Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Using BAPI_USER_DELETE in receiving system to delete user

Former Member

‎12-21-2006 6:07 PM

0 Kudos

Hi,

We have CUA in place with 32 receiving systems connected.

I have one program which I want to run in each receiving systems. This program will do following actions for Inactive users (those who didn't logon to system for #of days):

- Notify User

- Lock / change validity date for a user

- Delete user

Since we have CUA in place, though the deletion is happening successfully, it is deleting user in the individual receiving system and not in the CUA system.

Hence in CUA system that user is still visible and if I save that user in CUA it is creating the same again in the receiving system where it was deleted.

That program is using FU BAPI_USER_DELETE.

Can anyone help me to understand usage of BAPI_USER_DELETE? Am I using it correctly?

Is there any way in CUA environment?

Regards,

DAA

6 REPLIES 6

Former Member

‎12-21-2006 6:41 PM

0 Kudos

Hi Deepak,

You want to delete a user in transactions SU01 or SU10, but you have no authorization to delete the infotype 0105 assigned to the user in HR.

The same error occurs in systems in which HR is active if you do one of the following:

You remove the authorization for a child system from the user in the central system of a Central User Administration (CUA).

You delete the user in the child system using an IDoc.

However, these USERCLONE IDocs (method 'Delete') hang in status 51 with the following error message:

026(01) Internal error: FM <user name>,

exception: internal error

You delete the user with programs that use the BAPI_USER_DELETE function module (SAP-internal, customer-specific or partner products).

Please refer Note 704088 - SU01: Missing HR authorization when you delete a user for clarification.

Cheers,

Shyam.

Former Member
In response to Former Member

‎12-21-2006 6:50 PM

0 Kudos

Hi Shyam,

Thanks for the reply.

I don't get any error msg in my receiving system. User is getting deleted by the program in receiving system.

But my problem is it is not reflecting in CUA (reverse way). Because of this, if I check in receiving system for user I don't get but if I check in CUA system for the same receiving system I can see the user. And if I distribute the user for the same receiving system from CUA that user is appearing again in receiving system.

I want to know, is there any way to push the deletion IDOC from receiving system to CUA. So that user will be deleted from both systems.

Regards,

Deepak

Former Member
In response to Former Member

‎02-05-2007 6:41 AM

0 Kudos

Hi Deepak,

Even though your program deletes the users in the child systems, since they were either created thru CUA or migrated onto CUA they still exist in CUA.

These user master records get created in the child systems when ever you make changes to these users in CUA or if you run the report SUSR_CUA_CONSISTENCY_CHECK , the IDOCS get transferred into the child systems and hence they get recreated.

The solution for this behaviour can be , when ever you run the user deletion program on your child system, logon to your CUA and use the tcode SCUG and select your child system , select <i>already central user</i> tab, click on the role assignments button. This action will sync the CUA with the child system.

Let me know if it works for you.

Regards,

Laxman

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎12-27-2006 10:01 AM

0 Kudos

Well, first of all: it is not a good idea to delete user accounts - since the userID is part of the database key in many change records (resulting from the various actions that have been performed by a user - before he became "inactive"). The better solution is: restrict the account validity (by setting the "not after" date to a date in the past, e.g. yesterday).

When using a Central User Administration (CUA) the user account will be created once centrally and then again once per CUA client system (if system-specific roles / authorizations are assigned). Deleting an account only takes effect in the CUA client systems (similiar to removing role / authorization assignments). But frankly speaking, I'm not that familiar with CUA and user management; maybe there is a way to delete a user account globally (maybe it's also a matter of CUA customizing). But anyway: it's better to restrict the account validity than to delete the account (see above).

Regards, Wolfgang

Bernhard_SAP
Employee
Employee

‎12-29-2006 8:31 AM

0 Kudos

Hi,

BAPI_USER_DELETE only works locally. (That's the actual design....). so the CUA-mastersystem never gets knowledge about the local deletion of that user. At next distribution from the CUA-master, the user gets created again, as the systemassignement to that particular childsystem still exists in the CUA-master.

There is a current developementproject going on to provide a functionmodule, which also cleans up the systemassignement in the CUA-mastersystem, if a user gets deleted locally on a childsystem.(even if this local maintenance is controversal to the idea of a 'CENTRAL User Administration' )

As this developement is not trivial (for all releases ) it will take some time, until this new FM will be availble. Pls check from time to time for new notes referring to BAPI_USER* -FMs.

rgds,

Bernhard

Bernhard_SAP
Employee
Employee

‎02-01-2007 7:48 AM

0 Kudos

The behaviour of CUA is adapted with note #992375.