Neeraj Uppal

SAP Security Consultant

Cell: 503-333-4373

Email: uppal.sap@gmail.com

SAP SUMMARY:
Over 7 yrs of SAP Security experience on various SAP modules such as FI/ CO, MM, POSDM, MAP,
BW/BI, BPC, BOBJ, PP, P&D, SD, HR, GRC
Experience in full life cycle Implementation using ASAP Methodology in various versions of R/3
including 4.5B, 4.6C, R/3 4.7, ECC 5.0 and ECC 6.0
Extensive experience with Automatic Profile Generator (PFCG), User Administration, Central User
Administration (CUA), Authorization object maintenance, Problem analysis and troubleshooting, SAP
GUI & CATT and ECATT Scripts, transporting roles, HR Security, Auditing, Segregation of Duties
(SOD) and Sarbanes-Oxley Compliance etc.
Experience in performing SAP Security upgrades from 4.7 to ECC 6.0 and BW 3.5 to BI 7.0
Experienced in leading SAP security teams in audit efforts by helping in defining the audit rules and
automating the reports by defining the programs specifications
Experience in setup of BI security for user roles (query users, administrative users and power users)
Experienced in leading and guiding the security teams in unit testing of the roles using the business
process procedure (BPPs)
Experienced in Strategizing and implementation of SAP Security model, processes and procedures,
defining various Role Matrices and designing templates.
Experience with helpdesk, resolving ticket issues and troubleshooting support problems using
Remedy, Peregrine and Lotus Notes.
Experience on Audit projects and working as a liaison between the security team and auditors.
Administration in assigning the Automatic Profile Generator and Authorization object maintenance.
Experienced extensively in creating and modifying Single Roles, Composite roles and Derived roles
Strategizing and Implementation experience in Central User Administration (CUA) in both single and
multi system landscapes.
Experience in implementing Line Authorizations and troubleshooting of authorizations.

Strong experience in implementing and working with HR Security including Structural

Authorizations and Position Based Security (PBS).
Experience with using Audit Information Systems (AIS) logs (SM19, SM20 and SM18).
Experience in implementing security in BW including infoobject level security and BI 7.0
Solving ticket issues in Security related tables and reports/programs.
Problem fixing in assign of Authorization Groups, User Groups and User Administration.
Documentation in various security processes, procedures, auditing; knowledge transfer and an
active team player.

Technical skills
SAP
:
Front End
:
Data Warehouse :
Language
:
Database
:
Operating System :

SAP R/3 4.6B, 4.6C, 4.7, ECC 5.0, ECC 6.0, MM, FI/CO, HR, SD, PP
SAP Enterprise Portals 7.0 SP2/SP4, Sabrix
SAP BW 3.5 and BI 7.0
ABAP/4, Java 2.0, Unix
Oracle 11g, MS Suite
Windows NT, Windows 2000, UNIX

Completed Bachelors of Science from India.

Neeraj Uppal

SAP Security Consultant

Cell: 503-333-4373

Email: uppal.sap@gmail.com

Project Details
Client
Role
Version
Industry

: Dawn Foods, MI (Oct 2011 Present)

: SAP Security Lead (Implementation)
: ECC 6.0, BI 7.0, BPC, HCM, Sol Man
: Manufacturing

