Kaushalendra Bagri

Project 1 – SONALIKA (AS-IS S/4 HANA System Analysis)

• Analyzed SAP user types and activity (USR02) to assess system usage, identify inactive users, and detect high-risk access patterns.
• Reviewed critical privileges (SAP_ALL, SAP_NEW, DEBUG), T-codes, and role assignments; assessed master, standard, derived, composite, and custom roles to identify redundancies, dormant roles, and excessive access.
• Performed FASTPATH SOD risk analysis to identify access conflicts, and recommended task-based role redesign to minimize excessive privileges.
• Developed access risk and remediation reports, dashboards, and collaborated with business and IT stakeholders to validate access, and implement corrective actions.

Project 2 - ITC – Personal Care Product Business, Match Box & Agarbatti, Corporate & Hotels (GRC Ruleset Review)

• Conducted comprehensive SAP GRC ruleset reviews to identify gaps, inconsistencies, inactive risks, and compliance issues, including missing custom/standard T-codes, undefined account types, and unmaintained transactions.
• Validated ruleset accuracy by analyzing one-year transaction usage, backend/frontend T-code mappings (TCDCOUPLES), display/ACTVT values (VTACTZ), and missing authorization objects (USOBT_C).
• Assessed risk and function design, identifying false activities, duplicated critical authorizations, risks defined only at the action level, and gaps in function descriptions, mitigating controls, and SOD coverage.
• Reviewed mitigation controls and firefighter access to identify inactive or outdated controls, role-level mitigations, and unmonitored, privileged, or risky access.

Project 3 – T-Mobile – SOX CONTROLS Review

• Conducted SOX IT General Controls (ITGC) review within SAP and SAP GRC environments, assessing access, security, and monitoring controls for audit compliance.
• Reviewed the usage of transactions not maintained in the GRC Ruleset to identify unmonitored or potentially risky access.
• Performed periodic control reviews, including SAP debug access validation, T000 configuration log reviews, and SAP HANA/system account password rotations, ensuring approvals, evidence retention, and restricted access.
• Conducted service and system account access reviews, identified inappropriate or interactive usage, and remediated unauthorized access.
• Communicated findings with control owners, security teams, incorporated feedback, and coordinated timely remediation or access removal.

Project 4 – BOROSIL (Role Re-design)

• Contributed to SAP role redesign initiatives focused on SoD compliance, access risk mitigation, and firefighter/critical access optimization.
• Analyzed one year of SM20 audit logs and transaction usage to evaluate access patterns and role effectiveness.
• Designed task-based, SoD-free roles covering 900+ SAP transaction codes, including master, derived, and enabler roles.
• Designed and maintained SAP Fiori roles aligned with business requirements and backend authorization concepts.
• Automated mass role creation, maintained SU24 and SoD mappings, and supported UAT, role migration, and Go-Live, resolving access issues for over 200 users.

Project 5 – DAIKIN (Role Re-design)

• Led SAP role redesign initiatives, focusing on segregation of duties (SoD) compliance, access risk mitigation, and control optimization.
• Analyzed one year of SM20 audit logs and extracted organizational (T001, T001W, TVTA), and enabler (T161, TVAK, T156, T16FC) data to drive role design decisions.
• Designed task-based, SoD-free roles covering approximately 1,300 SAP transaction codes across FI, MM, SD, QM, PP, PM, HR, and cross-functional modules; created Master, Derived, and Enabler roles aligned to business processes.
• Designed and maintained SAP Fiori roles aligned with business requirements and backend authorization concepts.
• Automated role creation, maintained SU24 and SoD analysis, prepared role matrix and audit documentation, and led UAT, role migration, and Go-Live support for over 500 users.

Project 6 - H&P (FASTPATH Ruleset Update & Role Remediation)

• Maintained and enhanced FASTPATH rulesets, mapping standard and custom SAP T-codes to actions and permissions, with accurate SoD risk classification.
• Extracted and analyzed one year of transaction usage using FASTPATH to assess user access patterns, identify conflicts, and support access governance.
• Remediated roles by creating SoD-compliant roles based on transaction usage analysis, and conflicting T-codes identified during the FASTPATH risk assessment.
• Created and managed Master and Derived Roles aligned with organizational values (Company Code, Plant, Sales Org), automating mass role creation to improve efficiency and consistency.
• Collaborated with business and IT stakeholders to validate findings, confirm legitimate access, and implement corrective actions for excessive or inappropriate privileges.

• Managed SAP system, service, and reference users, ensuring proper provisioning, compliance, and lifecycle management; executed mass user creation/maintenance using SU10 and LSMW.
• Created and modified roles per RDDs and BRM processes, managed transports, SU24 changes, and authorization updates across landscapes.
• Troubleshot authorization issues (ST01, SU53, STAUTHTRACE), performed Access Risk Analysis for SoD violations, and generated security reports (SUIM) for audits and compliance.
• Managed emergency access (firefighter IDs) and leveraged ServiceNow/CRs (CHARM) to track, validate, and implement access, and GRC-related changes efficiently.

• Managed SAP user administration, including creating, maintaining, and deleting accounts, and provisioning missing access with or without GRC; executed mass user creation/maintenance using SU10 and LSMW.
• Created portal users, assigned roles/groups, and leveraged AGR*/USR* tables to validate authorizations, and generate standard/custom SAP security reports.
• Troubleshot authorization issues using ST01 trace, STAUTHTRACE, SU53, and SUIM, and tracked and resolved access issues via the ServiceNow ticketing tool for compliance and governance.