Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
I don't think it is a very good idea to delete users from the system and it is not a best practice. There are log files and data elements tied to that user id that may need to be reported on at a later date, especially if it was a privileged user or just had access to sensitive data elements and/or production promotion activities. Auditors are going to want to see the audit trails on these user IDs. There are generally two levels of access needed to use these User ID access. The first is usually an active directory, iSeries, or other user ID that allows access to the network. (This ID should be suspended immediately and is the likely candidate for deletion after a predetermined period of time. This one should also be queried for inactivity and automatic suspension on a predetermined basis.) Only then can the SAP user ID be accessed and authenticated (hopefully). My vote is to lock the user ID from any further use and retain your audit trail integrity for at least a year and only with approval of your internal/external auditors remove the user ID from the system. Hope this helps.
Warm regards,
The information transmitted is intended solely for the individual(s) or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking action in reliance upon this information by persons other than the intended recipient is prohibited. If you have received this email in error please contact the sender and delete the material from any computer.
From: Sonia via sap-security [mailto:sap-security@Groups.ITtoolbox.com]
Sent: Friday, May 28, 2010 4:53 AM
To: Lee Allen
Subject: Re: [sap-security] Best Practice to Deleted/Deactivated Users
Posted by Sonia (Sap Bas and Security Design Consultant)
on May 28 at 4:52 AM Mark as helpful
Hi Yasin,
My vote goes for 1 & 3.
let say a consultant is working on a project ,say for 3 to 12 months - in
this case we will delete the users with the proper approvals &
Documentation. (i.e once the user leaves the company,next day itself we
will get a ticket to delete the user.)
Internal users who styaed for longer period - Lock the user and expire
it thru validity period.
Thank you,
Sonia
On Thu, May 27, 2010 at 5:47 AM, AhmadYasin via sap-security <
sap-security@groups.ittoolbox.com> wrote:
> Posted by AhmadYasin(Systems Administrator)
> on May 27 at 5:47 AM
> Dear All,
>
> There is a request from our management to put a procedure to
> deactivate/delete user IDs for resigned/non-paid leaves users. From your
> experience, what is the best practice? I have below scenarios:
>
> 1-Lock the user without removing any role assignment and/or change the
> password?
> 2-Lock the user with removing role assignment and/or change the password?
> 3-Remove the user completely from the system?
>
> I know how to do all the above scenarios and I know that every company has
> its own procedure but from your experience what is the most common used
> scenario?
>
> Regards,
> Ahmad Yasin
| __.____._ Copyright © 2010 Toolbox.com and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
| | Related Content White Papers
In the Spotlight  _.____.__ |
Mark as helpful