ECC 6.0
Involved in gathering end user requirements and implement SAP R/3 security authorizations.
Building SAP roles and define jobs by coordinating with functional project team members.
Work with business owners to define the authorizations needed for users.
Set-up SAP authorization profiles and roles that represent the different end users job definitions.
Use SU02 to examine authorizations in existing roles to identify improper authorizations and correct
them.
Created CATT scripts for creating mass users, deleting mass users, assigning roles to users, locking
and unlocking mass users in a CUA system.
Worked on critical authorization Objects like S_TABU_DIS, S_DEVELOP, S_RZL_ADM,
S_ADMI_FCD and S_TRANSPRT.
Worked on SU24 to maintain Check Indicators for the Transaction Codes.
Extensively used tables like AGR_USERS, AGR_TCODES, AGR_1251, AGR_DEFINE etc.
Resolved daily SAP Security issues.
Maintain various role matrices for roles, authorization objects to keep track of the modifications
made the roles.
Maintenance of User Master Record & Support End Users with Security issues.
Restrict open authorizations to sensitive Transaction codes.
Perform UNIT testing on created roles.
Effectively analyzed trace files and tracked missed authorizations for users access problems and
inserted missing authorizations manually.
Used SU24 to maintain Check Indicator Defaults and Field values, reduced the scope of
Authorization checks.
Extensively used SU53 and ST01 for analyzing the authorization errors
BI 7.0 / BPC
Built Analysis Authorizations using the transaction RSECADMIN.
Build and tested BPC roles and provide Security appropriate authorizations to the team.
Setup security at the Info objects level (field-level security).
Created Custom Reporting Authorization Objects using transaction RSSM.
Linked the Custom Authorization Object to the Info provider
Created roles restricting access to Info cubes, ODS objects, specific queries and workbooks.
Assigned the Analysis Authorizations to the role using the object S_RS_AUTH.

Troubleshoot authorizations related problems using RSECADMIN

Made the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID authorization-relevant in the info
object maintenance tool RSD1.
Troubleshoot analysis authorizations related problems using RSECADMIN.
Build security and successful testing of various objects related to Dashboard.
HCM:
Worked with Dynamic actions and info types tables.
Worked on Authorization Objects P_ORGIN, P_ABAP, P_PERNR, P_ORGXX etc.
Assigned structural profiles to users using the program RHPROFL0
Maintained authorization profiles using OOSP.

Neeraj Uppal

SAP Security Consultant

Cell: 503-333-4373

Email: uppal.sap@gmail.com

Experience on NWBC and fixing Security related issues.

Setup and maintained Organizational Structure including Organizational Units, Jobs, Positions,
Cost Center assignments etc.
Assigned tasks to positions and integrated all these into the enterprise organizational plan.
Assigned the various organization units and positions to cost centers.
Central User Administration
Implemented Central User Administration (CUA) within R/3 and BW system landscape
Performed user administration activities in the CUA System landscape
Troubleshoot CUA related issues
Delinked/Linked child clients from CUA setup during client refreshes using the program RSDELCUA
Client
Role
Version

: P&G, OH (March11 Sep 11)

: SAP Security Analyst (Implementation)
: ECC, BI 7.0, BOBJ, Portals

ECC 6.0:
Worked on SU10 to perform mass operations.
Analyze and troubleshoot security issues using SU53 , ST01 and SUIM
Worked closely with Audit team for SAP Security Audit and generated Audit Information Systems
(AIS) logs (SM19,SM20 and SM18)
Managed and maintained USOBT_C and USOBX_C tables by using SU24 /SU25
Create and maintained custom transactions by using SE93.
Performed user administration activities such as creating, deleting, renaming, locking and unlocking
users, and resetting passwords, maintaining logon data and assigning roles to the users.
Created User Groups by using transaction code SUGR.
Fix the bugs related to roles and authorizations in order to build security in R/3
Experience in Transport Authorization and provided production support for roles.
Managing Standard and Custom Authorization Object.
Transport Roles using the change request method and also the Download/Upload method for
transporting the roles to systems not in the transport landscape.
Transported the generated roles and profiles using SCC1 and SE09/SE10.
BI 7.0 / BOBJ
Created Analysis Authorizations to compensate for deactivated objects such as S_RS_ICUBE,
S_RS_ODSO etc.
Built Analysis Authorizations using the transaction RSECADMIN.
Assigned the Analysis Authorizations to the role using the object S_RS_AUTH.
Troubleshoot authorizations related problems using RSECADMIN
Made the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID authorization-relevant in the info
object maintenance tool RSD1.
Created and loaded profiles as per the requirement from the Cube DSOs
Involved in BAT, UAT and GO-LIVE activities.
Worked with the Business Objects team to create authorizations for the financial reporting.
Involved in testing crystal reports, live office connections/bindings and X-Celsius reports for the
dashboard.
Worked closely with the business teams to fix authorization on Business Objects, Advanced Analysis
and Dashboard.
Build and maintained BW hierarchies as per requirement for various dimensions.
Build security and successful testing of various objects related to Dashboard.
PORTALS

