SAP GRC ONLINE TRAINING
ENROLL NOW

SAP SECURITY ROLES AND RESPONSIBILITIES

DIFFERENT TYPE OF SAP SYSTEMS

  • R/3(old) or ECC(new)
  • APO
  • CRM
  • BI
  • SRM
  • Central User Administration(CUA)
  • Portal
  • GRC toll for SAP Security (old toll – VIRSA)

 

USER ADMINISTRATION TASKS

  • Password Reset
  • User lock and unlocking
  • User creation – IT user and Business user
  • Different type of users OSS & RFC
  • User Groups creation
  • User Parameters updating
  • Changing user group
  • Updating user date format, decimal notation, Time zone & Printers
  • Adding roles to users on permanent or temporary basis
  • Deleting roles from user
  • Adding or deleting profiles to user (not required..just to know)
  • Down loading security reports from SUIM
  • Finding missing authorizations with the SU53 dump
  • Finding role with SU53 missing authorization
  • Assigning additional roles to the user with or without validity
  • Assigning a role to the 100 users at a time(SU10)
  • Locking and unlocking 100 users at a time
  • Changing user group or time zone to 100 users at a time
  • Creation of RFC,BATCH and OSS users
  • Extending user validity and extending role validity
  • User inactivation and user reactivation
  • User termination
  • Downloading STAD report from user
  • Checking the audit logs – SM20
  • Tracing the user authorizations
  • CUA Administration
  • Transaction lock and unlock
  • Mass role deletion( 2 Types)

 

ROLE ADMINISTRATION

  • Following roles naming convection while creation of roles
  • Creation of single roles
  • Creation of composite Roles
  • Creation of Derived roles
  • Adding Tcode to a role
  • Removing Tcode from a role
  • Updating objects in the roles as per missing authorization dump
  • Updating organizational values in to the roles
  • Creating global roles in all the systems
  • Updating roles while creation and modification with the reference of SU24
  • Role transportation (including inter client)
  • Template role creation
  • Area menu role creation
  • Role upload and download
  • Role Deletion
  • Pfud & supc ( Monthly maintenance security Activities)

 

POSTING CHANGE NOTICE

  • Number Range for PCN
  • Create Posting change Notice Manually
  • Creating PCN Automatically
  • Convert PCN to TO

 

OTHER KEY ACTIVITIES

  • Client open
  • OSS connection open and access details update in service market place
  • RFC connection creation
  • Providing sensitive Tcode, objects and Roles access
  • Providing fire call access (User firecall/Role firecall)
  • Providing developer key
  • Providing access key for object
  • PFUD and SUPC for maintenance activity
  • SAP Licensing(Measurement Data)
  • Portal user administration including mass changes

 

SAP SECURITY REPORTING FOR SOX COMPLIANCE

  • Downloading user’s login report who are not login to the system from past 7 days after creation user ID
  • Downloading user’s report who are not login to the system from past 45 days
  • Down loading user’s report who are not login to the system from past 90 days
  • Client Settings status scc4, scc1
  • Security System Parameter checking – RZ11
  • Forbidden Password Report—SE16—USR40
  • Tracking security users list and their roles—SUIM
  • List the non dialog users and make sure those users should not be in locked status–SUIM
  • Random request checking for quality of work
  • User termination as per weekly HR termination report
  • Download SM20-audit log report on weekly basis
  • Users with Incomplete Address Data – rsusr007(Last Name, First Name, Email)
  • No User should have SAP_ALL & SAP_NEW profiles assigned to dialog users-SUIM
  • RSUSR003 is used for checking SAP* and DDIC in all clients along with login parameters. This report is used to ensure SAP* and DDIC have been secured in all clients. This report also allows checking of login parameters, such as number of invalid login attempts until user lock, login/system and client.
  • Document details steps of Emergency ID process for debug access.(AGR_USERS) Debug Roles should be expired for users.
  • Review Batch, RFC and Sensitive Accounts – SUIM (Users should not be locked)

 

SAP SECURITY TABLES ( SE16 OR SE16N)

  • AGR_USERS – Users list for a role
  • AGR_TCODES – Tcodes list for a role
  • AGR_AGRS – List of single roles in comp role
  • AGR_DEFINE – List of derived roles in a parent role
  • AGR_1251 – role completed information
  • AGR_1252 – org values details for a role
  • AGR_PROF PROFILE NAME FOR ROLE
  • USER_ADDR -ADDRESS DATA FOR USERS
  • USR01 -USER MASTER DATA (RUNTIMEDATA)
  • USR02 -LOGON DATA (PASSWORD, USERNAME, VALIDITY DATE ETC..)
  • USR04 -USER MASTER AUTHORIZATION (ONE ROW PER USER)
  • USR06 -LICENSE DATA
  • USR40 – illegal passwords list
  • USOBT Relation -transaction to authorization object (SAP)
  • USOBT_C Relation -Transaction to Auth. Object (Customer)
  • USOBX Check -table for table USOBT
  • USOBXFLAGS -Temporary table for storing USOBX/T* chang
  • USOBX_C Check -Table for Table USOBT_C

 

BI SECURITY

  • Overview of BI System (BI 7.0)
  • Reporting Authorization Objects
  • BI Analysis Authorizations
  • Trouble shooting.

 

SAP ECC SYSTEMS

  • ECC DEV (DR2) -100 and 200
  • ECC Test (QR2) -100 and 200
  • ECC PRD (PR2) -100
  • CRM DEV (DC2) -100,200 and 400
  • CRM TEST (QC2) -100,200 and 400
  • CRM PRD (PC1) -100

 

GRC TOPICS

GRC ACCESS CONTROL 5.3

  • Introduction
  • SOX Rules and SOD Concepts

 

BRISK ANALYSIS AND REMEDIATION (RAR)

  • Risk Analysis on User and Role Level
  • Rule set
  • Mitigation
  • Configuration of RAR

 

SUPER USER PRIVILIZE MANAGEMENT (SPM)

  • Fire Fighter Configuration
  • Reports

 

OVER VIEW ON COMPLIANCE USER PROVISIONING (CUP)

  • Performing Fire Fighter activity in EAM
  • Approver delegation and approver delegation report
  • Owner assigning firefighter id’s and controllers
  • User level violation report
  • Role level violation report
  • Finding mitigated users list
  • Background Jobs schedule and monitoring
  • How to find the log report of the Firefighter by using SPM

 

If you want to know more about SAP GRC ONLINE TRAINING do not hesitate to call +91-7774892805 or mail us on contact@intelogik.com

ENROLL NOW