Pratima Kalathuru

Hardworking and passionate candidate with 12 years of professional experience in SAP BASIS Administration, SAP GRC & SAP Security. I have handled SAP implementation in BASIS Domain. Worked on multiple support projects in both BASIS & Security that involved my role as a team member and SPOC. Have worked on SAP ECC, SCM, BW, FM, CUA, HANA DB Security, Portal Security, Audit controls – SOD and SOX. I have a good experience in dealing with the customers and aquatinted with the agile way of working. I am a cohesive team worker, with strong analytical, problem solving and interpersonal skills. I have the ability to adapt to new technologies.

Seeking GRC, Security & Authorization Position in a stable company where I can use my knowledge and skills to benefit the company.

The landscape has around 50+ sap systems including SAP ECC, BW, SCM, FM, MDG, Solman, SAP HANA DB, CP GRC (Symsoft product)

Below are the activities that I currently perform:

User Maintenance

• Complete end-to-end user administration (add/delete/lock/modify).

• Assigning user groups, assigning roles, modifying user authorization, and analyzing user authorization issues.

• Providing access to the users through CUA (Central User Administration).

• Mass User management using t-code SU10.

• Knowledge of producing and analyzing reports in SAP using SUIM and Security related tables (AGR*, USR*) and SUIM tables.

Role Maintenance

• Creation of single roles, composite roles and derived roles and transportation of created roles across the landscape.

• Copying from SAP Standard roles

• Role Deletion

• Authorization checks using transaction code SU24

• Maintaining missing authorization objects, field values and org values.

• Generating Authorization profiles.

• User trace using transaction code ST01 or STAUTHTRACE for troubleshooting authorization issue.

SAP ECC:

User Administration - Includes user creation, deletion, changing user access for different systems and environments, Mass user administration.

• Role changes, cleaning up transactions to resolve critical access and SOD conflicts.

• Role redesign by removing unwanted and sensitive risks as per the SOD risk analysis report.

• Extensive use of transaction code PFCG for creation and modifying single roles, composite roles and        derived roles.

• Maintenance of Derived roles based on the Organizational Values differentiation.

• Transport of roles across clients in the landscape.

• Troubleshooting security and authorization related issues using SU53, ST01 and STAUTHTRACE transaction codes.

• Extensive use of SUIM T-Code in multiple areas to review and consolidate and generate security reports.

• Use of tables AGR*, USR* by SE16 T-Code.

• Experience in maintaining critical authorization objects like S_TCODE, S_USER_GRP, S_USER_AUT, S_USER_PRO, S_TABU_DIS, S_TABU_NAM, S_PROGRAM, S_DEVELOP.

• Expire users, delete users after doing some checks to reduce license cost.

• Background job scheduling and monitoring via SM36, SM37.

• RFC connection checks via SM59 and providing required RFC authorizations.

• configuring SU24 for custom transactions as per the business requirement.

• Creation of user groups using SUGR t-code.

• For manual transport SE10, SE09 and tracking the TRs via Tables like E070.

CP GRC:

● Risk analysis for user for different child systems.

● Delegation of role owners for FF roles.

● Integration of child systems to CUA.

● Creation of mitigation controls and addition of new t-codes and auth values to risk functions.

● Extensive experience in role imports and updating bulk roles.

● Generating reports for emergency access (FF) usage, role/ user/ profile/ system usage etc.

SAP GRC:

● Access Request Management (ARM): User Provisioning (New and Existing), User Deactivation, Access to Developer key and S-ID.

● Emergency Access Management (EAM): FFID, Assign Owner and Controller to FFID, reason codes, executefirefighting sessions and monitor emergency access.

● Business Role Management (BRM): Configuring RolesManagement, create single roles, composite roles andbusiness roles, Uploading roles in GRC Portal.

● Risk Analysis activities: Building Rule Set, testing, remediate risks,

mitigate risks, performing risk analysis.

● User Access Review (UAR): Generating UAR, Approving UAR

IAM:

● Raising requests for users based on their role in the organization. Approving the requests. Analyzing the risks and routing the requests to Internal control specialists.

● Creation of requests for uploading roles in IAM portal and updating the role owners.

SAP BW, SCM, FM, MDG, Solman:

● User Creation and access provisioning, performing trace on effected users, assigning the missing roles, Activating/Deactivating the users.

● Create, maintain, lock and unlock users and change passwords.

● Create and maintain simple roles, derived roles and composite roles.

● Transport roles and Analysis Authorizations.

SAP Service Marketplace Tasks

● Opening OSS connections and maintaining access data for SAP

Transport Management System (TMS)

• Creating Transport Requests for moving new roles and role

changes across the landscape using CHARM (Change Request Management).

CUA (Central User Administration)

• Assigning access to users from Central system

• Adding a new SAP system to Central System

• User access through IAM Portal.

SAP HANA

• User Creation and access provisioning, assigning the missing roles, Activating/Deactivating the users, Password reset.

S/4 HANA

• Role Build Activities which include new auth objects, replacement t-code/tile

• To assign groups and catalogs according to business requirements.

• To identify the front end and back end ODATA services

SAP FIORI

• Creation of front end and back-end roles. Providing Fiori authorizations for users.

SAP ME/MII/NW

• Creation of users, assignment of groups and roles, cleanup of users.

SOX and Audit

• SOD, CRIT risk remediation, pulling reports in SAP and providing evidence for the changes done in SOX systems.