Neeraj Uppal

SAP Security Consultant

Cell: 503-333-4373

Email: uppal.sap@gmail.com

Working on creating and transporting roles.

Created transport packages to move roles from development portals to other systems in the
landscape
Performed user administration activities such as creating user ids, copying user ids, assigning roles,
assigning groups etc.
Created groups and assigned roles to groups.

Client
Role
Version
Industry

: Nike, OR (Feb 2010 Feb2011)

: SAP Security Analyst (Implementation)
: ECC 6.0, BI 7.0, GRC, Sol Man, MAP, POSDM
: IS-Retail

Roles and Responsibilities:

Provided SOD and Role matrices templates to the Business owners.
Interacted with the Role owners and the team lead for maintaining the correct restrictions on the
Transaction codes and the activities within the Transaction codes.
Worked closely with ECC Developers on LSMW for Data migration.
Extensively used Automatic Profile Generator (PFCG) to create and maintain Parent and
Child/Derived roles and to Upload and Download of roles.
Transporting the change requests from the Development environment to Testing/QA environments.
Created custom transaction Codes for restricting access to custom tables, views and programs.
Created transaction variants for SE16 and SM30.
Created Authorization groups and assigned Tables and Programs to the groups.
Implemented Line Authorizations to restrict records and transaction codes using the critical
Authorization Object S_TABU_LIN.
Worked on critical authorization Objects like S_TABU_DIS, S_DEVELOP, S_RZL_ADM,
S_ADMI_FCD and S_TRANSPRT.
Performed reconciliation of user master record and roles using PFUD.
GRC 5.3:
Working extensively on Compliance user provisioning (CUP) for access issues.
Reviewed, Analyzed and manually removed the roles from the backend system using Access
Control.
Helped the users by role administration and guiding them on CUP usage.
Worked with SAP Development on SAP GRC products for version 5.3
Extensive experience of role maintenance using Risk Analysis at object level.
Have done risk simulation for impacting Composite roles with assigned users.
Extensively used the GRC suite of products (Compliance Calibrator, Firefighter, Role Expert and
Access Enforcer.
BI 7.0
Created Analysis Authorizations to compensate for deactivated objects such as S_RS_ICUBE,
S_RS_ODSO etc.
Built Analysis Authorizations using the transaction RSECADMIN.
Assigned the Analysis Authorizations to the role using the object S_RS_AUTH.
Troubleshoot authorizations related problems using RSECADMIN
Made the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID authorization-relevant in the info
object maintenance tool RSD1.
Setup security at the Info objects level (field-level security).
Created Custom Reporting Authorization Objects using transaction RSSM.
Created roles restricting access to Info cubes, ODS objects, specific queries and workbooks.
Troubleshoot authorizations related problems using RSSMTRACE and ST01

Neeraj Uppal

SAP Security Consultant

Cell: 503-333-4373

Email: uppal.sap@gmail.com

Worked closely with MAP team for Query Creation, Planning and Assortment issues. .
SOLUTION MANAGER
Created roles based on the requirements provided by the Solution Manager team.
Developed Solution Manager roles by customizing the role templates provided by SAP
Worked closely with Functional Team to fix issues related to Tech Specs and Func Specs.
Developed roles for different functions performed in the Solution Manager like Implementation and
Distribution, configuring the service desk, Change Request Management, Solution Monitoring and
Job Schedule Management
Resolved issues using SU53, ST01 and Debug mode.
Client
Role
Version
Industry

