06-29-2007 10:46 PM
Hello,
We have implemented CUA. Now roles are only removed from users using transaction SU01 or SU10 in the parent. Transaction PFCG is no longer used.
The SU10 mass maintenance transaction does not remove the role but sets the expiry date of the role for the user.
I would like to know if there is an SAP solution for removing these roles from the user or if we have to create our own custom solution?
Carol Mackie
Security Analyst
06-30-2007 5:51 PM
Carol,
You cannot do this via CUA. If you would like to remove the roles here are the steps you need to take:
Disconnect the child client by running RSDELCUA.
Remove the child client from the parent system using RSDELCUA.
Run PRGN_COMPRESS_TIMES in the child system with "remove validity periods that have already expired" checked.
Reconnect the systems. Run SCUA and put in system and save.
Transfer users using SCUG.
Cheers,
Ben
06-30-2007 3:54 AM
Hi Carl
i am in the process of CUA implementation..would you like to share your experiance of CUA ...i mean are there any docs i can refer..
Buddhike
Sri Lanka
06-30-2007 5:51 PM
Carol,
You cannot do this via CUA. If you would like to remove the roles here are the steps you need to take:
Disconnect the child client by running RSDELCUA.
Remove the child client from the parent system using RSDELCUA.
Run PRGN_COMPRESS_TIMES in the child system with "remove validity periods that have already expired" checked.
Reconnect the systems. Run SCUA and put in system and save.
Transfer users using SCUG.
Cheers,
Ben
07-01-2007 5:27 AM
Hi Carol,
i think you can delete roles from user in SU10 transaction code
Goto <b>SU10</b>-->Specify <b>username</b> --> click on <b>change</b> icon --> Goto <b>Roles</b> tab --> select <b>Remove</b> radio button --> Specify <b>Roles</b> which you want to delete --> Click on Save.
regards,
kanthi
07-16-2007 4:48 PM
There is trick for removing roles using transaction SU10 as described in the previous posting: Avoid a restriction concerning the date interval (you can enter 01.01.1990 - 31.12.9999). Otherwise the existing role assignments are not deleted but split according to the entered date interval.
kind regards
Frank Buchholz
02-04-2015 6:59 PM
08-14-2007 11:12 PM
Hello,
Just an update, we have implemented Support Stack 12 on our SMP server and now the roles are being deleted in SU10 not just expired.
Carol Mackie
02-05-2015 7:01 PM