Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CUA Security - How to remove expired roles from users

Go to solution
Former Member

‎06-29-2007 10:46 PM

0 Kudos

Hello,

We have implemented CUA. Now roles are only removed from users using transaction SU01 or SU10 in the parent. Transaction PFCG is no longer used.

The SU10 mass maintenance transaction does not remove the role but sets the expiry date of the role for the user.

I would like to know if there is an SAP solution for removing these roles from the user or if we have to create our own custom solution?

Carol Mackie

Security Analyst

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎06-30-2007 5:51 PM

0 Kudos

Carol,

You cannot do this via CUA. If you would like to remove the roles here are the steps you need to take:

Disconnect the child client by running RSDELCUA.

Remove the child client from the parent system using RSDELCUA.

Run PRGN_COMPRESS_TIMES in the child system with "remove validity periods that have already expired" checked.

Reconnect the systems. Run SCUA and put in system and save.

Transfer users using SCUG.

Cheers,

Ben

7 REPLIES 7

Go to solution
Former Member

‎06-30-2007 3:54 AM

0 Kudos

Hi Carl

i am in the process of CUA implementation..would you like to share your experiance of CUA ...i mean are there any docs i can refer..

Buddhike

Sri Lanka

Go to solution
Former Member

‎06-30-2007 5:51 PM

0 Kudos

Carol,

You cannot do this via CUA. If you would like to remove the roles here are the steps you need to take:

Disconnect the child client by running RSDELCUA.

Remove the child client from the parent system using RSDELCUA.

Run PRGN_COMPRESS_TIMES in the child system with "remove validity periods that have already expired" checked.

Reconnect the systems. Run SCUA and put in system and save.

Transfer users using SCUG.

Cheers,

Ben

Go to solution
Former Member

‎07-01-2007 5:27 AM

0 Kudos

Hi Carol,

i think you can delete roles from user in SU10 transaction code

Goto <b>SU10</b>-->Specify <b>username</b> --> click on <b>change</b> icon --> Goto <b>Roles</b> tab --> select <b>Remove</b> radio button --> Specify <b>Roles</b> which you want to delete --> Click on Save.

regards,

kanthi

Go to solution
Frank_Buchholz
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎07-16-2007 4:48 PM

0 Kudos

There is trick for removing roles using transaction SU10 as described in the previous posting: Avoid a restriction concerning the date interval (you can enter 01.01.1990 - 31.12.9999). Otherwise the existing role assignments are not deleted but split according to the entered date interval.

kind regards

Frank Buchholz

Go to solution
Former Member
In response to Former Member

‎02-04-2015 6:59 PM

0 Kudos

This message was moderated.

Go to solution
Former Member

‎08-14-2007 11:12 PM

0 Kudos

Hello,

Just an update, we have implemented Support Stack 12 on our SMP server and now the roles are being deleted in SU10 not just expired.

Carol Mackie

Go to solution
Former Member

‎02-05-2015 7:01 PM

0 Kudos

This message was moderated.