using SU10 - Locking at most 20 users at time?

Former Member · ‎08-13-2007

Sorry for asking this again

I have list of users (100s of them) who have not logged in system for quite some time.

Now I have to remove roles assigned to them, expire them and lock them.

Is there a faster way to do it. I am asking this becuase there are 100s of them

I know You can do with SU10. But at a time I can select 20 users and lock them. I also have to delete the roles to these 100s of users.

How do I delete roles? About locking I can do most 20 users at a time using SU10? Is there a way I can upload file in Su10 and delete roles of users and lock them at one shot?

Former Member · ‎08-13-2007

You can select all of the users at one time using SU10.

Go to the authorization data button and you will get to a users by complex selection screen - click on the multiple selection dropdown button. From here you can paste your users. If you had the users list in excel then just paste from there - there is a button called upload from clipboard.

Delete roles - do you mean you need to delete the roles or delete the assignment of the roles from the users ?

Former Member · ‎08-13-2007

How do I delete roles from their accounts? There are lots of users as mentioned. After deleting roles from their accounts, i want to lock them

Former Member · ‎08-13-2007

You don´t need to remove their access to delete de user´s account later. Just, lock all those ID´s first and them analyze which account could be reactived or not.

Former Member · ‎08-13-2007

What is it in the end that you want to achieve ? Do you want to delete the user ids ? If yes, then there is no point in removing the roles since deleting the user ids also deletes the roles assigned to them as well. If you want to just delete the roles and lock the ids so you have ids with no roles assigned. Then you will need to identify all of the roles assigned to these ids. Best way to do this is to use SUIM - run user listing with roles - download to excel and then sort by roles. Once you have defined all of the roles - use SU10 to remove these roles from the user ids. Same method for selecting user ids - then go into change and remove all of the roles you just found - you will need a date range for the roles - just use a date earlier than any role and a date later than any role.

Former Member · ‎08-13-2007

Hi JC and Martin

I am in SU10 - click on the multiple selection dropdown button. After this I paste the users using the Clip board option.I clicked Copy.

I come back to Usrs by complex selection criteria- I clicked F8 execute.Now it shows me the list of users. After this how do I lock them. I clicked on transfer but nothing seems to happen?

How do I lock the usrs from here.,

Former Member · ‎08-13-2007

After the list of users - you need to select them - use all button - once you have transferred them to your "work area". Once that is done - click on the lock button - you should get a confirmation screen saying that a lot of users will be changed. Confirm the messages and you will get a change log of all the ids that were changed.

Former Member · ‎08-13-2007

Jack,

To lock users in tcode SU10 go to the padlock. To lock use CtrlF5 and CtrlF4 to unlock.

You cannot lock users account from SUIM.

Regards, Leandro

Former Member · ‎08-13-2007

Excellent

Thanks

Former Member · ‎08-13-2007

No points awarded ?

Former Member · ‎08-13-2007

Hi JC

Given Points

When u say SUIM, I went into Roles->by user assignment- pasted say for example 50 users from clipboard. It gave me for example 100 roles.Are you saying that these 100 roles are for 50 users which I selected/pasted in SUIM?

How do I go in SU10 and then delete these roles and then lock them?I tried to do it but it does one user at a time...am I right?

Please advice

Former Member · ‎08-14-2007

Jack,

Go to the users listing instead - input the list of users - if you have it in a spreadsheet then you can cut and paste them in. After you have selected the users you can determine what roles are assigned to them. After you get this list of roles - sort them and uniquely identify them in excel. Now you know what roles are assigned to all of these users. Go to SU10 - use the same list of users you originally had and using the list of roles - you can roles these roles from the user list. In SU10 - go to the change pencil and then to the roles tab - you can remove all of the roles at once from that list of users.

Former Member · ‎08-14-2007

Hi Jack,

You can use the SCAT/SECATT to run an script which remove automatically those roles. Be careful using this tool.

Regards, Leandro

Message was edited by:

Leandro Martin Bruzzoni

Former Member · ‎08-13-2007

Hi Jacko,

The best practice that we´re using -based on Security laws- is lock all those users who didn't logon to the systems in the last 60 days and deleted if there still inactive after 90 days. With this procedure you don´t need to remove the role assignment for those users.

Regards, Leandro

Former Member · ‎04-21-2008

The issue of SU10, locking all users at a time can been solved as follows:-

1. Changing max_wp_runtime to 0 ( by which the work process not limited to certain runtime only)

2. Changing the enqueue parameter to a high enough value ( increasing the parameter of locking users at a time as SU10 locks only 20 users at a time).