDG and SAP BI appropriate to Qatargas business processes.
Supervise support to user security management team on roles and authorization issues.
Establish ongoing processes for SAP user role maintenance activities in FICO, HR, MM, PM, PS, and SS
Administer SAP Netweaver Business Intelligence business controls via SAP BI access & authorization.
Handling SAP GRC modules for SoD violation/Rule management
Develop roles and Analysis authorization objects
Participate in audit process with internal and external auditors.
Liaise with development team and business to create/update authorization matrix and ensure SoD in business process.
Extensively used SU53 and SUIM to assign missing authorizations to the users. Tracing missing authorizations objects using SU53 and recommended appropriate roles for the end users/Business Focals.
User administration (Creating, Maintaining, deleting user accounts and assigning roles)
Comprehensive use of Profile Generator to generate roles and assign role to end users.
Under Risk Analysis and Remediation, Performed User & Role analysis to identify existing SoD violations, Risks.
Experience in creating and assigning FFIDs and extracting Fire Fighter logs.
Role creation /Modification using Profile Generator (PFCG) including complex design restrictions.
Expertise in resolving authorization issues by analyzing authorization checks.
Troubleshooting user access through authorization error analysis (SU53, SU56) and system trace (ST01)Worked extensively with SE01, SE09, and SE10 in managing mass transport.
When in need, helped audit logs using SM20.
Proficient in working with tables USR, AGR and USH.
SoD violation checks using GRC at user level /Role level was a daily practice.
Control SAP GRC Access Control 10.1 Business controls via SAP GRC modules.
Roles creation, deletion and modification based on requests.
Single and mass roles transportation.
Adding the standard and customized t-codes into the roles.
Authorization groups creation and maintain authorization groups in the roles.
Creating the new authorization objects and maintain as per request.
Assign authorization objects to transactions.
Adding the roles for existing users based on request.
Passwords reset and lock/unlock the users.
Increasing the validity period for users.
Resolving the authorization issues using authorization check.
Used system trace to trouble shoot authorization problems.