https://community.sap.com/t5/application-development-and-automation-discussions/automatically-delete-users-locked/m-p/1933795#M386375 <HTML><HEAD></HEAD><BODY><P>Hi Siva,</P><P></P><P>I'm not sure if there's a standard report for this functionality in SAP, but a minor adaptation to RSUSR200 will most probably meet your requirements. I think report RSUSR006 (from the top of my head) can do the same, but the 200 version is more complete. </P><P>Once you have the appropriate selection in place for the report above you could add BAPI_USER_DELETE to your own report (copy of RSUSR200/006) in order for the selected users to be deleted. </P><P>Hope this helps a litlle...</P><P></P><P>Dimitri</P></BODY></HTML> Thu, 22 Feb 2007 12:06:01 GMT former_member74904 2007-02-22T12:06:01Z https://community.sap.com/t5/application-development-and-automation-discussions/automatically-delete-users-locked/m-p/1933794#M386374 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P></P><P>Can you tell how to achieve automatic deletion of users who are locked after certain time period say X days. Let me know if any report is there for the same where users locked for X days are automatically deleted in R/3 system</P><P></P><P>Thanks in advance,</P><P></P><P>Shiva</P></BODY></HTML> Thu, 22 Feb 2007 11:38:02 GMT https://community.sap.com/t5/application-development-and-automation-discussions/automatically-delete-users-locked/m-p/1933794#M386374 Former Member 2007-02-22T11:38:02Z https://community.sap.com/t5/application-development-and-automation-discussions/automatically-delete-users-locked/m-p/1933795#M386375 <HTML><HEAD></HEAD><BODY><P>Hi Siva,</P><P></P><P>I'm not sure if there's a standard report for this functionality in SAP, but a minor adaptation to RSUSR200 will most probably meet your requirements. I think report RSUSR006 (from the top of my head) can do the same, but the 200 version is more complete. </P><P>Once you have the appropriate selection in place for the report above you could add BAPI_USER_DELETE to your own report (copy of RSUSR200/006) in order for the selected users to be deleted. </P><P>Hope this helps a litlle...</P><P></P><P>Dimitri</P></BODY></HTML> Thu, 22 Feb 2007 12:06:01 GMT https://community.sap.com/t5/application-development-and-automation-discussions/automatically-delete-users-locked/m-p/1933795#M386375 former_member74904 2007-02-22T12:06:01Z https://community.sap.com/t5/application-development-and-automation-discussions/automatically-delete-users-locked/m-p/1933796#M386376 <HTML><HEAD></HEAD><BODY><P>Well, in general I'd &lt;u&gt;not&lt;/u&gt; recommend to delete user master records - but simply to set the account validity accordingly. </P><P>Reason: &lt;b&gt;auditibility&lt;/b&gt; - you need to ensure that you are able to assign (historic) transaction data records to human users (which have performed the corresponding actions resulting in those transaction data records); the time period you need to keep those records archived depends on the type of data as well as on country-specific legal regulations.</P><P></P><P>If you delete a user master record and reassign the userID to another user you'll have much harder times to fulfill those legal requirements ...</P><P></P><P>Regards, Wolfgang</P></BODY></HTML> Thu, 22 Feb 2007 13:01:12 GMT https://community.sap.com/t5/application-development-and-automation-discussions/automatically-delete-users-locked/m-p/1933796#M386376 Wolfgang_Janzen 2007-02-22T13:01:12Z https://community.sap.com/t5/application-development-and-automation-discussions/automatically-delete-users-locked/m-p/1933797#M386377 <HTML><HEAD></HEAD><BODY><P>Siva,</P><P></P><P>I agree with Wolfgang; it's best not to delete the user master records, but to set an end-date in the validity period (simply locking them, while rendering them unusable, does not stop them from being counted in your annual license audit, whereas the audit will NOT count user masters that are beyond their validity period).</P><P></P><P>Rather than writing a custom BAPI to do this, you could use SU10, the "User Maintenance: Mass Changes" transaction. With SU10 you can select groups of users based on various criteria and then perform the same action (such as deletion, or setting validity end dates, etc) on all of them at once. To select all locked users, for instance, click on the &lt;i&gt;Authorization data&lt;/i&gt; button, then in the &lt;i&gt;Additional selection criteria&lt;/i&gt; section, check the box for &lt;i&gt;Locked Users Only&lt;/i&gt;. This will give you a selection set of all locked users, which you can then edit, delete, unlock, etc. If you choose the edit the list of users, one of the things you can do is to set the &lt;i&gt;Valid through&lt;/i&gt; date for them all at once.</P><P></P><P>Bear in mind that users might be locked for a number of reasons, and you may not want to invalidate or delete all locked users. For instance, by default, users will be locked after a certain number of incorrect logon attempts (bad passwords entered) in a row. While you might want to pay attention to when this happens, you don't necessarily want to delete the users! Likewise, you might have highly-powerful administrative accounts that you only use in emergencies, and the rest of the time keep them locked, or an account for SAP Support or consultants that again you only unlock when it's actually required.</P><P></P><P>In my organization, we do periodically run report RSUSR200 (mentioned earlier in this thread) in order to find users who have not logged on for a certain period of time, say six months or so. Then we go find out why those users aren't logging on -- have they left the company and we just weren't notified? If we can't determine the reason, we'll usually lock the account and then wait to see if the user complains. You can also get to this report via transaction SUIM, though I use it so often that I created a custom tcode (ZUSR200) to access it directly with my favorite variant, to save a few mouseclicks (it's good to be the sysadmin!).</P><P></P><P>If you really wanted to get fancy and truly automate this process (though I think a human eye looking it over is a good thing), you could probably devise some means of using the output of RSUSR200 as input to SU10 in a batch process.</P><P></P><P>--Matt Fraser</P><P></P><P>Message was edited by: Matt Fraser</P><P> Matt Fraser</P></BODY></HTML> Thu, 22 Feb 2007 15:44:24 GMT https://community.sap.com/t5/application-development-and-automation-discussions/automatically-delete-users-locked/m-p/1933797#M386377 Matt_Fraser 2007-02-22T15:44:24Z https://community.sap.com/t5/application-development-and-automation-discussions/automatically-delete-users-locked/m-p/1933798#M386378 <HTML><HEAD></HEAD><BODY><P>Maybe it's worth mentioning that as of SAP NetWeaver 2004s (aka "7.00") ABAP systems are able to restrict the lifetime of idle passwords - not only of "initial" ones (as of 6.20, after applying the patch of &lt;a href="https://service.sap.com/sap/support/notes/450452"&gt;SAP Note 450452&lt;/a&gt;) but also of "productive" ones - see &lt;a href="https://service.sap.com/sap/support/notes/862989"&gt;SAP Note 862989&lt;/a&gt;</P></BODY></HTML> Thu, 22 Feb 2007 16:32:17 GMT https://community.sap.com/t5/application-development-and-automation-discussions/automatically-delete-users-locked/m-p/1933798#M386378 Wolfgang_Janzen 2007-02-22T16:32:17Z