Question: Hi All,
Our auditors tell us that we are no longer allowed to delete
user ID's on our production system due to user history being
lost in our logs. First is this true and if so should I put the ones
I want to delete into a user group for safe keeping?
Thanks in advance
Charlie B.
Answer:
You do not say what version of SAP you are using but later versions do keep the change history for various functions even after the UserId has been deleted.
If you need to demonstrate it run some Fi or other actions in your Test system then delete the user and let the auditor see the result.
_________________
Sandi
~~~~
Apparently Father Christmas, the Easter Bunny, the Tooth Fairy and Star Wars aren't real
Tuly kiwi.
Answer:
You do not lose history. Depending on your naming convention for users, you may lose the name of who did what. Eg if the namng convention is non descriptive say x123 then you will not know who x123 is as they have been deleted. If you use first initial last name then you would know who did it. All documents will keep the x123. We have the x123 naming convention but put users in a user group called Terminated, remove all their access and lock the user. If I want to know who x123 is , they still exist.
Answer:
also remember that for some PM processes it is important that the UID exist, so deleting user when using PM can cause errrors. So beter lock and take roels away.
Answer:
Thanks all,
We are on version 4.6C. I do appreciate the feedback. As an extra precausion if we decide to not delete the ID's what about making them system ID's so logging in is not possible and putting them into an inactive users group?
Answer:
Every step that makes it more clear to useradmin not to reactivate the users is GOOD!
Answer:
Your auditors cant "tell" you to do anything.
They can make recommendations. They may raise a control deficiency, but for something small like this it is not going to affect their findings one bit when compared to something like finding active dialog users in prod with SAP_ALL or similar auths. Make them work for their fee & get them to tell you exactly what is lost.
Personally I do what the others have done - lock, assign to special user group & remove roles. At previous clients where they have deleted users, we have not had trouble with cnage logs for these deleted users.
Answer:
Hi - we use Global IDs A123XYZ and you can find deleted users by putting in a range in change information for users in SU01. Going on from that you CAN try re-creating the user and it will state:
Old SAPoffice data found for this user name. Do
you want to copy this data to the new user?
User address copied from SAPoffice data
Message no. 01009
Does anybody know where this information is and can be retrieved please?
many thanks
David
_________________
Real Daleks don't use the stairs. They just level the building.
Answer:
Note - I've found a reference to table ADR7 when searching the Security forum by "SAPOffice" but that doesn't seem to contain the name..
_________________
Real Daleks don't use the stairs. They just level the building.
Answer:
ADR7 is the refernce key to find the User name. If you need to know the name recreate the user and the only name will apear, unless you run a report to clean up the orphaned ID.
Then you should be refering to the "paper trail" you have authorizaing you to create and or delete the ID (be it a hard copy form or an email log). This should have all the user information about the ID.
_________________
John A. Jarboe
Answer:
Hi John
Thanks for your assistance with this little thing.
Yes - we do individual SU01 to create the ID again (but not save). If doing SU01 can recover the data isn't there a way to find the source of the hidden information directly though?
We run a find at the moment in Lotus Notes which works but it would be nice to be able to get it directly from SAP.
regards
David
_________________
Real Daleks don't use the stairs. They just level the building.
Answer:
It has been a while but it involves ADR7, USR21, and a few other ADRx tables. If you have the time you can trace the code an dfind the exact tables.
How to Earn Rs.25000 every month in internet without Investment?
Deleting Users
Labels:
Sap Basis Faqs
Subscribe to:
Post Comments (Atom)
topics
-
▼
2007
(1406)
-
▼
November
(1359)
- Free Download SAP FI Certification study pdf books
- Implementing SAP R/3 on OS/400
- Update SAP Kernel in UNIX based
- Security Audit Log (BC-SEC).pdf
- Security Audit Log.pdf
- Securities,pdf
- Secure Store & Forward / Digital Signatures (BC-SE...
- Secure Network Communications (BC-SEC-SNC)
- Free download use ful T-codes
- I did not find any OSS notes appropriate for my pr...
- How to apply OSS notes number?
