07-07-2011 8:48 AM
hello everyone
i want to delete all empty users means users with any roles or any authorizations or profiles. can anyone answer me
07-07-2011 9:42 AM
Hi,
You don't have this reporting feature in SUIM. You have to use SQVI query viewer and use USR02, USR04 (Also you can use V_USERNAME table, if you wish to have user first name, and last name).
If there is no entry in USR04, that means user doesn't have any roles assigned.
Once you have the list of users, you can delete them from SU01 or SU10 transaction code.
Regards,
Raghu
Edited by: Raghu Boddu on Jul 7, 2011 10:42 AM
07-07-2011 9:55 AM
It is possible to get this from SUIM users by roles if you reverse your normal way of working but why you would want to delete users (old chestnut) is beyond me...
07-07-2011 1:18 PM
Raghu Boddu wrote:
If there is no entry in USR04, that means user doesn't have any roles assigned.
this statement is not correct.
b.rgds, Bernhard
07-07-2011 5:36 PM
hi david. I want to delete users to reduce my usr01 list.. is there any alternative way to keep them off from all type of records and auths.. pls explian it.. also tell me way to delete them..
07-07-2011 6:04 PM
also tell me way to delete them..
Have a look at the icons on the initial screen of SU01
07-07-2011 6:13 PM
Hi (Dil)?
I have hinted at finding users without roles but I can't help you delete users. Just search on deleting users in this forum and try ignoring your tables for a little while unless another is pushing you hard. In that case ask them to search this forum for cases against deleting users.
Best wishes
David
07-07-2011 9:34 PM
What happens when you double-click the Role field in the selection criteria?
Cheers,
Julius
07-07-2011 10:20 PM
I'm not clever and my method probably misses an easier solution.
Users by roles (e.g.)
Just use exclude single values /* S* Z* X* and excute
If you get a short list of ID's then click on roles - if any roles found then redo the exclude to include 'exclude' those starting with"."*
Cheers
David
Edited by: David Berry on Jul 7, 2011 10:21 PM
07-07-2011 11:53 AM
Hi,
Select all users from USR01. Than use this selected user list to select roles from table AGR_USERS.
You get the list of all usersu2019 role assignment. Use Excel for user's duplicity removing and afterwards i.e. compare two users list via respective software (i.e. total commander). If no record is in list from AGR_USERS, than user has no roles assignment.
Regards,
Vinod.
07-07-2011 9:26 PM
You are very clever, David. I think I figured out what you're talking about in SUIM. Here I go spilling the beans ...
In SUIM, run users by role with nothing in the role. If you have a gozillion users this may not be a good idea. Once you get the resulting list, click on the Roles button. That will list all of the users who have role assignments. You can dump both lists into Excel and back into the list of users without role assignments using VLOOKUP.
In response to another part of your question, you can expire users instead of deleting them. That will help you to exclude them when checking who has access in the system. It also will remove them from your license count.
Krysta
Edited by: Krysta Osborn on Jul 7, 2011 10:26 PM
07-07-2011 10:24 PM
I tried double clicking in the role field, and it does bring up the selection options screen. I selected = and left the role field blank, but it doesn't return any results even though there are users with no role assignments. I think David's suggestion gets around that.
Krysta
07-07-2011 10:36 PM
Yes, you are correct. Perhaps a SUIM report for users who can logon but not do anything would be usefull
Alterately, the user will get bored fairly quickly, and then you can delete "idle" passwords or monitor logon dates and lock them / move them to "retired" user groups.
Deleting users is generally not recommended as this preserves the unique user ID and access concepts outside of the ABAP role based access concept (e.g. manual profiles, validations & other user check tables, personalizations, object ownership, HR and AD mapping, address data, etc.
Cheers,
Julius
07-07-2011 11:03 PM
Hi Krysta
The = single value "null" doesn't seem to work as you have found
Seems odd as it is (or seems to be) fine in other reports in say AGR_TEXTS for the ID field which is why I went for this solution.
Cheers
David
07-08-2011 1:43 AM
Hi,
it's not odd in this case. That report tries to select all users from the table AGR_USERS with role blank. Obviously, there is no such a user. You can't use this trick here.
To get users you can play with SUIM report - Users - by user ID. You can run this report and enter A*, This gives you a list of all users starting with A. There is a button "Roles" which gives you a subset of selected users with role assignment. You can just select users and copy them into clipboard. Then you need to go back to selection screen and paste content of clipboard into section Exclude single values. So new selection gives you all users starting with A which haven't appeared in the second ALV. Just to double check you can click on button Roles. You shouldn't get any records. There is a limit for clipboard size hence I am proposing to do it letter by letter.
Update: using button "Profiles" is better because it covers roles as well as profiles.
Cheers
Edited by: Martin Voros on Jul 8, 2011 10:47 AM
07-08-2011 8:28 AM
Hi Martin
The 'By Profile' option is another one to capture users with profiles (but no roles) and maybe PFUD not run too?
THe same solution seems to work there too - exclude tab and enter the usual suspects - T* Z* S* etc and run. Any users returned then hit the profiles button - any profiles returned then add their starting letter to the exclusions too.
Seems to work!
Cheers
David