cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

License issue

Former Member

on ‎12-19-2008 9:20 AM

0 Kudos

Hello gurus,

We have got mail from SAP about License audit and I generated the LAW log file as per the instruction. Problem is I have always maintained no of license and user as per the agreement but its showing almost double as the its even covering the locked old user logins who left organization.

Its a request to gurus to help me to get correct figure for license and not fall in problem in audit. Further inputs from you like basic care that should be taken will be of great use.

Thanks in advance!

Regards,

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎01-07-2009 9:25 PM
0 Kudos

There is a sticky thread regarding this on the Security Forum. The best approach is to NOT delete the users but to lock them out and remove all their roles. I am following their advice and doing the same in my organization. If a user is deleted, SAP can still find out if they were (I think this is correct from what I have read on the forums) and its is advised to never delete users in Production.

From a logical perspective, I think the whole idea of the license tied to the users is that you should not be using (say) 10 user ids for 50 active users. No 2 users are supposed to share the same login. Again, this might be relative since the license depends on the kind of agreement your company has with SAP.

For the users that have been locked out, table USR02 shows the last login date. I'm sure SAP can find out in similar ways if a username has been reused after being locked out. As long as they are not being unlocked and reused again by someone else, it should be okay. You would need to worry if you have license of (say) 10 users and more than 10 active SAP users. The unused number of users should not matter

Hope this makes sense.

Kunal

Show replies
Show replies
Former Member
‎01-07-2009 8:20 PM
0 Kudos

My company never deletes a user account but we do set the validity dates and have had no problems with SAP about licenses. But they may be able to see when you set the validity dates and may have issues if you terminate a lot of users right before an audit. It would look rather suspicious.

Show replies
Show replies
Former Member
‎01-07-2009 2:16 PM
0 Kudos

Are the locked users also time expired i.e. each user id has a validity date allocated to them which is earlier than the current system date?

Locking an account does not remove them from the user base, as they can be unlocked and used. Setting the validity date, so that any unlocked accounts cannot logon is the next step, but really if these users do not need SAP anymore they should be deleted fully.

Locked users outside of their validity period won't show as active users on the license report, but SAP will still be able to see that you have a number of locked / inactive users on your system. This could make them suspicious that your licensed user base has been temporarily reduced in size. Physically deleting the ids that do not need to access SAP is the best approach.

Show replies
Show replies
JPReyes
Active Contributor
‎12-19-2008 9:27 AM
0 Kudos

No much advice to give you... just clean your user base and assign the rignt license to each. If people left the organization the users should be deleted.

Regards

Juan

Show replies
Show replies
Ask a Question