Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Change documents and deleted users

Former Member

‎09-10-2010 7:51 PM

0 Kudos

Hi all,

We have been dictated by our audit dept. to lock user id's in our production system for people who are no longer using the system (no longer employed, etc) but not to delete them. They seem to be under the impression that if a user ID is deleted that all records of it's past activity will be erased.

I showed them that this was not necessarily true by testing in our QA system. I created two users, X and Y. I made a change to X with Y, then deleted user Y from the system, and presented the change documents showing that it's past activities were still represented.

I am trying to create a business policy of deleting locked ID's after 90 or 120 days pass, but I need to be able to convince audit that they can look back at data in the system.

Is there a SAP Note I can show them, or some other documentation that will show that the information will remain available. Also, is there anything I need to be aware of concerning the limits of what can be traced after a users ID has been deleted? Such as retention of change docs in the system?

Thanks everyone.

3 REPLIES 3

jurjen_heeck
Active Contributor

‎09-10-2010 8:24 PM

0 Kudos

Why are you so eager to delete the users? If their validity dates, locks and role assignments are maintained properly there's no problem in keeping them. For one thing, it'll stop you from accidentally recreating a user for a whole different person who will then inherite a lot of change documents....

Besides that, being able to link a full name to a user name does come in handy and I believe this is more difficult when the account is gone.

Former Member

‎09-10-2010 8:26 PM

0 Kudos

From my past experience, I have seen it has been better to lock the ids, move them to say "Deleted / Terminated" user group and remove any roles or profiles assigned to them.

two issues that I remember we found when we use to delete the user ids -

1. In our AR/CCM department, dispute cases were assigned to users using their user id. As soon as we used to delete the user ids, there were issues with those dispute cases.

2. There were batch jobs running on some basis user id ( though it is bad practise but sometimes basis guys use their id to run jobs instead of using some generic system batch job id) and afer deleting the id, they started to fail.

For us, we are locking the ids after 90 days of inactivity and moving them to deleted / terminated group, locking them and removing the roles from them after 365 days.

Former Member
In response to Former Member

‎09-10-2010 8:34 PM

0 Kudos

Thanks Jurjen and Nishant,

Looking at these answers I see that this is probably the best way to handle things. I was being encouraged to try and create this business process by another person who I had spoken with, but your examples have shown I am much better off retaining the id's and changing their group, and then eventually removing their roles.

Thank you both very much for your help.