Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SUIM report - list of expired roles

Former Member

‎01-18-2011 6:53 PM

0 Kudos

Hello,

I want to pull up a list of expired roles for all the valid users (no expiration date).

Can I do that using SUIM or is there any other table/program I can use?

We would like to clean up all the expired roles because it is creating a confusion among role owners and business process owners who use various SUIM reports and freak out when they see lists of roles assigned to users not realizing the roles are expired.

Thanks!

12 REPLIES 12

arpan_paik
Active Contributor

‎01-18-2011 7:03 PM

0 Kudos 
  want to pull up a list of expired roles for all the valid users (no expiration date).
Can I do that using SUIM or is there any other table/program I can use?

Using SUIM it is not possible. Using table (AGR_USERS) it is possible but need to check user validity line by line carefully. Possible but not feasible. Try out below solution.

Run report PRGN_COMPRESS_TIMES to remove all expired users from all the role in system. Then in SUIM -> Role by complex selection criterion - Select without user assignment.

 SUIM reports and freak out when they see lists of roles assigned to users not realizing the roles are expired.

It is not freaking out. It is giving all teh user there in the list (expired/valid both)

Regards,

Arpan Paik

Former Member
In response to arpan_paik

‎01-18-2011 7:38 PM

0 Kudos

I have read about some users having problems after running this program.

Users having proper valid to field ( means not expried 31.12.9999) also got deleted. So , I am not comfortable running this. (Refer to OSS note Note 1132448 - PRGN_COMPRESS_TIMES: Username selection is ignored)

Is there an alternative way to do this?

Thanks.

arpan_paik
Active Contributor
In response to arpan_paik

‎01-18-2011 7:45 PM

0 Kudos

Currently I am away from my password file contain login details for service market place. But as you have fopund the note tyhen you should looking for implementing the same to fix the bug in system. By the way you can run that report in test mode first and then have a chance to validate.

You can check table data as I said but will definately took lot of time to analyze. May results nothing.

Edited : Let some boss come to say more about problem with the report as you highlight.

Regards,

Arpan Paik

Edited by: P Arpan on Jan 19, 2011 1:16 AM

Former Member
In response to arpan_paik

‎01-18-2011 8:51 PM

0 Kudos

Well, as Arpan mentioned, AGR_USERS can suffice your requirement. I believe putting end date field < current date should give you all expired role assigment and >= current date will generate list of valid role assignment on the "current date".

You may plug in the list of valid users (from USR02) into the table to begin with and then put the above conditions to find the list of expired and valid role assignments as on a particular date.(a dynamic variant can be used to select current date automatically if you want to generate the list periodically)

In addition to removing expired roles, PRGN_COMPRESS_TIMES also removes duplicate role assigments and replaces with single entry of the role. Validity period is adjusted to reflect the maximum range of validity( union of lowest start date and highest end date from the duplicate entries of the roles).

Thanks

Sandipan

Edited by: Sandipan Choudhury on Jan 19, 2011 2:23 AM

arpan_paik
Active Contributor
In response to arpan_paik

‎01-19-2011 11:33 AM

0 Kudos

Problem would be, sorting by validity date (either in suim, or in table) will not give correct data. As one role might get expired for one user but could be valid for other user! So the list always should be sorted by role. Then check on validity.

Regards,

Arpan Paik

mvoros
Active Contributor
In response to arpan_paik

‎01-19-2011 10:19 PM

0 Kudos

Why not? If you search for users (not roles) and then click on button Roles (circle with funky colors) then you get all roles assigned to the selected users with validity period. So you just need to set up a correct filter.

Cheers

arpan_paik
Active Contributor
In response to arpan_paik

‎01-20-2011 11:41 AM

0 Kudos

Yeah in SUIM we can get this. However let's consider a role is assigned to 10 users and out of them 2 are expired. So if you sort by validity then expierd 2 will come early and rest 8 occurence will come later somewhere in middle of the report.

Regards,

Arpan Paik

Former Member

‎01-18-2011 9:30 PM

0 Kudos

Hi Siri,

You can use SUIM reports to do this :

Users -> Users by Complex Selection criteria -> execute -> Click on Roles tab -> Set filter on End Date - > multiple selections -> exclude single value 12/31/9999.

This will give you list of users having roles that does not have value of 12/31/9999.

mvoros
Active Contributor
In response to Former Member

‎01-18-2011 10:47 PM

0 Kudos

Hi,

those roles still might be a valid. For example end date = 31.12.2011. Therefore you need to set up a more complex filter. You need to select two columns Start date and End date and set filter. Then just simply set filters: start date needs to be less or equal than current date and end date needs to be greater or equal than current date. This gives you a list of all valid roles. So you can export two lists into Excel and then create a final list of expired role.

Another option is to look for roles where end date is less than current date. This gives you a list of expired roles but you will keep roles which should be valid in future.

Cheers

Edited by: Martin Voros on Jan 19, 2011 9:48 AM

Former Member
In response to Former Member

‎01-19-2011 4:21 PM

0 Kudos

You are correct Martin. I did not realized about the roles assigned to users that are yet to expire. Yes looking for End dates of roles that is less than today's/present date would give you all the roles that have expired respective to the users.

Former Member

‎01-19-2011 7:06 PM

0 Kudos

Hi

The previous replies about using SE16N AGR_USERS appears to fit the bill to me - in SUIM I can't find a suitably easy report format?

In AGR_USERS you may need to watch out for composite role assignments though, sort the end date 'to' and paste the out of date entries into Excel and remove 'Exclusive', 'Date', 'Time', blank column and 'HR' columns to leave just 'Assignment via composite'.

Example:

Role ID from to Via Comp

509_TF_HOLLOWCORE_STOCK_ UK_JXXXX 04.06.2010 08.06.2010

509_TF_HOLLOWCORE_STOCK_ UK_PXXXX 04.06.2010 08.06.2010

Z0_TQM_P2P_PURCH_REQ UK_SXXXXXXX 02.06.2010 16.06.2010

Z1_TQM_P2P_GR_CREATE UK_SXXXXXXX 02.06.2010 16.06.2010 X

Z1_TQM_P2P_REQ_CREATE UK_SXXXXXXX 02.06.2010 16.06.2010 X

Z2_TQM_P2P_DISPLAY_ALL UK_SXXXXXXX 02.06.2010 16.06.2010 X

The last three entries are contained in Z0_TQM_P2P_PURCH_REQ (the Z0 denotes composite and I checked AGR_AGRS to be sure which goes where)

I think, if you wanted to bulk remove, then a .txt file containing just the expired roles without the X value in an LSMW (01.01.1900 - 31.12.9999) in roles and remember to check as remove in profile as well as role in the recording will remove from users.

Cheers

David

Edited by: David Berry on Jan 19, 2011 7:10 PM

Former Member

‎01-31-2011 5:29 PM

0 Kudos

Step 1: I was able to pull up list of active users from SUIM.

Step 2: Go to AGR_USERS table in SE16.

Gave a * for the role field.

User field list somes from variant I crated for active users in SUIM

Gave a dynamic date variant.

We now created a custom transaction that would feed the user list form SUIM in to the AGR_USERS table.