07-22-2011 4:57 AM
Hi Experts,
We are under going one audit, and there is a point they need deleted user ids information with last log on.
Is it possible, please provide the details.
Regards
Krishna Mohan
07-22-2011 7:03 AM
You're out of luck. Last logon time is stored in USR02, and the record for user is deleted when you delete the user. Probably the best you can do is pull changes for user from SUIM or SU01 and check the last password change date. It's not as good as last logon date, but you can state with certainty that this is at least the last date this username was used to access the system.
To avoid putting yourself in such a position in the future you could activate security audit log and configure it to log successful logons (among other events, perhaps). Then answering such auditor questions would just be a matter of grepping the logs.
Hope this helps!
07-22-2011 7:03 AM
You're out of luck. Last logon time is stored in USR02, and the record for user is deleted when you delete the user. Probably the best you can do is pull changes for user from SUIM or SU01 and check the last password change date. It's not as good as last logon date, but you can state with certainty that this is at least the last date this username was used to access the system.
To avoid putting yourself in such a position in the future you could activate security audit log and configure it to log successful logons (among other events, perhaps). Then answering such auditor questions would just be a matter of grepping the logs.
Hope this helps!
07-22-2011 9:07 AM
Do the auditors not have an issue with the fact that you are deleting users? This is more likely to cause issues....
What is the audit ponit about the last logon date of a user who has since been deleted?
Cheers,
Julius
07-22-2011 9:25 AM
Hi Julius,
I remember a similar thread where you were discussing on the issues with deleting a user ID and recommending to lock and move it to Deleted/HR Terminated user group. Your points are much valid and I am unable to find it. If you remember and can trace it out, I hope it should be added to this thread and also @
Regards,
Raghu
07-22-2011 9:32 AM
2nd thread from the top in the "user management" section?
It is the one wearing a sambrero, waiving at us and saying "cooooouuweeeee!"..
Cheers,
Julius
07-22-2011 10:07 AM
Great.. got it in the list already
Krishna Mohan - Go through the entire disucssion why might help you to understand the importance May be you can invite your managers, and auditors too
Regards,
Raghu
07-22-2011 11:56 AM
2 ways to check UserId information from SU01.
1. SU01-> User Id -> Information -> Information System ( SUIM) -> Change Documets For Users
2. SU01-> User Id -> Information -> Change Documets For Users
2 ways to check UserId information from SU10.
1. SU10-> User Id -> Information -> Information System ( SUIM) -> Change Documets For Users
2. SU10-> User Id -> Information -> Change Documets For Users
Another method by Using TCode SA38
SA38 (TCode) -> RSUSR100 (Prg) -> Exe
Enter UserId -> Execute
To check for the last login, Goto
SE16 -> USR02 -> Press ENTER / Click on Table contents -> UserID
which displays Valid from/through, User Type, group, Account no, Created by, Last login etc.,
Think this info can't get for the deleted Users.
Thanks
07-22-2011 12:48 PM
The SU01/SU10 options show changes to users even when deleted but not the last time they accessed SAP
The program you mentioned runs under a SUIM option so best going via SUIM really but it still doesn't give last log on date which RSUSR200 would provide if not deleted...