Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

new employee gets old employee's ID

Go to solution
Former Member

‎09-02-2009 5:49 PM

0 Kudos

at my organization, we are kind of recycling the old USER ID's of employees who have left the company. In other words, we sometimes give an Old employee's ID ( who has left the company) to a new employee. When we do so, we delete the user account in sap and recreate the new account with new user info like name, roles etc. But this is causing an issue. The work done by the old employee is showing the new employee's name which is not good. How can we prevent this from happening and be able to recycle the ID's at the same time ??? Please advise.

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎09-02-2009 6:12 PM

0 Kudos

You can't and shouldn't do anything to get around this. Historical log files are there to preserve an audit trail of what users have done. You need to change your userID policy to ensure that users are identified by an ID unique to them.

4 REPLIES 4

Go to solution
Former Member

‎09-02-2009 6:12 PM

0 Kudos

You can't and shouldn't do anything to get around this. Historical log files are there to preserve an audit trail of what users have done. You need to change your userID policy to ensure that users are identified by an ID unique to them.

Go to solution
WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎09-13-2009 1:52 PM

0 Kudos

> 

> You can't and shouldn't do anything to get around this.  Historical log files are there to preserve an audit trail of what users have done.  You need to change your userID policy to ensure that users are identified by an ID unique to them.

Yes, this is correct. This is somehow comparable with the car plates (registration numbers): they might be "recycled" (i.e. assigned to another car) after some reasonable wait period. But then you have to keep track to which real-life person an identifier has been assigned during a given period of time so that you are able to assign actions recorded under that identifier to the person who has caused the actions (in the car example: it's important to be able to know who has caused a traffic violation ...).

I'd propose not to reuse identifiers (but use life-long identifiers), if ever possible.

Otherwise auditing will become more complex (because it will be time-constrainted).

Edited by: Wolfgang Janzen on Sep 13, 2009 2:54 PM

Go to solution
Former Member

‎09-12-2009 9:03 AM

0 Kudos

What the old employee did it will be in the logs with date as well as time also

so no anyone can blame the new employee

Shahid

Go to solution
Former Member

‎09-26-2009 7:35 PM

0 Kudos

User ID's should NEVER be reused in an SAP system. The best practice would be to permanently remove the ID of the user, second best would be to permanently lock the account (and remove the role/profiles, and set the expiration date of the user to the termination date). If this approach is taken, the policy should be to insure the account never changes from the unlocked state. If the account is subsequently re-issued, your security/audit trail is compromised (and possibly your SAP license agreement!) This access control should be part of your corporate SAP security policy and the approach spelled out in your SAP security standard.

I'm surprised this practice was not flagged by your auditors?

Regards!

Edited by: Matt Saunders on Sep 26, 2009 8:36 PM