on 09-19-2013 3:36 PM
Can Authorization roles be delimited when an employee is Terminated? Is there an SAP program that will delimit the Authorization Roles when the status of an employee is changed from Active to Withdrawn (terminated)?
Hi,
It can be achieved by delimiting It 0105 where SY-UNAME is maintained.
Configure Terminationa action - Infogroup considering IT 0105 with LIS9 operation.
As roles are assigned to User Id only and User id is maintained in IT 0105 and delimiting IT 0105 will lead to delimition of roles for that ID,
Hope thsi helps.
Regards
Priya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Unfortunately, we are not assigning Roles to the Postion, but rather to the userid. I want to delimit the roles from an audit perspective to ensure all bases are covered. In addition, we can also have the userid locked and the Validity period ended as well. But I didnt know if there was a standard SAP Program (Report) that can do this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
As far as I know, there are no "standard" program(s) to do this. There are however many 3rd party products that handle this kind of provisioning/de-provisioning. From what I have ever seen, it is even more common to simply have the process(s) in place and a lot of this is done via custom code and/or manual steps.
As mentioned above, there are many things you can do. From the employee's perspective, your "delmit" option is really only available from the perspective of "de-linking" the userid to the employee (ie. delimit their IT0105 record). All else will come from the "security side of the house".
Yes it is possible, but I don't know the standard process is available or not, we developed a program which will fetch the in-actives & delimit the roles and validity period according to separation date,
you can try once using su10 for mass user updates.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jeremy,
Why you would delimit them?
If you would make sure the username won't have any authorization I recommend to deactivate username. If your authentication is done by SAP you can lock the username or delete it and if it done by active directory, for example, you can deactivate it in also.
Regards,
Omid
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
89 | |
7 | |
7 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.