SAP BASIS Activities:

I have implemented new systems from scratch, upgraded existing systems, performed system refreshes and applied support packages.

➢ Implementation (NetWeaver 7.5 AS JAVA)

➢ Performing stack upgrades.

➢ Performing Kernel Upgrades.

➢ Applying patches.

➢ Installing application servers.

➢ Performed System Refreshes

➢ System monitoring

The landscape has around 50+ sap systems including SAP ECC, BW, SCM, FM, MDG, Solman, SAP HANA DB, CP GRC (Symsoft product)

Below are the activities that I currently perform:

User Maintenance

• Complete end-to-end user administration (add/delete/lock/modify).

• Assigning user groups, assigning roles, modifying user authorization, and analyzing user authorization issues.

• Providing access to the users through CUA (Central User Administration).

• Mass User management using t-code SU10.

• Knowledge of producing and analyzing reports in SAP using SUIM and Security related tables (AGR*, USR*) and SUIM tables.

Role Maintenance

• Creation of single roles, composite roles and derived roles and transportation of created roles across the landscape.

• Copying from SAP Standard roles

• Role Deletion

• Authorization checks using transaction code SU24

• Maintaining missing authorization objects, field values and org values.

• Generating Authorization profiles.

• User trace using transaction code ST01 or STAUTHTRACE for troubleshooting authorization issue.

SAP ECC:

User Administration - Includes user creation, deletion, changing user access for different systems and environments, Mass user administration.

• Role changes, cleaning up transactions to resolve critical access and SOD conflicts.

• Role redesign by removing unwanted and sensitive risks as per the SOD risk analysis report.

• Extensive use of transaction code PFCG for creation and modifying single roles, composite roles and        derived roles.

• Maintenance of Derived roles based on the Organizational Values differentiation.

• Transport of roles across clients in the landscape.

• Troubleshooting security and authorization related issues using SU53, ST01 and STAUTHTRACE transaction codes.

• Extensive use of SUIM T-Code in multiple areas to review and consolidate and generate security reports.

• Use of tables AGR*, USR* by SE16 T-Code.

• Experience in maintaining critical authorization objects like S_TCODE, S_USER_GRP, S_USER_AUT, S_USER_PRO, S_TABU_DIS, S_TABU_NAM, S_PROGRAM, S_DEVELOP.

• Expire users, delete users after doing some checks to reduce license cost.

• Background job scheduling and monitoring via SM36, SM37.

• RFC connection checks via SM59 and providing required RFC authorizations.

• configuring SU24 for custom transactions as per the business requirement.

• Creation of user groups using SUGR t-code.

• For manual transport SE10, SE09 and tracking the TRs via Tables like E070.

CP GRC:

● Risk analysis for user for different child systems.

● Delegation of role owners for FF roles.

● Integration of child systems to CUA.

● Creation of mitigation controls and addition of new t-codes and auth values to risk functions.

● Extensive experience in role imports and updating bulk roles.

● Generating reports for emergency access (FF) usage, role/ user/ profile/ system usage etc.

SAP GRC:

● Access Request Management (ARM): User Provisioning (New and Existing), User Deactivation, Access to Developer key and S-ID.

● Emergency Access Management (EAM): FFID, Assign Owner and Controller to FFID, reason codes, executefirefighting sessions and monitor emergency access.

● Business Role Management (BRM): Configuring RolesManagement, create single roles, composite roles andbusiness roles, Uploading roles in GRC Portal.

● Risk Analysis activities: Building Rule Set, testing, remediate risks,

mitigate risks, performing risk analysis.

● User Access Review (UAR): Generating UAR, Approving UAR

IAM:

● Raising requests for users based on their role in the organization. Approving the requests. Analyzing the risks and routing the requests to Internal control specialists.

● Creation of requests for uploading roles in IAM portal and updating the role owners.

SAP BW, SCM, FM, MDG, Solman:

● User Creation and access provisioning, performing trace on effected users, assigning the missing roles, Activating/Deactivating the users.

● Create, maintain, lock and unlock users and change passwords.

● Create and maintain simple roles, derived roles and composite roles.

● Transport roles and Analysis Authorizations.

SAP Service Marketplace Tasks

● Opening OSS connections and maintaining access data for SAP

Transport Management System (TMS)

• Creating Transport Requests for moving new roles and role

changes across the landscape using CHARM (Change Request Management).

CUA (Central User Administration)

• Assigning access to users from Central system

• Adding a new SAP system to Central System

• User access through IAM Portal.

SAP HANA

• User Creation and access provisioning, assigning the missing roles, Activating/Deactivating the users, Password reset.

S/4 HANA

• Role Build Activities which include new auth objects, replacement t-code/tile

• To assign groups and catalogs according to business requirements.

• To identify the front end and back end ODATA services

SAP FIORI

• Creation of front end and back-end roles. Providing Fiori authorizations for users.

SAP ME/MII/NW

• Creation of users, assignment of groups and roles, cleanup of users.

SOX and Audit

• SOD, CRIT risk remediation, pulling reports in SAP and providing evidence for the changes done in SOX systems.

SAP BASIS Activities:

I have implemented new systems from scratch, upgraded existing systems, performed system refreshes and applied support packages.

➢ Implementation (NetWeaver 7.5 AS JAVA)

➢ Performing stack upgrades.

➢ Performing Kernel Upgrades.

➢ Applying patches.

➢ Installing application servers.

➢ Performed System Refreshes

➢ System monitoring