Delete users without Roles

Former Member · ‎07-07-2011

hello everyone

i want to delete all empty users means users with any roles or any authorizations or profiles. can anyone answer me

Former Member · ‎07-07-2011

Hi,

You don't have this reporting feature in SUIM. You have to use SQVI query viewer and use USR02, USR04 (Also you can use V_USERNAME table, if you wish to have user first name, and last name).

If there is no entry in USR04, that means user doesn't have any roles assigned.

Once you have the list of users, you can delete them from SU01 or SU10 transaction code.

Regards,

Raghu

Edited by: Raghu Boddu on Jul 7, 2011 10:42 AM

Former Member · ‎07-07-2011

It is possible to get this from SUIM users by roles if you reverse your normal way of working but why you would want to delete users (old chestnut) is beyond me...

Bernhard_SAP · ‎07-07-2011


Raghu Boddu wrote:
If there is no entry in USR04, that means user doesn't have any roles assigned.

this statement is not correct.

b.rgds, Bernhard

Former Member · ‎07-07-2011

hi david. I want to delete users to reduce my usr01 list.. is there any alternative way to keep them off from all type of records and auths.. pls explian it.. also tell me way to delete them..

Former Member · ‎07-07-2011

 also tell me way to delete them..

Have a look at the icons on the initial screen of SU01

Former Member · ‎07-07-2011

Hi (Dil)?

I have hinted at finding users without roles but I can't help you delete users. Just search on deleting users in this forum and try ignoring your tables for a little while unless another is pushing you hard. In that case ask them to search this forum for cases against deleting users.

Best wishes

David

Former Member · ‎07-07-2011

What happens when you double-click the Role field in the selection criteria?

Cheers,

Julius

Former Member · ‎07-07-2011

I'm not clever and my method probably misses an easier solution.

Users by roles (e.g.)

Just use exclude single values /* S* Z* X* and excute

If you get a short list of ID's then click on roles - if any roles found then redo the exclude to include 'exclude' those starting with"."*

Cheers

David

Edited by: David Berry on Jul 7, 2011 10:21 PM

Former Member · ‎07-07-2011

Hi,

Select all users from USR01. Than use this selected user list to select roles from table AGR_USERS.

You get the list of all usersu2019 role assignment. Use Excel for user's duplicity removing and afterwards i.e. compare two users list via respective software (i.e. total commander). If no record is in list from AGR_USERS, than user has no roles assignment.

Regards,

Vinod.

krysta_osborn · ‎07-07-2011

You are very clever, David. I think I figured out what you're talking about in SUIM. Here I go spilling the beans ...

In SUIM, run users by role with nothing in the role. If you have a gozillion users this may not be a good idea. Once you get the resulting list, click on the Roles button. That will list all of the users who have role assignments. You can dump both lists into Excel and back into the list of users without role assignments using VLOOKUP.

In response to another part of your question, you can expire users instead of deleting them. That will help you to exclude them when checking who has access in the system. It also will remove them from your license count.

Krysta

Edited by: Krysta Osborn on Jul 7, 2011 10:26 PM

krysta_osborn · ‎07-07-2011

I tried double clicking in the role field, and it does bring up the selection options screen. I selected = and left the role field blank, but it doesn't return any results even though there are users with no role assignments. I think David's suggestion gets around that.

Krysta

Former Member · ‎07-07-2011

Yes, you are correct. Perhaps a SUIM report for users who can logon but not do anything would be usefull

Alterately, the user will get bored fairly quickly, and then you can delete "idle" passwords or monitor logon dates and lock them / move them to "retired" user groups.

Deleting users is generally not recommended as this preserves the unique user ID and access concepts outside of the ABAP role based access concept (e.g. manual profiles, validations & other user check tables, personalizations, object ownership, HR and AD mapping, address data, etc.

Cheers,

Julius

Former Member · ‎07-07-2011

Hi Krysta

The = single value "null" doesn't seem to work as you have found

Seems odd as it is (or seems to be) fine in other reports in say AGR_TEXTS for the ID field which is why I went for this solution.

Cheers

David

martin_voros · ‎07-08-2011

Hi,

it's not odd in this case. That report tries to select all users from the table AGR_USERS with role blank. Obviously, there is no such a user. You can't use this trick here.

To get users you can play with SUIM report - Users - by user ID. You can run this report and enter A*, This gives you a list of all users starting with A. There is a button "Roles" which gives you a subset of selected users with role assignment. You can just select users and copy them into clipboard. Then you need to go back to selection screen and paste content of clipboard into section Exclude single values. So new selection gives you all users starting with A which haven't appeared in the second ALV. Just to double check you can click on button Roles. You shouldn't get any records. There is a limit for clipboard size hence I am proposing to do it letter by letter.

Update: using button "Profiles" is better because it covers roles as well as profiles.

Cheers

Edited by: Martin Voros on Jul 8, 2011 10:47 AM

Former Member · ‎07-08-2011

Hi Martin

The 'By Profile' option is another one to capture users with profiles (but no roles) and maybe PFUD not run too?

THe same solution seems to work there too - exclude tab and enter the usual suspects - T* Z* S* etc and run. Any users returned then hit the profiles button - any profiles returned then add their starting letter to the exclusions too.

Seems to work!

Cheers

David