India-flagINDIA : +91-8099902123   usa-flagUSA : 201-710-8393
Call Me Back

training courses


SAP Security Roles and Responsibilities
Different type of SAP systems
  • R/3(old) or ECC(new)
  • APO
  • CRM
  • BI
  • SRM
  • Central User Administration(CUA)
  • Portal
  • GRC toll for SAP Security (old toll - VIRSA)
User Administration Tasks
  • Password Reset
  • User lock and unlocking
  • User creation – IT user and Business user
  • Different type of users OSS & RFC
  • User Groups creation
  • User Parameters updating
  • Changing user group
  • Updating user date format, decimal notation, Time zone & Printers
  • Adding roles to users on permanent or temporary basis
  • Deleting roles from user
  • Adding or deleting profiles to user (not required..just to know)
  • Down loading security reports from SUIM
  • Finding missing authorizations with the SU53 dump
  • Finding role with SU53  missing authorization
  • Assigning additional roles to the user with or without validity
  • Assigning a role to the 100 users at a time(SU10)
  • Locking and unlocking 100 users at a time
  • Changing user group or time zone to 100 users at a time
  • Creation of RFC,BATCH and OSS users
  • Extending user validity and extending role validity
  • User inactivation and user reactivation
  • User termination
  • Downloading STAD report from user
  • Checking the audit logs -  SM20
  • Tracing the user authorizations
  • CUA Administration
  • Transaction lock and unlock
  • Mass role deletion( 2 Types)
Role Administration
  • Following roles naming convection while creation of roles
  • Creation of single roles
  • Creation of composite Roles
  • Creation of Derived roles
  • Adding Tcode to a role
  • Removing Tcode from a role
  • Updating objects in the roles as per missing authorization dump
  • Updating organizational values in to the roles
  • Creating global roles in all the systems
  • Updating roles while creation and modification with the reference of SU24
  • Role transportation (including inter client)
  • Template role creation
  • Area menu role creation
  • Role upload and download
  • Role Deletion
  • Pfud & supc ( Monthly maintenance security Activities)
Posting change notice
  • Number Range for PCN
  • Create Posting change Notice Manually
  • Creating PCN Automatically
  • Convert PCN to TO
Other Key Activities
  • Client open
  • OSS connection open and access details update in service market place
  • RFC connection creation
  • Providing sensitive Tcode, objects and Roles access
  • Providing fire call access (User firecall/Role firecall)
  • Providing developer key
  • Providing access key for object
  • PFUD and SUPC for maintenance activity
  • SAP Licensing(Measurement Data) 
  • Portal user administration including mass changes
SAP Security Reporting for SOX Compliance
  • Downloading user’s login report who are not login to the system from past 7 days after creation user ID
  • Downloading user’s report who are not login to the system from past 45 days 
  • Down loading user’s report who are not login to the system from past 90 days 
  • Client Settings status scc4, scc1
  • Security System Parameter checking – RZ11
  • Forbidden Password Report---SE16---USR40
  • Tracking security users list and their roles---SUIM
  • List the non dialog users and make sure those users should not be in locked status--SUIM
  • Random request checking for quality of work
  • User termination as per weekly HR termination report
  • Download SM20-audit log report on weekly basis
  • Users with Incomplete Address Data - rsusr007(Last Name, First Name, Email)
  • No User should have SAP_ALL & SAP_NEW profiles assigned to dialog users-SUIM
  • RSUSR003 is used for checking SAP* and DDIC in all clients along with login parameters. This report is used to ensure SAP* and DDIC have been secured in all clients. This report also allows checking of login parameters, such as number of invalid login attempts until user lock, login/system and client.
  • Document details steps of Emergency ID process for debug access.(AGR_USERS) Debug Roles should be expired for users.
    Review Batch, RFC and Sensitive Accounts – SUIM (Users should not be locked)
SAP Security Tables ( SE16 or SE16N)
  • AGR_USERS           - Users list for a role
  • AGR_TCODES        - Tcodes list for a role
  • AGR_AGRS            - List of single roles in comp role AGR_DEFINE         - List of derived roles in a parent role
  • AGR_1251             - role completed information
  • AGR_1252             - org values details for a role

  • USR01                    -USER MASTER DATA (RUNTIMEDATA)
  • USR02                    -LOGON DATA                (PASSWORD, USERNAME, VALIDITY DATE ETC..)
  • USR06                    -LICENSE DATA
  • USR40    -                 illegal passwords list
  • USOBT  Relation            -transaction to authorization object (SAP) 
  • USOBT_C  Relation        -Transaction to Auth. Object (Customer) 
  • USOBX  Check                  -table for table USOBT 
  • USOBXFLAGS                     -Temporary table for storing USOBX/T* chang 
  • USOBX_C  Check              -Table for Table USOBT_C
  • Overview of BI System (BI 7.0)
  • Reporting Authorization Objects
  • BI Analysis Authorizations
  • Trouble shooting.
SAP ECC systems
  • ECC DEV (DR2)   -100 and 200                      
  • ECC Test (QR2)  -100 and 200
  • ECC PRD (PR2)   -100
  • CRM DEV (DC2)  -100,200 and 400
  • CRM TEST (QC2)  -100,200 and 400
  • CRM PRD (PC1) -100
GRC Topics
GRC Access control 5.3
  • Introduction
  • SOX Rules and SOD Concepts
BRisk Analysis and Remediation (RAR)
  • Risk Analysis on User and Role Level
  • Rule set
  • Mitigation
  • Configuration of RAR
Super User Privilize Management (SPM)
  • Fire Fighter Configuration
  • Reports
Over view On Compliance User Provisioning (CUP)
  • Performing Fire Fighter activity in EAM
  • Approver delegation and approver delegation report
  • Owner assigning firefighter id’s and controllers
  • User level violation report
  • Role level violation report
  • Finding mitigated users list
  • Background Jobs schedule and monitoring
  • How to find the log report of the Firefighter by using SPM

If you want to know more about SAP GRC Training do not hesitate to call +91-9393 002 123 or mail us on