SAP GRC ONLINE TRAINING

SAP SECURITY ROLES AND RESPONSIBILITIES

DIFFERENT TYPE OF SAP SYSTEMS

• R/3(old) or ECC(new)
• APO
• CRM
• BI
• SRM
• Central User Administration(CUA)
• Portal
• GRC toll for SAP Security (old toll – VIRSA)

USER ADMINISTRATION TASKS

• Password Reset
• User lock and unlocking
• User creation – IT user and Business user
• Different type of users OSS & RFC
• User Groups creation
• User Parameters updating
• Changing user group
• Updating user date format, decimal notation, Time zone & Printers
• Adding roles to users on permanent or temporary basis
• Deleting roles from user
• Adding or deleting profiles to user (not required..just to know)
• Down loading security reports from SUIM
• Finding missing authorizations with the SU53 dump
• Finding role with SU53 missing authorization
• Assigning additional roles to the user with or without validity
• Assigning a role to the 100 users at a time(SU10)
• Locking and unlocking 100 users at a time
• Changing user group or time zone to 100 users at a time
• Creation of RFC,BATCH and OSS users
• Extending user validity and extending role validity
• User inactivation and user reactivation
• User termination
• Downloading STAD report from user
• Checking the audit logs – SM20
• Tracing the user authorizations
• CUA Administration
• Transaction lock and unlock
• Mass role deletion( 2 Types)

ROLE ADMINISTRATION

• Following roles naming convection while creation of roles
• Creation of single roles
• Creation of composite Roles
• Creation of Derived roles
• Adding Tcode to a role
• Removing Tcode from a role
• Updating objects in the roles as per missing authorization dump
• Updating organizational values in to the roles
• Creating global roles in all the systems
• Updating roles while creation and modification with the reference of SU24
• Role transportation (including inter client)
• Template role creation
• Area menu role creation
• Role upload and download
• Role Deletion
• Pfud & supc ( Monthly maintenance security Activities)

POSTING CHANGE NOTICE

• Number Range for PCN
• Create Posting change Notice Manually
• Creating PCN Automatically
• Convert PCN to TO

OTHER KEY ACTIVITIES

• Client open
• OSS connection open and access details update in service market place
• RFC connection creation
• Providing sensitive Tcode, objects and Roles access
• Providing fire call access (User firecall/Role firecall)
• Providing developer key
• Providing access key for object
• PFUD and SUPC for maintenance activity
• SAP Licensing(Measurement Data)
• Portal user administration including mass changes

SAP SECURITY REPORTING FOR SOX COMPLIANCE

• Downloading user’s login report who are not login to the system from past 7 days after creation user ID
• Downloading user’s report who are not login to the system from past 45 days
• Down loading user’s report who are not login to the system from past 90 days
• Client Settings status scc4, scc1
• Security System Parameter checking – RZ11
• Forbidden Password Report—SE16—USR40
• Tracking security users list and their roles—SUIM
• List the non dialog users and make sure those users should not be in locked status–SUIM
• Random request checking for quality of work
• User termination as per weekly HR termination report
• Download SM20-audit log report on weekly basis
• Users with Incomplete Address Data – rsusr007(Last Name, First Name, Email)
• No User should have SAP_ALL & SAP_NEW profiles assigned to dialog users-SUIM
• RSUSR003 is used for checking SAP* and DDIC in all clients along with login parameters. This report is used to ensure SAP* and DDIC have been secured in all clients. This report also allows checking of login parameters, such as number of invalid login attempts until user lock, login/system and client.
• Document details steps of Emergency ID process for debug access.(AGR_USERS) Debug Roles should be expired for users.
• Review Batch, RFC and Sensitive Accounts – SUIM (Users should not be locked)

SAP SECURITY TABLES ( SE16 OR SE16N)

• AGR_USERS – Users list for a role
• AGR_TCODES – Tcodes list for a role
• AGR_AGRS – List of single roles in comp role
• AGR_DEFINE – List of derived roles in a parent role
• AGR_1251 – role completed information
• AGR_1252 – org values details for a role
• AGR_PROF PROFILE NAME FOR ROLE
• USER_ADDR -ADDRESS DATA FOR USERS
• USR01 -USER MASTER DATA (RUNTIMEDATA)
• USR02 -LOGON DATA (PASSWORD, USERNAME, VALIDITY DATE ETC..)
• USR04 -USER MASTER AUTHORIZATION (ONE ROW PER USER)
• USR06 -LICENSE DATA
• USR40 – illegal passwords list
• USOBT Relation -transaction to authorization object (SAP)
• USOBT_C Relation -Transaction to Auth. Object (Customer)
• USOBX Check -table for table USOBT
• USOBXFLAGS -Temporary table for storing USOBX/T* chang
• USOBX_C Check -Table for Table USOBT_C

BI SECURITY

• Overview of BI System (BI 7.0)
• Reporting Authorization Objects
• BI Analysis Authorizations
• Trouble shooting.

SAP ECC SYSTEMS

• ECC DEV (DR2) -100 and 200
• ECC Test (QR2) -100 and 200
• ECC PRD (PR2) -100
• CRM DEV (DC2) -100,200 and 400
• CRM TEST (QC2) -100,200 and 400
• CRM PRD (PC1) -100

GRC TOPICS

GRC ACCESS CONTROL 5.3

• Introduction
• SOX Rules and SOD Concepts

BRISK ANALYSIS AND REMEDIATION (RAR)

• Risk Analysis on User and Role Level
• Rule set
• Mitigation
• Configuration of RAR

SUPER USER PRIVILIZE MANAGEMENT (SPM)

• Fire Fighter Configuration
• Reports

OVER VIEW ON COMPLIANCE USER PROVISIONING (CUP)

• Performing Fire Fighter activity in EAM
• Approver delegation and approver delegation report
• Owner assigning firefighter id’s and controllers
• User level violation report
• Role level violation report
• Finding mitigated users list
• Background Jobs schedule and monitoring
• How to find the log report of the Firefighter by using SPM

If you want to know more about SAP GRC ONLINE TRAINING do not hesitate to call +91-7774892805 or mail us on contact@intelogik.com