: Astra Zeneca, DE (Aug09 Jan10)

: SAP Security Analyst (Production Support)
: ECC 6.0, BI 7.0, PI/XI
: Pharmaceuticals

Worked extensively on Automatic Profile Generator (PFCG) for creating single, derived roles for
modules such as SCM, PP, MM, SD, and FI/CO.
Extensive interaction with Business Organization Managers to understand User and Role Mitigations
and Critical Transactions.
Designed various forms and templates for new user requests, roles, modifications, change
management process etc.
Transported Roles Using SE10 and STMS.
Worked on SU24 to maintain Check Indicators for the Transaction Codes.
Created and maintained Authorization Groups for Tables and Reports and assigned them
accordingly.
Analyze and troubleshoot security issues using SU53 , ST01 and SUIM
Supported other teams by providing requested information.
Check Roles for Missing Objects, Maintained the display changed transaction codes using SU25.
Supported the Testing Team according to request.
Setting up SAP system for auto log-out, password length and expiration and specifying
impermissible passwords.
Maintained Authorization objects using the transaction SU24.
Transported the generated roles and profiles using SAP transport management system.
Worked with security related tables such as AGR_TCODES, AGR_USERS and AGR_DEFINE etc.
Worked with table authorizations to control access to tables and created custom table authorization
groups and assigned to tables using transaction SE54.

Review and correction of sensitive authorizations such as S_TABU_DIS, S_ADMI_FCD,

S_DEVELOP etc.
AUDIT
Reviewed the Organization structure, jobs, roles and the SOD matrix for the Security developed in
SAP and handled SOD conflicts for Sarbanes Oxley Compliance.
Supported audit team for generating audit reports as per the audit rules provided by the auditors
Worked with process experts for SOD conflicts and assigned appropriate roles to the users
Setting up SAP system for auto log-out, password length and expiration and specifying
impermissible passwords.
Worked closely with Audit team for SAP Security Audit and generated Audit Information System logs.
Working closely with Audit team for user-role conflict removal in R/3 and BI.
Perform regular system audits to detect deviations of established procedures, role mapping,
unauthorized system activity and report findings to management
Supported Internal and External security audits in the production system

Neeraj Uppal

SAP Security Consultant

Cell: 503-333-4373

Email: uppal.sap@gmail.com

Created Security reports as Key Controls for SOX including critical transactions/objects and user
administration.
BI 7.0:
Manually adjusted the BW roles to conform to BI 7.0 security.
Setup BI security for user roles (query users, administrative users and power users)
Built Analysis Authorizations using the transaction RSECADMIN.
Assigned the Analysis Authorizations to the role using the object S_RS_AUTH.
Created Custom Reporting Authorization Objects using transaction RSSM.
Linked the Custom Authorization Object to the Info provider
Created roles restricting access to Info cubes, ODS objects, specific queries and workbooks.
Built authorizations to grant access to data on various levels of detail

Setup security at the Info object level (field-level security) and key figure level.

Client
Role
Version
Industry

: SPX, WI (Aug 2007 to June 2009)

: SAP Security Administrator (Implementation/Upgrade)
: ECC 6.0, BI 7.0, GRC
: Manufacturing

Roles and Responsibilities:

