This website is not affiliated with, sponsored by, or approved by SAP AG.

weekly work for SAP security admin

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

weekly work for SAP security admin

Postby Jaydhruv » Tue Aug 09, 2011 4:21 am

wanted to post a question on the workload for sap security admin.
we have approximately on an average 5 sap role modifications request per week in our landscape.
Each change has to follow the following process steps executed by a single sap security role admin.
1.) Role change request received through remedy ticket. each change may be as simple as 1 transaction addition in 1 role or may be multiple roles involving multiple transactions.
2.) Analyze the change and get approval from role owner in an email.
3.) Run sox simulation check and communicate to the everyone if there is an issue.
4.) make the change in security client in dev. create a transport. copy the change to another client in dev system using SCC1 transport utility. assign the new role to the test id. perform self testing that transaction is executable. hence sox check and unit testing is completed.
5.) create testcase in mercury tester to facilitate functional testing. communicate the test id to the technology functional user to carry out functional testing with data. coordinate with functinal user. attach proof of functional testing to QC(mercury test tool).
6.) submit a change request form to move the change to test system. once the change is available in test system. coordinate with business user to complete acceptance testing in Test system. attach proof of acceptance testing to mercury.
7.) once acceptance testing is complete, wait for the change to move to production system. provide proof of validation for all the changes to test team. (screenshots basically). close the work order.

as you can see, each change has coordination and 4 test cycles. many of you might be following similar test cycles and process. my question is - is the workload sufficient for a single person or is it less for weekly work load as per your experience. remember role admin is strictly involved in role changes and no user assignments. he also helps in all issues related to SAP GRC, sap audits, etc.
Swim monkey
Jaydhruv
 
Posts: 45
Joined: Thu Jun 26, 2003 2:12 am
Location: Florida, USA

Re: weekly work for SAP security admin

Postby Al. » Wed Aug 10, 2011 2:22 am

Hi,

Based on that, I would say that the role is part time - prob 2 days per week. If it was just role changes with less process around it then 1 day maximum. Waiting for testing from business users is going to drag out the elapsed time but not actual effort.

Of course, the rest of the activities (audits, GRC support etc) could be quite a lot or just a couple of hours a week....

Cheers
http://www.turnkeyconsulting.com/
Al.
 
Posts: 3050
Joined: Tue Feb 25, 2003 5:35 am
Location: London

Re: weekly work for SAP security admin

Postby Jaydhruv » Thu Aug 11, 2011 2:00 am

Also helps in sox weekly reporting. 2 internal monthly controls. Attends 4 to 6 meetings. Supports audit for sap security. Supports sap role reconciliation. Any non production issues
Swim monkey
Jaydhruv
 
Posts: 45
Joined: Thu Jun 26, 2003 2:12 am
Location: Florida, USA

Re: weekly work for SAP security admin

Postby Al. » Thu Aug 11, 2011 4:26 am

OK, maybe bump up to 3 days maximum. 5 days to do just that would be a very nice job for someone!
http://www.turnkeyconsulting.com/
Al.
 
Posts: 3050
Joined: Tue Feb 25, 2003 5:35 am
Location: London

Re: weekly work for SAP security admin

Postby Jaydhruv » Mon Aug 15, 2011 5:22 am

Here is a breakup which would provide some more insight

He is solo person to guide user support for 450+ users :- any issue related to security gets routed through him. also provides arhitecture support.
Dev/Test support ( 4 hours )
5-6 changes per week. 4 cycles of testing, 3 forms to submit, test scripts, plenty of coordination & followup involved (( Easy 24+ hours ) )
(3 hours ) sox weekly reporting, audit queries
(5 hours ) Attends 4 to 6 meetings
Communication : 6 hours per week ( emails )

4+24+3+5+6 = 46.
Swim monkey
Jaydhruv
 
Posts: 45
Joined: Thu Jun 26, 2003 2:12 am
Location: Florida, USA

Re: weekly work for SAP security admin

Postby Al. » Tue Aug 16, 2011 12:26 am

If you are confident with your numbers then that's OK!

I'm saying that I would expect a lot more on the technical side (20+ changes and all user admin for maybe 2 stacks) during a working week.
http://www.turnkeyconsulting.com/
Al.
 
Posts: 3050
Joined: Tue Feb 25, 2003 5:35 am
Location: London

Re: weekly work for SAP security admin

Postby os » Fri Aug 26, 2011 11:05 am

Sounds reasoable considerig the forms to submit.

With 450 user IDs and well built roles and well trained admin to keep his / her live easy, you can get the change requests down to 5 per week.

Make it a KPI for the person and the tester and and they narrow it down even further ;)
os
 
Posts: 469
Joined: Wed Dec 21, 2005 10:51 am

Re: weekly work for SAP security admin

Postby Al. » Sun Aug 28, 2011 11:40 am

Os, I would like to work for you :wink: If one of my team thought that was a full weeks work then there would be some words to be had!
http://www.turnkeyconsulting.com/
Al.
 
Posts: 3050
Joined: Tue Feb 25, 2003 5:35 am
Location: London

Re: weekly work for SAP security admin

Postby os » Thu Sep 08, 2011 12:38 pm

In the small text I mentioned "well built roles" and also "testers" with KPIs for the testing... ;-)

Inheriting old concepts is different.
os
 
Posts: 469
Joined: Wed Dec 21, 2005 10:51 am


Return to SAP Security

Who is online

Users browsing this forum: No registered users and 6 guests





loading...


This website is not affiliated with, sponsored by, or approved by SAP AG.