- SAP Community
- Products and Technology
- Additional Q&A
- Access Control-Inactive Users Removal
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Access Control-Inactive Users Removal
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 03-25-2015 5:10 AM
Hi gurus,
Do you know if there is a way to automate users removal via GRC AC10 when they have been inactive for more than 180 days?
Thanks,
Kind regards,
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi John,
There is no standard way from SAP GRC to do this.
You need to develop a custom program and may be your logic should be like this:
If using Portal SSO to login:
If you have ECC, BW, GRC etc systems then in your program should check the Last Logon Date in all the systems and if the user is inactive in all the systems for more than 180 days then raise a Lock Account request for that user. Lock Account request should not have any approvals.
If the user is active in any one of the systems don't lock the user.
Regards,
Madhu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Dear John,
Yes,even we implemented programs with help of ABAP consultant in ECC and GRC systems to lock and remove inactive users
1st Program for lock the users if they have not logged more than 45 days
2nd Program for delete the users if they have not logged more than 90 days
and scheduled background jobs once in a month.
Regards
Baithi
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
No automatic method out of the box sadly, but with a decent Governance process established and implemented this should not be a difficult task.
Previous customers I have worked with have established a regular periodic report to be performed whereby they check for User ID's that have been inactive for a set period of time i.e. 90 days etc and then performed a mass user request to lock and expire the ID's or ultimately delete them if no challenge has been raised.
In addition, a robust "Leavers" procedure has been established, whereby all leaver accounts are removed from SAP systems on the first business day after the user user has left. The Line Manager has to raise a "Delete User" request in ARM.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Cloud Integration: Manually Sign / Verify XML payload based on XML Signature Standard in Technology Blogs by SAP
- Value Unlocked! How customers benefit from SAP HANA Cloud in Technology Blogs by SAP
- Prevent users from navigation in Sap analytics cloud menu in Technology Q&A
- Problems when opening a PDF in my SAPUI5 app in Technology Q&A
- Consume Ariba APIs using Postman in Technology Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.