01-18-2011 6:53 PM
Hello,
I want to pull up a list of expired roles for all the valid users (no expiration date).
Can I do that using SUIM or is there any other table/program I can use?
We would like to clean up all the expired roles because it is creating a confusion among role owners and business process owners who use various SUIM reports and freak out when they see lists of roles assigned to users not realizing the roles are expired.
Thanks!
01-18-2011 7:03 PM
want to pull up a list of expired roles for all the valid users (no expiration date).
Can I do that using SUIM or is there any other table/program I can use?
Using SUIM it is not possible. Using table (AGR_USERS) it is possible but need to check user validity line by line carefully. Possible but not feasible. Try out below solution.
Run report PRGN_COMPRESS_TIMES to remove all expired users from all the role in system. Then in SUIM -> Role by complex selection criterion - Select without user assignment.
SUIM reports and freak out when they see lists of roles assigned to users not realizing the roles are expired.
It is not freaking out. It is giving all teh user there in the list (expired/valid both)
Regards,
Arpan Paik
01-18-2011 7:38 PM
I have read about some users having problems after running this program.
Users having proper valid to field ( means not expried 31.12.9999) also got deleted. So , I am not comfortable running this. (Refer to OSS note Note 1132448 - PRGN_COMPRESS_TIMES: Username selection is ignored)
Is there an alternative way to do this?
Thanks.
01-18-2011 7:45 PM
Currently I am away from my password file contain login details for service market place. But as you have fopund the note tyhen you should looking for implementing the same to fix the bug in system. By the way you can run that report in test mode first and then have a chance to validate.
You can check table data as I said but will definately took lot of time to analyze. May results nothing.
Edited : Let some boss come to say more about problem with the report as you highlight.
Regards,
Arpan Paik
Edited by: P Arpan on Jan 19, 2011 1:16 AM
01-18-2011 8:51 PM
Well, as Arpan mentioned, AGR_USERS can suffice your requirement. I believe putting end date field < current date should give you all expired role assigment and >= current date will generate list of valid role assignment on the "current date".
You may plug in the list of valid users (from USR02) into the table to begin with and then put the above conditions to find the list of expired and valid role assignments as on a particular date.(a dynamic variant can be used to select current date automatically if you want to generate the list periodically)
In addition to removing expired roles, PRGN_COMPRESS_TIMES also removes duplicate role assigments and replaces with single entry of the role. Validity period is adjusted to reflect the maximum range of validity( union of lowest start date and highest end date from the duplicate entries of the roles).
Thanks
Sandipan
Edited by: Sandipan Choudhury on Jan 19, 2011 2:23 AM
01-19-2011 11:33 AM
Problem would be, sorting by validity date (either in suim, or in table) will not give correct data. As one role might get expired for one user but could be valid for other user! So the list always should be sorted by role. Then check on validity.
Regards,
Arpan Paik
01-19-2011 10:19 PM
Why not? If you search for users (not roles) and then click on button Roles (circle with funky colors) then you get all roles assigned to the selected users with validity period. So you just need to set up a correct filter.
Cheers
01-20-2011 11:41 AM
Yeah in SUIM we can get this. However let's consider a role is assigned to 10 users and out of them 2 are expired. So if you sort by validity then expierd 2 will come early and rest 8 occurence will come later somewhere in middle of the report.
Regards,
Arpan Paik
01-18-2011 9:30 PM
Hi Siri,
You can use SUIM reports to do this :
Users -> Users by Complex Selection criteria -> execute -> Click on Roles tab -> Set filter on End Date - > multiple selections -> exclude single value 12/31/9999.
This will give you list of users having roles that does not have value of 12/31/9999.
01-18-2011 10:47 PM
Hi,
those roles still might be a valid. For example end date = 31.12.2011. Therefore you need to set up a more complex filter. You need to select two columns Start date and End date and set filter. Then just simply set filters: start date needs to be less or equal than current date and end date needs to be greater or equal than current date. This gives you a list of all valid roles. So you can export two lists into Excel and then create a final list of expired role.
Another option is to look for roles where end date is less than current date. This gives you a list of expired roles but you will keep roles which should be valid in future.
Cheers
Edited by: Martin Voros on Jan 19, 2011 9:48 AM
01-19-2011 4:21 PM
You are correct Martin. I did not realized about the roles assigned to users that are yet to expire. Yes looking for End dates of roles that is less than today's/present date would give you all the roles that have expired respective to the users.
01-19-2011 7:06 PM
Hi
The previous replies about using SE16N AGR_USERS appears to fit the bill to me - in SUIM I can't find a suitably easy report format?
In AGR_USERS you may need to watch out for composite role assignments though, sort the end date 'to' and paste the out of date entries into Excel and remove 'Exclusive', 'Date', 'Time', blank column and 'HR' columns to leave just 'Assignment via composite'.
Example:
Role ID from to Via Comp
509_TF_HOLLOWCORE_STOCK_ UK_JXXXX 04.06.2010 08.06.2010
509_TF_HOLLOWCORE_STOCK_ UK_PXXXX 04.06.2010 08.06.2010
Z0_TQM_P2P_PURCH_REQ UK_SXXXXXXX 02.06.2010 16.06.2010
Z1_TQM_P2P_GR_CREATE UK_SXXXXXXX 02.06.2010 16.06.2010 X
Z1_TQM_P2P_REQ_CREATE UK_SXXXXXXX 02.06.2010 16.06.2010 X
Z2_TQM_P2P_DISPLAY_ALL UK_SXXXXXXX 02.06.2010 16.06.2010 X
The last three entries are contained in Z0_TQM_P2P_PURCH_REQ (the Z0 denotes composite and I checked AGR_AGRS to be sure which goes where)
I think, if you wanted to bulk remove, then a .txt file containing just the expired roles without the X value in an LSMW (01.01.1900 - 31.12.9999) in roles and remember to check as remove in profile as well as role in the recording will remove from users.
Cheers
David
Edited by: David Berry on Jan 19, 2011 7:10 PM
01-31-2011 5:29 PM
Step 1: I was able to pull up list of active users from SUIM.
Step 2: Go to AGR_USERS table in SE16.
Gave a * for the role field.
User field list somes from variant I crated for active users in SUIM
Gave a dynamic date variant.
We now created a custom transaction that would feed the user list form SUIM in to the AGR_USERS table.