04-20-2007 4:52 AM
Hi guys, i need to know the effects/impacts of deleting user account from SAP for the terminated employees.
Is it to the management to decide for the removal of accounts? Or what is the std. rule for locking & deleting an user account from the system?
Pls advise.
rgds,
pri
04-20-2007 6:39 AM
Usually the accounts of the employees terminated from the organisation are stored in the System and not deleted.Its for the management to decide on the same.Else the system will lock the users after 60days if there is no login from that user id and again after another 30 days the user id is deleted.This is done usually by the background jobs running in the system
**Reward points if helpful
Message was edited by:
muhammed junaid
04-21-2007 9:09 AM
Dear Friends,
Which background job i have to be run.
Please revert back.
Thanks,
Regards,
Sachin
04-21-2007 11:18 AM
Hi Sachin,
You can run the following reports to get the data of the users. Later the locked users can be deleted from the system and those with the period of login more than the set time can be locked
RSUSR002 display users according to complex search criteria
RSUSR200 Users according to logon date and password change, locked users.
**Reward points suitable for the answer
Junaid
04-21-2007 11:33 AM
Hi all,
Well its all discussed from security point of view but what from the licencing point of view?
Is a locked user counted as one licence?
If the validity date of a user has expired is he counted as one licence?
Any clarification on the matter is appreciated.
Regards
04-21-2007 11:51 AM
Yes, the user is accounted for license till the time it exists in the system.Either locked or unlocked
http://www.sap-img.com/sap-overview/help-to-understand-sap-licenses.htm
**Reward points for suitable answers
Message was edited by:
Mohammed Junaid Ahmed
04-25-2007 2:17 AM
Mohammed,
Are you sure about your statement "user is accounted for license till the time it exists in the system. Either locked or unlocked"? The last time I run system measurement was over two years ago, but I vaguely remember an admin locked (vs password locked) uid or user with expired valid to date are not counted in the total license users report I send to SAP. I am not 100% sure, cause it was over two years ago.
Thanks,
Lye
04-20-2007 6:53 AM
Hi Ann,
Ideally, the validity date is set to the leaving date of the organisation for the user. Then the ID is retained in the system for 60 days (Dependson the company IS policy) or so and then deleted from the system.
Junaid had a few points as well...
Br,
Sri
Award points for helpful answers
04-20-2007 7:59 AM
Hi,
The user id has to be locked the moment when user gives exit interview. else there may be a security loop hole comes under secutiy audit issue.
I suggest User id should be locked as soon as employee signs termintaion letter and can be deleted automatically after 30 days.
04-20-2007 4:06 PM
Hi,
when you delete a user you would lose some part of the trail of his actions which might be an issue as per the compliance issues.
So these ID's are locked and validity changed to the date of exit of that particular user so that we still have the user and can avoid him to login.
So once we are pretty sure that the deletion of the ID's would not have any negative ramifications there are deleled.
So its the top management's call as to how they want to address this particular issue and varies as per the firms policy.
Normally a better approach would be to lock the ID's and end the validity date.
Manohar
04-20-2007 4:16 PM
Hi Manohar,
I agree, but may be we would not ideally love to see ID's around in our SAP systems locked and validity dates end. I have seen projects with some ones who delete ID's with in 30 days and a few would retain their locked ID's until 90 days.
But rarely i have seen companies holding onto their old ID's more than that time frame...
Br,
Sri
04-20-2007 4:23 PM
Completely agree to what you have said.
Thats the very reason I said that its the organisations call as to how it should be...
regards,
manohar
04-24-2007 2:16 AM
Hi, how do we know the effects if we delete an account from the system. I mean how to find the lost of trial of user actions...
Pls help to understand how we can know the -ve impacts once deleted....
My client does not have any security experts, but want to find out from experts on the impacts of deletion from SAP point of view....
04-25-2007 7:24 AM
Remember that in some parts of SAP (PM f.i.) Processess depend on UID's that exists in SAP. So with deletion of UID you can obstruct that process!!!
Locked and delimited UID's do not count for Licence fee!!!
Also for audit trails one needs to be able to show who is behind a UID.
I know a number of BIG companies that do NOT delete UID"s but lock them!
It is not only up to management to decide her!!!