Best practice to delete a User in SRM.
Can some one tell how we can handle a situation where we have to delete a user from SRM, but make sure we don't have any open procurement documents. SRM server 550
Here is my issue:
1. Users are replicated to SRM from ECC via ALE
2. Whenever a user is terminated from the company a user update from ECC will delete the user in SRM.
Appreciate any help and will give points
Arpita
Arpita
Our business process for removing users from our SRM 5.5 system
1. TCode SU01 expire the users licence and lock the userID.
2. Also in SU01 remove the users email address esp if using off line mail processes
3. Remove the user's roles using PFCG
4. In the SRM Org Structure we have a node for de-activated users not attached to any Company code - we move them to that node and change the assignment description so we know where they came from - this is our Audit requirement.
5. In the Org Structure remove any attributes concerned with approval of cost centers/orders etc. Also change their Approval Value level in Extended attriutes to zero.
6. If the user was an approver check SWI5 to find any uncompleted workflow items
7. Use SWIA to re-route those items to an appropriate approver
8. Check for any user substitutes active or passive and remove them, we wrote an ABAP application for this as we could find no suitable SAP transaction. You could log on as the user and do it that way, but if the user is a substitute for someone else you cannot.
9 If the user exists in the back end ERP system, de-activate in SU01 as steps 1 & 2 above
10 Check if there are any workflow in ERP.
We never delete users as this will cause problems with any documents that they worked on for ever and ever and ever...
With this procedure sometimes - not very often - they return to the organization and they can be re-activated.
Hope this helps you and others
Allen
Similar Messages
-
Best Practice for Deleted AD Users
In our environment, we are not using AD groups. Users are being added individually. We are running User Profile Service but I am aware that when a user is deleted in AD, they stay in the content database in the UserInfo table so that some metadata can be
retained (created by/modified by/etc).
What are best practices for whether or not to get rid of them from the content database(s)?
What do some of you consultants/admins out there do about this? It was brought up as a concern to me that they are still being seen in some list permissions/people picker, etc.
Thank you!Personally I would keep them to maintain metadata consistency (Created By etc as you say). I've not had it raised as a concern anywhere I've worked.
However, there are heaps of resources online to delete such users (even in bulk via Powershell). As such, I am unaware of cases of deleting them causing major problems.
w: http://www.the-north.com/sharepoint | t: @JMcAllisterCH | YouTube: http://www.youtube.com/user/JamieMcAllisterMVP -
What is the best practice of deleting large amount of records?
hi,
I need your suggestions on best practice of deleting large amount of records of SQL Azure regularly.
Scenario:
I have a SQL Azure database (P1) to which I insert data every day, to prevent the database size grow too fast, I need a way to remove all the records which is older than 3 days every day.
For on-premise SQL server, I can use SQL Server Agent/job, but, since SQL Azure does not support SQL Job yet, I have to use a Web job which scheduled to run every day to delete all old records.
To prevent the table locking when deleting too large amount of records, in my automation or web job code, I limit the amount of deleted records to
5000 and batch delete count to 1000 each time when calling the deleting records stored procedure:
1. Get total amount of old records (older then 3 days)
2. Get the total iterations: iteration = (total count/5000)
3. Call SP in a loop:
for(int i=0;i<iterations;i++)
Exec PurgeRecords @BatchCount=1000, @MaxCount=5000
And the stored procedure is something like this:
BEGIN
INSERT INTO @table
SELECT TOP (@MaxCount) [RecordId] FROM [MyTable] WHERE [CreateTime] < DATEADD(DAY, -3, GETDATE())
END
DECLARE @RowsDeleted INTEGER
SET @RowsDeleted = 1
WHILE(@RowsDeleted > 0)
BEGIN
WAITFOR DELAY '00:00:01'
DELETE TOP (@BatchCount) FROM [MyTable] WHERE [RecordId] IN (SELECT [RecordId] FROM @table)
SET @RowsDeleted = @@ROWCOUNT
END
It basically works, but the performance is not good. One example is, it took around 11 hours to delete around 1.7 million records, really too long time...
