Question: Once a user has been terminated, either voluntarily or involuntarily, is it better to lock his/her id? Or better to delete the User Master Record?
I would like to hear justification on which practice is better and the reasons why.
Thanks,
Greg
Answer:
1. As long as the user master record exists, it's very easy to unlock the record, either through transactions or by updating USR02-UFLAG directly. Recreating a deleted user master record is not as trivial.
2. Locking a user master implies that you plan to unlock the user sometime in the future. Deleting the user is an indication that there's no expectation of their return. The second is more accurate in the case of terminated employees.
3. If you want a count of "active" users, retaining locked users can result in incorrect counts unless you remember to exclude the locked users. You will also need to keep track of which users are locked because they are terminated and which ones are locked for some other reason. I'm not aware of any field where that information can be kept.
4. There would eventually be a small performance degredation if all terminated users were kept forever.
_________________
Keith
To SEARCH the forum, go here: /forums/search.php
Answer:
Hello
At our site we lock as soon as they leave, and delete monthly. We seem to have a number of people who leave and then come back to new jobs or as contractors, or even bakc to the same job (don't get me started). Access here is assigned to positions so as soon as their postion is terminated their access is stopped.
We do the regular deletions becuase our licensing agreement does not exclude locked users and if we don't ge trid of them we have to keep paying for them.
You need to consider the best scenario for your business based on the factors mentioned by RR and:what are the security risks, ie does access persist after someone leves, and it's only secured by a lock?
does your lincece charge you or all users regardless of lock status
how soon is too soon or to late to delete?
There is no one rule for everyone, each business has its own needs.
_________________
Sandi
~~~~
Apparently Father Christmas, the Easter Bunny, the Tooth Fairy and Star Wars aren't real
Tuly kiwi.
Answer:
Agree to all the abouve comments
At our site we expire the user (Which is excluded from Liscencing Agreement) Lock after 1 month (To ensure that they have not been on holidays) then delete after 2 months of inactivity of last logon.
Locking userid's vs. deleting userid's
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment