Sapdatabase for all sap modules

sapdatabase provides you all sap modules information,latest updates

Sapdatabase for sap education

sapdatabase provides you all sap modules material,interview needs

Sapdatabase for all sap information

Sapdatabase makes you as a sap professional

Sapdatabase for outsourcing and online training

Sapdatabase provides you online training,outsource services for all sap modules in econamic fee

Sapdatabase for sap jobs

Sapdatabase makes job searching for you

Showing posts with label SAP SECURITY. Show all posts
Showing posts with label SAP SECURITY. Show all posts

Saturday, September 29, 2012

Sample Fresher SAP Basis Security resume


Abdhul kalam
=================================================

Professional Summary:

·         Having 1+ year of experience in SAP as a SAP Basis and Security Consultant. Experience in R/3, GRC Authorizations, GRC and Security Project Support, R/3 monitoring. Documenting the Procedures and policies.
·         Preventative, mitigating and compensation controls to ensure the appropriate level of protection and adherence to the goals of the overall SAP security strategy
·         Experienced in background job management like monitoring, Defining and scheduling background jobs.
·         Experienced in user Administration Creation of users, mass users, user groups, Lock and unlock the users.
·         Experienced in client Administration & Maintenance, Creation of clients and defining Client settings, Create Logical System names and Assigning logical system names to Clients. Local client copy, Remote client copy.
·         Knowledge on BW Administration workbench- BW Info cubes, Info objects, Hierarchy, Variables, Update and transfer rules, Info Areas, Info object catalog.
·         R/3 profile maintenance, maintain parameters in default, startup, instance profiles.
·         Knowledge on Maintenance of HR organizational structure to administer and control user access, including time-delimited access (e.g. temporary assignments to positions)


Technical skills:

ERP                       :   ECC 6.0 ehp5
Database               :   Oracle 10g,11g
Operating Systems: Windows server 2008R2,Suse linux 11sp1  

Experience:

·         Currently working at SAPDATABASE as SAP Security Consultant.

Education Qualification:

·         2010 Mater in Computer Application Acharya Nagarjuna University, India.

Current project:

SAPDATABASE from April 2010 to till date 
Client Description:
SAPDATABASE is one of the Largest 3rd party web portal in india.
Client                          :           SAPDATABASE
Environment               :            ECC 6.0 ehp5 & Net weaver 7.3, GRC 5.3, Oracle 10g
Designation                 :           Junior Basis Consultant.
Duration                      :           April 2010 to till date
Project type                 :           Support
Team size                    :           2

Roles and Responsibilities
  •  Checking the SOD while creating the new userids.
  • Checking the SOD for New roles and existing roles.
·         Creating and testing the RFC destinations.

  • Restricted users access to transaction SE38 and advised alternate solutions to it.

  • Creating the mitigation controls.
  • Taking the Fire fighter reports.
  • Created the Base and derived roles.
·         Creating new user accounts and user groups
·         Analyze the user problems by using SU53.
·         Role maintenances and creating transport request for roles.
·         Mass user Maintenance.
·         Removed the SAP Roles
·         Identifying potential SOD issues before assigning new roles to the user.
  • Providing the firefighter access to the users.
  • Periodical checking daily firefighter ID logs.
  • Tracing the missing authorizations and analyze the user problems by using ST01.
  • Creating new user accounts and user groups.
  • Spool Administration.
  • Table space Administration: Checking for space problems in table space, adding data file to table space using BRTOOLS.
  • Configuring Logon Load Balancing using SMLG.
  • Applying Support Packs and add-on via SPAM/SAINT.
  • Monitoring System Logs and ABAP Dump Analysis.
  • Day to day monitoring of systems.
  • Monitoring and scheduling background jobs
  • Monitoring database backups and archive log space.
  • Database administration and adding Data file when required.
  • User Administration like user creation, deletion of users and mass user creation.
  • Handling user problems like resetting passwords, unlocking the users.
  • Handling security issues like role creation, role modifications.




Saturday, February 25, 2012

Adding Authorization Objects and Authorizations to a Role


1. Log on to client 100 in the DEV SAP system.
2. Go to transaction PFCG.
3. On the Role Maintenance screen, enter the Role you want to change. Click theChange button.
4. On the Change Role screen, click the Authorizations tab and then click the pencil picture-icon.
5. If you are only adding a start up transaction to the role, skip to step 10. Otherwise, the assumption is that a new authorization object is to be added. On the Change role: Authorizations screen, click the +Manually button.
6. On the Manual selection of authorizations popup, enter the authorizations objects that need to be added (ie S_DEVELOP, S_PROGRAM, etc.) Click the green √ when you are finished.
7. Back on the Change role: Authorizations screen, if all the displayed signal lights are green, skip to step 8. Otherwise, fully expand the lines that are yellow and/or red and supply the necessary information. All signal lights should be green before moving to the next step.
8. On the Change role: Authorizations screen, click the Save picture-icon. You will receive a Data saved confirmation message in the status bar at the bottom of the screen.
9. On the Change role: Authorizations screen, click the red-and-white beach ball picture-icon to generate a profile from the saved role. Reply affirmatively if any confirmation popups. You will receive a Profile(s) created message in the status bar at the bottom of the screen. If you do not need to add any start up transactions to the profile, you may now leave the PFCG transaction.
10. On the Change Role: Authorizations screen, expand the Cross-application Authorization Objects  Authorization Check for Transaction Start  Authorization Check for Transaction Start until you see the Transaction code entry line. Double-click on the entry portion of the Transaction code line.
11. In the Maintain Field Values popup, scroll down the list until you find a blank Fromand To line. Enter the transaction(s) to be added, and click the Save picture-icon when you have finished.
12. On the Change role: Authorizations screen, click the Save picture-icon. You will receive a Data saved confirmation message in the status bar at the bottom of the screen.
13. On the Change role: Authorizations screen, click the red-and-white beach ball picture-icon to generate a profile from the saved role. Reply affirmatively if any confirmation popups. You will receive a Profile(s) created message in the status bar at the bottom of the screen.
14. You may now leave the PFCG transaction.