Following is the web job log for deleting around 1.7 million records:
[01/12/2015 16:06:19 > 2f578e: INFO] Start getting the total counts which is older than 3 days
[01/12/2015 16:06:25 > 2f578e: INFO] End getting the total counts to be deleted, total count:
1721586
[01/12/2015 16:06:25 > 2f578e: INFO] Max delete count per iteration: 5000, Batch delete count
1000, Total iterations: 345
[01/12/2015 16:06:25 > 2f578e: INFO] Start deleting in iteration 1
[01/12/2015 16:09:50 > 2f578e: INFO] Successfully finished deleting in iteration 1. Elapsed time:
00:03:25.2410404
[01/12/2015 16:09:50 > 2f578e: INFO] Start deleting in iteration 2
[01/12/2015 16:13:07 > 2f578e: INFO] Successfully finished deleting in iteration 2. Elapsed time:
00:03:16.5033831
[01/12/2015 16:13:07 > 2f578e: INFO] Start deleting in iteration 3
[01/12/2015 16:16:41 > 2f578e: INFO] Successfully finished deleting in iteration 3. Elapsed time:
00:03:336439434
Per the log, SQL azure takes more than 3 mins to delete 5000 records in each iteration, and the total time is around
11 hours.
Any suggestion to improve the deleting records performance?This is one approach:
Assume:
1. There is an index on 'createtime'
2. Peak time insert (avgN) is N times more than average (avg). e.g. supposed if average per hour is 10,000 and peak time per hour is 5 times more, that gives 50,000. This doesn't have to be precise.
3. Desirable maximum record to be deleted per batch is 5,000, don't have to be exact.
Steps:
1. Find count of records more than 3 days old (TotalN), say 1,000,000.
2. Divide TotalN (1,000,000) with 5,000 gives the number of deleted batches (200) if insert is very even. But since it is not even and maximum inserts can be 5 times more per period, set number of deleted batches should be 200 * 5 = 1,000.
3. Divide 3 days (4,320 minutes) with 1,000 gives 4.32 minutes.
4. Create a delete statement and a loop that deletes record with creation day < today - (3 days ago - 3.32 * I minutes). (I is the number of iterations from 1 to 1,000)
In this way the number of records deleted in each batch is not even and not known but should mostly within 5,000 and even you run a lot more batches but each batch will be very fast.
Frank -
What are the best practices to migrate VPN users for Inter forest mgration?
What are the best practices to migrate VPN users for Inter forest mgration?
It depends on a various factors. There is no "generic" solution or best practice recommendation. Which migration tool are you planning to use?
Quest (QMM) has a VPN migration solution/tool.
ADMT - you can develop your own service based solution if required. I believe it was mentioned in my blog post.
Santhosh Sivarajan | Houston, TX | www.sivarajan.com
ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
Blogs: Blogs
Twitter: Twitter
LinkedIn: LinkedIn
Facebook: Facebook
Microsoft Virtual Academy:
Microsoft Virtual Academy
This posting is provided AS IS with no warranties, and confers no rights. -
Is there a best practice for deleting a published report?
Post Author: matthewh
CA Forum: General
Is there a best practice for deleting a published report from C:\Program Files\Business Objects\BusinessObjects Enterprise 11.5\FileStore on Crystal Reports Server or can I just delete the subfolders? Does it reference them elsewhere? I have a load of old reports I need to shed, but can't see how to do it.Hi,
You can refer the SRND guide. As per document (page -292)
you can configured -You can add a maximum of 50 agents per team.
http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/ipcc_enterprise/ippcenterprise9_0_1/design/guide/UCCE_BK_S06086EC_00_srnd-9-0-1.pdf
Also you can check the Bill of Material document of UCCE , under the section "Operating Conditions, Unified ICM, Unified CC" What are the number should configure in UCCE. -
Best practice when deleting from different table simultainiously
Greetings people,
I have two tables joined with a foreign key contrraint. They are written at the same time to keep the constraint happy but I don't know the best way of deleting them as far as rowsets and datamodels are concerned. Are there "gotchas" like do I delete the row in the foreign key table first?
I am reading thread:http://swforum.sun.com/jive/thread.jspa?forumID=123&threadID=49918
and getting my head around it.
Is there a tutorial which deals with this topic?
I was wondering the best way to go.
Many Thanks.
Phil
is there a "best practice" method forWithout knowing many details about your specifics... I can suggest a few alternatives -
You can definitely build coordinating the deletes into your application - you can automatically delete any FK related entries prior to deleting the master, or, refuse to delete the master until the user goes and explicitly deletes the children... just depends on how you want to manage it.
Also in many databases you can build the cascading delete rules into your database tables themselves.... so that when you delete the master the deletes automatically cascade. I think this is something you typically declare when creating the FK constrataint (delete cascade and update cascade rules).
hth,
v -
Best practice for Active Directory User Templates regarding Distribution Lists
Hello All
I am looking to implement Active Directory User templates for each department in the company to make the process of creating user accounts for new employees easier. Currently when a user is created a current user's Active directory account is copied, but
this has led to problems with new employees being added to groups which they should not be a part of.
