Skip to Content
avatar image
Former Member

Just delete a user?

I think I learned somewhere that users that quit a company have to be saved for another 10 years in the system, it´s a legal question. Uptil now we just deactivated their account, but never deleted them.

Now our consultant says that it´s not enough to just deactivate the account when it comes to licensing questions. We would have to completly delete the account.

Who is right?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Sep 16, 2009 at 03:33 PM

    JP,

    For purposes of licensing, it's true that it's not enough to lock them, but you do not need to delete them. Instead what you must do is change the validity end-date of the user account to the date upon which they left the company or stopped using the system. You find this in SU01, on the Logon data tab, in Validity Period. Change the Valid through field to the correct end-date. The license measurement program (USMM) will not record a user who is past their end-date as counting against a license. Doing this, by the way, will also make the user account unusable, without deleting it. In general as a best practice you do not want to delete user accounts, especially if they have entered or changed data in the system, as the user account remains a reference for the change records on that other data.

    --Matt

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi, Matt

      I hope you're still a recurrent user fo this community...

      I was advised by a consultant to erase the "valid through" date also as a way to also mark it as not in use anymore.

      I find changing the date to the day it is no longer used, a lot more congruent in terms of control and audit processes.

      Could you advise on this the consultant advised? Is it correct?

  • avatar image
    Former Member
    Sep 16, 2009 at 03:42 PM

    What is the way you used follow to "Deactivate" the user id? And to answer your question, you can treat both of them right depending on the scenario of your Licensing rules. Please check it.

    There is no such specific strict rule to keep or delete user ids which are not needed.

    Regards,

    Dipanjan

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 16, 2009 at 09:40 PM

    Deleting a user ID is like creating a SAP zombie.

    Removing their access (or clearing the buffers), locking the account (not the password) and retiring them to an obsolete user ID user group is like locking Freddie Kruger in jail.

    Take your pick... 😉

    Jokes aside, please take a look at the FAQ thread at the top of the forum which links to some interesting discussion on this very topic.

    If you can imagine that something has been asked before, then looking in an FAQ or using the search is a good place to start.

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 17, 2009 at 06:11 AM

    Thank you for your quick answers! We will then change the user validity period to the last day the user used the account.

    kind regards, Peter

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      and don't use USMM for license auditing, if you don't have to ... use SLAW instead. the RSLAW_PLUGIN report consolidates with less bugs and also provides the latest improvements, so check for the latest version of the tool here: service.sap.com/licenseauditing (only: not right now, the link is outdated, but i have informed SAP about it).

      Julius way of treating 'retired' UserIDs is the very best: change valid-to date and attach to a user-group which contains only the 'retirees'. in this way you are saving the history of that user = you can always tell, who changed which master data or document.

      if you want to get rid of your users, there's the possiblity of archiving them (and several other security thingies) -> transaction SARA, objects: US_USER, US_PROF, US_PASS, US_AUTH. to be on the safe side for legal requirements, transfer the archive files to an (optical) archiving system and keep them there as long as needed.

  • avatar image
    Former Member
    Sep 18, 2009 at 12:37 PM

    We can lock the user in the system by end dating his Validity date. Also remove all access that has been provided to user.

    This will ensure that user is as good as deleted from the system

    Add comment
    10|10000 characters needed characters exceeded