- What is OSS Notes number?
- Where can i access SAP OSS?
- WHAT IS OSS
- Disaster Recovery Plan to Restore Production System
- Steps to Install SAP Note in sap
- Difference Between SAP Notes and Support Package
- Question : Subject : Support packages testing
- Five Different "User Type"
- How to solve the Time Zone Definition Problems?
- Setting the User Decimals Format
- Schedule Manager
- Various Important SAP Basis T-Code
- Trace Functions in sap
- System Trace: Error Analysis in sap
- System Trace(ST01) in sap
- Roles and Authorizations Used in Background Proces...
- Deleting Multiple Spool Requests Simultaneously in...
- Logging and Tracing in spool
- Print and Output Management in spool
- Background Job Monitoring Monitor in CCMS
- Monitoring the Database Using the Alert Monitor
- Monitoring the Operating System Using the Alert Mo...
- Monitoring Memory Management Using the Alert Monitor
- Method Dispatching Monitor in CCMS
- Remote Application Server Status Monitor in CCMS
- GRMG Self-Monitoring Monitor in CCMS
- CCMS Selfmonitoring Monitor for System-Wide Data i...
- Logfile Monitoring Monitor in CCMS
- Logon Load Balancing Monitor in CCMS
- Transaction-Specific Dialog Monitor in CCMS
- Workload Collector Monitor in CCMS
- System Errors Monitor in CCMS
- System Configuration Monitor in CCMS
- Syslog Monitor in CCMS
- Spool System Monitor in CCMS
- Security Monitor in CCMS
- Performance Overview Monitor in CCMS
- Operating System Monitor in CCMS
- Filesystems Monitor in CCMS
- Entire System Monitor in CCMS
- Monitoring the Enqueue Service in CCMS
- Dialog per Application Server Monitor in CCMS
- Dialog Overview Monitor in CCMS
- Database Monitor in CCMS
- Transactional RFC and Queued RFC Monitor in CCMS
- Communications Monitor in CCMS
- Buffers Monitor in CCMS
- Background Job Monitoring Monitor(CCMS)
- Background Processing Monitor(CCMS)
- Availability and Performance Overview Monitor (CCMS)
- SAP CCMS Monitor Templates Monitor Set
- Creating and Changing a Monitoring Pause(CCMS)
- Creating and Changing Monitoring Rules(CCMS)
- Configuring Availability Monitoring(CCMS)
- Update Repositories(CCMS)
- Displaying Central Performance History Reports(CCMS)
- Displaying Report Properties
- Scheduling and Executing a Report
- Variables in Group Names
- Creating a Report Definition(CCMS)
- Maintaining Collection and Reorganization Schemata...
- Maintaining Collection and Reorganization Schemata...
- Creating and Editing a Calendar Schema(CCMS)
- Creating and Editing a Day Schema
- Customizing the Alert Monitor(CCMS)
- Resetting MTEs and Alerts(CCMS)
- Reorganizing Completed Alerts(CCMS)
- Display Completed Alerts(CCMS)
- Automatically Complete Alerts(CCMS)
- Completing Alerts(CCMS)
- Starting Methods (CCMS)
- Processing Alerts(CCMS_
- Displaying the Technical View: Central Performance...
- Displaying the Technical View: Threshold Values(CCMS)
- Displaying the Technical View: Status Autoreaction...
- Displaying the Technical View: Status Data Collector
- Displaying the Technical View: Method Allocation
- Displaying the Technical View: Info on MTE
- Display Types and Views of the Alert Monitor(CCMS)
- Properties of Status Attributes (CCMS)
- Properties of Performance Attributes(CCMS)
- Properties of Log Attributes (CCMS)
- General Properties of Monitoring Tree Elements(CCMS)
- Properties of Monitoring Objects and Attributes
- Elements of the Alert Monitoring Tree
- Alert Monitoring Tree(CCMS)
- Monitors(CCMS)
- Monitor Sets (CCMS)
- Elements of the Alert Monitor (CCMS)
-
▼
November
(1359)
No comments:
Post a Comment