Provided SOD and Role matrices templates to the Business owners.
Interacted with the Role owners and the team lead for maintaining the correct restrictions on the
Transaction codes and the activities within the Transaction codes.
Maintained User Master Records including Address information, user groups, validity periods etc.
Created ECATT scripts for creating mass users, deleting mass users, assigning roles to users,
locking and unlocking mass users etc. in a CUA system, also used SU10 for other mass user related
tasks.
Analyzed and understand existing SAP security environment and design, business requirements to
upgrade from SAP R/3 4.7 to ECC 6.0.
Extensively used Automatic Profile Generator (PFCG) to create and maintain Parent and
Child/Derived roles and to Upload and Download of roles.
Transporting the change requests from the Development environment to Testing/QA environments.
Created custom transaction Codes for restricting access to custom tables, views and programs.
Created transaction variants for SE16 and SM30.
Created Authorization groups and assigned Tables and Programs to the groups.
Implemented Line Authorizations to restrict records and transaction codes using the critical
Authorization Object S_TABU_LIN.
Worked on critical authorization Objects like S_TABU_DIS, S_DEVELOP, S_RZL_ADM,
S_ADMI_FCD and S_TRANSPRT.
Worked on SU24 to maintain Check Indicators for the Transaction Codes.
Extensively used tables like AGR_USERS, AGR_TCODES, AGR_1251, AGR_DEFINE etc.
Extensively Used SUIM (User Information System) to pull various reports for audit monitoring
Trouble shoot authorization errors using SU53 and by system trace
Performed reconciliation of user master record and roles using PFUD.
GRC 5.2 / 5.3
Working knowledge of Compliance user provisioning using GRC Access Control.
Reviewed, Analyzed and manually removed the roles from the backend system using Access
Control.
Worked with SAP Development on SAP GRC products for version 5.3
Extensive experience of role maintenance using Risk Analysis at object level.
Have done risk simulation for impacting Composite roles with assigned users.

Neeraj Uppal

SAP Security Consultant

Cell: 503-333-4373

Email: uppal.sap@gmail.com

Extensively used the GRC suite of products (Compliance Calibrator, Firefighter, Role Expert and
Access Enforcer
Utilized the VIRSAs Compliance Calibrator tool to check for Segregation of Duties conflicts at
transaction code level and authorization object level
Maintained the Conflicting T-codes, Critical T-codes in the Rule Architect
Created the Business Process, Functional Groups, Risk IDs, Rule IDs for the Compliance Calibrator
according to the Organization Requirement
Assigning the Mitigation control on the roles
Worked with Role Expert to creating and modifying roles
Worked extensively with Firefighter to resolve emergency and show stopping issues.
Created Firefighter ids
Processed production tickets in Access Enforcer (AE)
Mitigated risks in AE
Created users and provision access as requested.
BI 7.0
Upgraded BW 3.5 to BI 7.0
Manually adjusted the BW roles to conform to BI 7.0 security.
Created Analysis Authorizations to compensate for deactivated objects such as S_RS_ICUBE,
S_RS_ODSO etc.
Built Analysis Authorizations using the transaction RSECADMIN.
Assigned the Analysis Authorizations to the role using the object S_RS_AUTH.
Troubleshoot authorizations related problems using RSECADMIN
Made the infoobjects 0TCAACTVT, 0TCAIPROV, 0TCAVALID authorization-relevant in the info
object maintenance tool RSD1.
Setup security at the Info objects level (field-level security).
Created Custom Reporting Authorization Objects using transaction RSSM.
Linked the Custom Authorization Object to the Info provider
Created roles restricting access to Info cubes, ODS objects, specific queries and workbooks.
Troubleshoot authorizations related problems using RSSMTRACE and ST01

Secured Reporting Users by using S_RS_Comp1 (Secure by query owner) and, S_RS_FOLD
(Disable the Info Areas button) in the BEx Analyzer Open Queries dialog box.

Client
: Alcatel-Lucent, NJ (March 05 to June 07)
Role
: SAP Security Analyst (Implementation)
Version
: ECC 5.0, GRC, BW, HR
Industry
: Telecom
Roles and Responsibilities:
Assisted in creating and maintaining security policies and procedures, and all SAP authorizations,
profiles and roles
Created and modified Single roles, Composite roles and derived roles using the Automatic Profile
Generator (PFCG) from the Role Matrices provided by the functional team.
Setup Traces for authorization purposes and Security Audit Logs for audit purposes.
Used SU10 to perform mass operations.
Created CATT scripts for creating mass users, deleting mass users, assigning roles to users, locking
and unlocking mass users.
Used Transport Management System (TMS) to perform transports and mass transports of roles.
Modified Check Maintain flags in SU24 as needed
Created and maintained table Authorization Groups SE54 and assigned Authorization Groups to
tables
Created Custom Transactions Code for tables and programs using SE93

