- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Just delete a user?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Just delete a user?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2009 4:15 PM
I think I learned somewhere that users that quit a company have to be saved for another 10 years in the system, it´s a legal question. Uptil now we just deactivated their account, but never deleted them.
Now our consultant says that it´s not enough to just deactivate the account when it comes to licensing questions. We would have to completly delete the account.
Who is right?
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2009 4:33 PM
JP,
For purposes of licensing, it's true that it's not enough to lock them, but you do not need to delete them. Instead what you must do is change the validity end-date of the user account to the date upon which they left the company or stopped using the system. You find this in SU01, on the Logon data tab, in Validity Period. Change the Valid through field to the correct end-date. The license measurement program (USMM) will not record a user who is past their end-date as counting against a license. Doing this, by the way, will also make the user account unusable, without deleting it. In general as a best practice you do not want to delete user accounts, especially if they have entered or changed data in the system, as the user account remains a reference for the change records on that other data.
--Matt
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2015 10:04 PM
Hi, Matt
I hope you're still a recurrent user fo this community...
I was advised by a consultant to erase the "valid through" date also as a way to also mark it as not in use anymore.
I find changing the date to the day it is no longer used, a lot more congruent in terms of control and audit processes.
Could you advise on this the consultant advised? Is it correct?
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2009 4:42 PM
What is the way you used follow to "Deactivate" the user id? And to answer your question, you can treat both of them right depending on the scenario of your Licensing rules. Please check it.
There is no such specific strict rule to keep or delete user ids which are not needed.
Regards,
Dipanjan
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2009 10:40 PM
Deleting a user ID is like creating a SAP zombie.
Removing their access (or clearing the buffers), locking the account (not the password) and retiring them to an obsolete user ID user group is like locking Freddie Kruger in jail.
Take your pick...
Jokes aside, please take a look at the FAQ thread at the top of the forum which links to some interesting discussion on this very topic.
If you can imagine that something has been asked before, then looking in an FAQ or using the search is a good place to start.
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2009 7:11 AM
Thank you for your quick answers! We will then change the user validity period to the last day the user used the account.
kind regards, Peter
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2009 7:18 AM
> the last day the user used the account.
You can also do this for a date in the future, for e.g. their retirement date or end of contract date.
Same goes for roles, for e.g. change of department.
In both cases the system does the work for you.
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2009 9:06 AM
and don't use USMM for license auditing, if you don't have to ... use SLAW instead. the RSLAW_PLUGIN report consolidates with less bugs and also provides the latest improvements, so check for the latest version of the tool here: service.sap.com/licenseauditing (only: not right now, the link is outdated, but i have informed SAP about it).
Julius way of treating 'retired' UserIDs is the very best: change valid-to date and attach to a user-group which contains only the 'retirees'. in this way you are saving the history of that user = you can always tell, who changed which master data or document.
if you want to get rid of your users, there's the possiblity of archiving them (and several other security thingies) -> transaction SARA, objects: US_USER, US_PROF, US_PASS, US_AUTH. to be on the safe side for legal requirements, transfer the archive files to an (optical) archiving system and keep them there as long as needed.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2009 1:37 PM
We can lock the user in the system by end dating his Validity date. Also remove all access that has been provided to user.
This will ensure that user is as good as deleted from the system
- SAP Managed Tags:
- Security
