cancel
Showing results for 
Search instead for 
Did you mean: 

Can Authorization roles be delimited when an employee is Terminated?

Former Member
0 Kudos

Can Authorization roles be delimited when an employee is Terminated?  Is there an SAP program that will delimit the Authorization Roles when the status of an employee is changed from Active to Withdrawn (terminated)?

Accepted Solutions (0)

Answers (4)

Answers (4)

VWITS01
Active Contributor
0 Kudos

Hi,

It can be achieved by delimiting It 0105 where SY-UNAME is maintained.

Configure Terminationa action - Infogroup considering IT 0105 with LIS9 operation.

As roles are assigned to User Id only and User id is maintained in IT 0105 and delimiting IT 0105 will lead to delimition of roles for that ID,

Hope thsi helps.

Regards

Priya

ChrisSolomon
Active Contributor
0 Kudos

That sounds very familiar. Did you read the other responses at all?

Former Member
0 Kudos

Unfortunately, we are not assigning Roles to the Postion, but rather to the userid.  I want to delimit the roles from an audit perspective to ensure all bases are covered.   In addition, we can also have the userid locked and the Validity period ended as well.  But I didnt know if there was a standard SAP Program (Report) that can do this.

ChrisSolomon
Active Contributor
0 Kudos

As far as I know, there are no "standard" program(s) to do this. There are however many 3rd party products that handle this kind of provisioning/de-provisioning. From what I have ever seen, it is even more common to simply have the process(s) in place and a lot of this is done via custom code and/or manual steps.

As mentioned above, there are many things you can do. From the employee's perspective, your "delmit" option is really only available from the perspective of "de-linking" the userid to the employee (ie. delimit their IT0105 record). All else will come from the "security side of the house".

Former Member
0 Kudos

Yes it is possible, but I don't know the standard process is available or not, we developed a program which will fetch the in-actives & delimit the roles and validity period according to separation date,

you can try once using su10 for mass user updates.

former_member193652
Active Contributor
0 Kudos

Hi Jeremy,

Why you would delimit them?

If you would make sure the username won't have any authorization I recommend to deactivate username. If your authentication is done by SAP you can lock the username or delete it and if it done by active directory, for example, you can deactivate it in also.

Regards,

Omid