Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

account lock & further deletion

Former Member

‎04-20-2007 4:52 AM

0 Kudos

Hi guys, i need to know the effects/impacts of deleting user account from SAP for the terminated employees.

Is it to the management to decide for the removal of accounts? Or what is the std. rule for locking & deleting an user account from the system?

Pls advise.

rgds,

pri

13 REPLIES 13

Former Member

‎04-20-2007 6:39 AM

0 Kudos

Usually the accounts of the employees terminated from the organisation are stored in the System and not deleted.Its for the management to decide on the same.Else the system will lock the users after 60days if there is no login from that user id and again after another 30 days the user id is deleted.This is done usually by the background jobs running in the system

**Reward points if helpful

Message was edited by:

muhammed junaid

Former Member
In response to Former Member

‎04-21-2007 9:09 AM

0 Kudos

Dear Friends,

Which background job i have to be run.

Please revert back.

Thanks,

Regards,

Sachin

Former Member
In response to Former Member

‎04-21-2007 11:18 AM

0 Kudos

Hi Sachin,

You can run the following reports to get the data of the users. Later the locked users can be deleted from the system and those with the period of login more than the set time can be locked

RSUSR002 – display users according to complex search criteria

RSUSR200 – Users according to logon date and password change, locked users.

**Reward points suitable for the answer

Junaid

Former Member
In response to Former Member

‎04-21-2007 11:33 AM

0 Kudos

Hi all,

Well its all discussed from security point of view but what from the licencing point of view?

Is a locked user counted as one licence?

If the validity date of a user has expired is he counted as one licence?

Any clarification on the matter is appreciated.

Regards

Former Member
In response to Former Member

‎04-21-2007 11:51 AM

0 Kudos

Yes, the user is accounted for license till the time it exists in the system.Either locked or unlocked

http://www.sap-img.com/sap-overview/help-to-understand-sap-licenses.htm

**Reward points for suitable answers

Message was edited by:

Mohammed Junaid Ahmed

Former Member
In response to Former Member

‎04-25-2007 2:17 AM

0 Kudos

Mohammed,

Are you sure about your statement "user is accounted for license till the time it exists in the system. Either locked or unlocked"? The last time I run system measurement was over two years ago, but I vaguely remember an admin locked (vs password locked) uid or user with expired valid to date are not counted in the total license users report I send to SAP. I am not 100% sure, cause it was over two years ago.

Thanks,

Lye

Former Member

‎04-20-2007 6:53 AM

0 Kudos

Hi Ann,

Ideally, the validity date is set to the leaving date of the organisation for the user. Then the ID is retained in the system for 60 days (Dependson the company IS policy) or so and then deleted from the system.

Junaid had a few points as well...

Br,

Sri

Award points for helpful answers

praveenkumar_kadi
Active Contributor

‎04-20-2007 7:59 AM

0 Kudos

Hi,

The user id has to be locked the moment when user gives exit interview. else there may be a security loop hole comes under secutiy audit issue.

I suggest User id should be locked as soon as employee signs termintaion letter and can be deleted automatically after 30 days.

manohar_kappala2
Contributor

‎04-20-2007 4:06 PM

0 Kudos

Hi,

when you delete a user you would lose some part of the trail of his actions which might be an issue as per the compliance issues.

So these ID's are locked and validity changed to the date of exit of that particular user so that we still have the user and can avoid him to login.

So once we are pretty sure that the deletion of the ID's would not have any negative ramifications there are deleled.

So its the top management's call as to how they want to address this particular issue and varies as per the firms policy.

Normally a better approach would be to lock the ID's and end the validity date.

Manohar

Former Member
In response to manohar_kappala2

‎04-20-2007 4:16 PM

0 Kudos

Hi Manohar,

I agree, but may be we would not ideally love to see ID's around in our SAP systems locked and validity dates end. I have seen projects with some ones who delete ID's with in 30 days and a few would retain their locked ID's until 90 days.

But rarely i have seen companies holding onto their old ID's more than that time frame...

Br,

Sri

manohar_kappala2
Contributor
In response to manohar_kappala2

‎04-20-2007 4:23 PM

0 Kudos

Completely agree to what you have said.

Thats the very reason I said that its the organisations call as to how it should be...

regards,

manohar

Former Member
In response to manohar_kappala2

‎04-24-2007 2:16 AM

0 Kudos

Hi, how do we know the effects if we delete an account from the system. I mean how to find the lost of trial of user actions...

Pls help to understand how we can know the -ve impacts once deleted....

My client does not have any security experts, but want to find out from experts on the impacts of deletion from SAP point of view....

Former Member
In response to manohar_kappala2

‎04-25-2007 7:24 AM

0 Kudos

Remember that in some parts of SAP (PM f.i.) Processess depend on UID's that exists in SAP. So with deletion of UID you can obstruct that process!!!

Locked and delimited UID's do not count for Licence fee!!!

Also for audit trails one needs to be able to show who is behind a UID.

I know a number of BIG companies that do NOT delete UID"s but lock them!

It is not only up to management to decide her!!!