User licensing Count - Best Strategy

Former Member · ‎06-07-2012

We have few questions and issues regarding SAP Licensing. We want to
manage our SAP user/employee licensing efficiently and not pay for user
license or be counted as license when the user is not with the company
or an inactive user. Please advise what is the Best SAP Practice for
user provisioning within SAP system. When a user is terminated, is it
recommended to delete the user master record in SU01? Or is it
recommended to disable/de-activate the user in SAP ie: Lock the user
and set the validity date? We do not want to be paying for users that
should not have access to SAP ie: Terminated Employee.

I found a forum which sugges not to delete user due to the below
reasons. Is it possible to audit a user for historical purpose and for
auditing purpose if the user id is deleted? Below is what I found on
SAP forum. Please advise if that is correct? Also, advise to delete
user or not to avoid licensing cost for terminated employee or
short/long term leave employee?

--------------------------------------------------------------------------------------

Information I found on a forum for not deleting user

The reason it's a best practice to not delete, but simply lock and
invalidate (set the end validity date), the user accounts when
employees leave the company is that it is historical data, which could
be important for future audit purposes. Also, if the users ever
created or changed any data (do they use ESS?), then those records will
be stamped with CREATED BY or CHANGED BY that user, and if the user no
longer exists, it can potentially cause inconsistencies. For instance,
let's say that you have deleted inactive user accounts, and three years
later your company is required to produce a list of all financial
documents initiated by that user. If the user doesn't exist, it could
make searching for the related documents problematic, and your company
could be subject to penalties as a result. You still might be able to
do it, but it's more difficult. As long as you have set the end validity date on the user master, the
user will not be counted any longer for license purposes. However, the
annual license audit from SAP does count how many users were deleted.
I'm not sure what they do with this information, but they get it.

All that being said, if the user was definitely a display-only or
reporting-only user, it might be safe to delete them. Also, if the
user was created in error and never used, then of course it's safe to
delete them.

Former Member · ‎06-08-2012

Our practice is to not delete users when they leave. We set the validity date, lock the user and remove all roles/profiles (can't be too careful, right:-). Users with a validity date in the past are definitely not counted in licence audits. This does assume you have a process for allocating userids to new users that guarantees no re-use. We do.

We do this for the reasons you quoted, plus some of our printed documents (sales orders & invoices in particular) include information about who created the order. If the user has been deleted that doesn't work too well.

Former Member · ‎06-08-2012

I agree with Steve. If I could add something to the list, that would be putting such delimited/invalid users to a specific user group also, eg- TERMINATED, for easier identification and reporting purposes.

Thanks

Sandipan

Former Member · ‎06-08-2012

Yeah its right ,

If user is associated with any kind of finance related ..... then you must remove roles and profiles and assign Inactive user group.

there can be other reason also for not deleting users.

else you can delete the user.