How to Adding Authorization Objects and or Authorizations to a Profile in sap

1. Log on to the appropriate client in the appropriate SAP system.
2. Go to transaction SU02.
3. In the Manually edit authorization profiles section of the Profile: Initial Screen screen, enter the Profile you want to change. Make sure the Active only □ is checked. Click theCreate work area for profiles button.
4. On the Profile List screen, double-click the profile to be changed.
5. A profile can contain authorization objects only (single profile) or one or more other profiles (collective profile). If the next screen is titled Maintain Profile, this is a single profile, and you should proceed to the next step. If the next screen is titled Collect Profiles, this is a collective profile and you should skip to step 13.
6. On the Maintain Profile screen, you must decide if you need to add a new authorization object and one or more of its authorizations, or add a new authorization to an authorization object already in the profile. If you need to add a new authorization to an authorization object already in the profile, skip to step 7. Otherwise, scroll down the Consisting of authorizations list until you find a blank line. Type the authorization object you need to add and press Enter. You will need to scroll through the list again until you find the authorization object you just added (it is was to find since the Authorization column should still be blank). Once you find the new entry line, use the drop down to fill in the Authorization column. Click on the Save picture-icon.
7. If you need to add another authorization to an authorization object already in the profile list, click on the +Add authorization button.
8. From the Maintain Profiles: Object Classes screen, double-click the Object class of the authorization you are adding.
9. On the Maintain Profiles: List of Authorizations screen, select the authorization you need to add by double-clicking the appropriate line. This will return you to the Maintain Profile screen where you can see that your authorization has been added.
10. On the Maintain Profile screen, click the Save picture-icon. Then click the lit match picture-icon to activate the new profile changes.
11. On the Activate Profile: Execution Screen screen, click on the lit match picture-icon to complete the profile activation process.
12. You may now leave the SU02 transaction.
13. In order the change a profile collection, you must make the changes in one or more of the dependent profiles, save the changes in the dependent profile(s), activate the dependent profile(s), save the collection owner profile, and activate the collection owner profile. On the Collect Profiles screen, double-click on the profile you want to change.
14. You will be taken to the Maintain Profile screen. Perform steps 6 to 11. Then use the white arrow on green picture-icon to go back.
15. On the Collect Profiles screen, click the Save picture-icon. Then click the lit match picture-icon to activate the new profile changes.
16. On the Activate Profile: Execution Screen screen, click on the lit match picture-icon to complete the profile activation process.
17. You may now leave the SU02 transaction.

what are the Users, Roles, and Authorizations in sap


SAP security is based on authorization objects and authorizations. An authorization object is used to indicate that a user can perform a certain activity. An authorization is used to limit the scope of that activity.
For example, a profile contains the S_DEVELOP authorization object. This authorization object allows a user to perform ABAP workbench activities. Some users will need to do all ABAP activities while others will only need to perform a few. So S_DEVELOP has a selection of authorizations you can use: ACTVT, DEVCLASS, OBJNAME, OBJTYPE, and P_GROUP. The authorizations are set to the appropriate values as needed. A tree view of the S_DEVELOP authorization object can be seen below:
S_DEVELOP
ACTVT
Create or generate
Change
Display
Delete
Activate, generate
Execute
Create in DB
Delete in DB
Convert to DB
Administer
Copy
All Functions
Deactivate Mod. Assistant
DEVCLASS
Single Value or Value Range
OBJNAME
Single Value or Value Range
OBJTYPE
Single Value or Value Range
P_GROUP
Single Value or Value Range
The S_DEVELOP authorization object in a profile lets a user perform ABAP workbench activities. But having a S_DEVELOP authorization object with the ACTVT authorization value set to Display (03) means that the user is limited to display only in the ABAP workbench transactions. Thus we see that authorization objects grant while authorizations limit. It is important to remember, however, that a user with a profile having a S_DEVELOP with full authorizations still cannot access an ABAP workbench transaction until a matching S_TCODE (start up transaction code) has been added as well. In other words, a user may have the rights to add, modify and delete ABAP programs but until an entry for SE38 has been added to the S_TCODE authorization object, he cannot access transaction SE38 which is the ABAP Editor.
All authorization objects and authorizations are grouped into profiles before being attached to users. Profiles use a combination of authorization objects and their respective authorizations, and their creation can be complex as well as tedious. In order to simplify the creation of profiles, the Profile Generator (transaction PFCG) was created. Roles are created via a more user-friendly interface which generates profiles based on the information added via this interface.
Manually creating profiles is the “old” way of doing things. There are times, such as the start of a new SAP landscape where no roles exist, that the use of profiles is handy. But once the landscape has been completed all users, with the exception of the Basis team, should be attached to roles. There should never be a need to manually create a SAP new profile. To add a new role, the easiest method is to copy an existing role that matches your needs as closely as possible and make the changes you need for the new role.