Neeraj Uppal

SAP Security Consultant

Cell: 503-333-4373

Email: uppal.sap@gmail.com

Effectively analyzed system trace (ST01) and User Authorization data (SU53) and tracked missing
authorizations for user access problems and inserted missing authorizations manually.
Worked extensively on User Information System (SUIM) for audit purposes.
HR Security
Implemented Position Based Security by assigning Roles to Positions.
Assigned users and roles to positions using both PFCG and PPOM_OLD
Implemented Structural Authorizations by Evaluation path method in the Org Structure.
Maintained Employee Master Data using transaction codes PA30, PA40
Experienced in creating Context-sensitive Authorizations using P_ORGINXX
Developed enterprise structure to fit company needs including personnel area, personnel sub-area,
employee group and employee sub-group.
GRC 5.1

Extensively worked on Compliance Calibrator to identify, analyze and resolve all SOD and Audit
Issues, simulate the role and assign the role to the user using PFCG

Assisted Internal Auditors in framing new Rules for combination of new T-codes in ECC 5.0.

Worked with Internal Auditors in creation of User and Role Mitigations and uploaded them.

Configured and used Firefighter.

Extensively worked on Firefighter tool (/n/VIRSA/VFAT) Giving emergency access to the

required critical t-codes through Firefighter tool
BW 3.5
Worked with the Internal Audit team to prepare the BW systems for Audit for the current fiscal year.
Identified gaps and problems in BW role designs and resolved some of the gaps
Identified BW specific audit rules to generate reports for auditors
Extensively used SUIM for getting these reports.
Created an ECATT script for modifying 60 odd roles to add values to a field by making use of the
program PFCG_ORGFIELD_CREATE
Used transaction SUPC to generate the mass profiles
Creating Custom Reporting Authorization Objects using transaction RSSM
Created roles for restricting access to queries, workbooks, info cubes etc.
Involved in testing of the roles along with the BW team members
Troubleshoot authorizations related problems using RSSMTRACE and using RSSM
Client
Role
Version
Industry

: NTUA, AZ (March 04 Feb 05)

: SAP Security Consultant (Production Support)
: 4.6C
: Utility

Created and modified roles, and generated Profiles using Automatic Profile Generated (PFCG) in the
Child Systems and assigned them to users in the Central System.
Performed reconciliation of user master record and roles using PFUD and SUPC
Gather Processes and Procedures documents, and Matrices to understand creation process, and
naming convention of Manual Profiles, Activity Groups.
Supported other teams by providing requested information.
Converted the Manual Profiles created via SU02 to Roles using SU25.
Handled the remaining missing Transactions in Menu Tab by analyzing table AGR_1251
Supported the Testing Team according to request.
Created and modified Single roles, Composite roles and derived roles using PFCG.
Maintained Users account by copying, renaming, change password, locking unlocking, assigning
Roles etc.
Perform Users Comparison to update User Master Record.

Neeraj Uppal

SAP Security Consultant

Cell: 503-333-4373

Email: uppal.sap@gmail.com

Extensively used SUIM to analyze the user Authorizations.

Created and handled transports from Development to QA boxes using SE09, SE10 and Upload
Download Roles.
Support Training Team to prepare documents for End User training
GRC (Virsa)
User/role remediation support for Sarbanes-Oxley Act (Section 404) using VIRSA Systems VRAT
tool.
Work with VIRSA systems VRAT tool in identifying conflicts single roles and composite roles.
Detailed knowledge of SAP best practices for Application level security as well as segregation of
Duties from standard rule set.
Utilized the VIRSAs Compliance Calibrator (VRAT) tool to check for Segregation of Duties
conflicts at transaction code level and authorization object level.