I have attempted to implement this in the past but ran into an issue regarding Distribution Lists. I would like to set up template users with all group memberships that are needed for the department, including distribution lists. Previously I set this up
but received complaints from users who would send e-mail to distribution lists the template accounts were members of.
When sending an e-mail to the distribution list with a member template user, users received an error because the template account does not have an e-mail address.
What is the best practice regarding template user accounts as it pertains to distribution lists? It seems like I will have to create a mailbox for each template user but I can't help but feel there is a better way to avoid this problem. If a mailbox is created
for each template user, it will prevent the error messages users were receiving, but messages will simply build up in these mailboxes. I could set a rule for each one that deletes messages, but again I feel like there is a better way which I haven't thought
of.
Has anyone come up with a better method of doing this?
Thank youYou can just add arbitrary email (not a mailbox) to all your templates and it should solve the problem with errors when sending emails to distribution lists.
If you want to further simplify your user creation process you can have a look at Adaxes (consider it's a third-party app). If you want to use templates, it gives you a slightly better way to do that (http://www.adaxes.com/tutorials_WebInterfaceCustomization_AllowUsingTemplatesForUserCreation.htm)
and it also can automatically perform tasks such as mailbox creation for newly created users (http://www.adaxes.com/tutorials_AutomatingDailyTasks_AutomateExchangeMailboxesCreationForNewUsers.htm).
Alternatively you can abandon templates at all and use customizable condition-based rules to automatically perform all the needed tasks on user creation such as OU allocation, group membership assignment, mailbox creation, home folder creation, etc. based on
the factors you predefine for them. -
Best practices for setting up users on a small office network?
Hello,
I am setting up a small office and am wondering what the best practices/steps are to setup/manage the admin, user logins and sharing privileges for the below setup:
Users: 5 users on new iMacs (x3) and upgraded G4s (x2)
Video Editing Suite: Want to connect a new iMac and a Mac Pro, on an open login (multiple users)
All machines are to be able to connect to the network, peripherals and external hard drive. Also, I would like to setup drop boxes as well to easily share files between the computers (I was thinking of using the external harddrive for this).
Thank you,Hi,
Thanks for your posting.
When you install AD DS in the hub or staging site, disconnect the installed domain controller, and then ship the computer to the remote site, you are disconnecting a viable domain controller from the replication topology.
For more and detail information, please refer to:
Best Practices for Adding Domain Controllers in Remote Sites
http://technet.microsoft.com/en-us/library/cc794962(v=ws.10).aspx
Regards.
Vivian Wang -
Best practice for deletion of SAP standard configuration
Does anyone have any documentation related to deletion of standard SAP configuration? My client is requesting deletion of all the standard delivered company codes and I believe it is best practice to never delete them. I am looking for supporting documentation that supports this.
Rhonda,
I have never seen a system where the standard delivered company codes did not exist, so I can't say what the implications of deletion are. I suppose it is possible to do....
For documentation, I guess you could search through service.sap.com/support.
I would think you would respond to the request as follows:
Tell the client it will be extra work to delete the items. Which will translate into additional billable fees.
Tell the client (in writing) that you cannot predict what all possible outcomes will be, but that you are willing to work with him to fix anything that gets broken in the process. For additional billable fees.
In the end, the client is paying for your advice and your services. In the end, he owns the license and the system upon which it is running. He can have anything he wants, there is no other 'right' or 'wrong'.
I suggest you don't delete anything in client 000. Most companies keep this as a reference. If the client later decides to reconstruct, this would be a nice source of info.
Since company codes greatly affect FI/CO, you might want to post the question in one of those forums.
Best Regards,
DB49 -
Best Practices in use of ABAP for SRM and/or CRM Configuration
I was wondering if there is a document that defines best practices for the use of ABAP with the installation and customization of SRM and/or CRM. Such as amount of ABAP coding typically required, and best practices around the use of ABAP for customization and configuration.
Thanks.Hi, Johnson
Sorry, Please don't mind, you are not at right place to ask the Question like this
Please read "The Forum Rules of Engagement" before posting! HOT NEWS!!
Thanks and Regards,
Faisal -
Bad bind variable & best practice for delete
I am working with three tables and very new to SQL. I need to create a procedure that will accept an ID and go through two sub tables and delete child records. Item is the main table. I am passing in the ID into the procedure and I want to use it as below. I keep getting a bad bind variable error message. I have verified that the table is setup as a number and my procedure accepts a number. I also want someone to review this from best practice as I am new to procedures.
PROCEDURE DeleteItem (p_ItemID IN NUMBER, p_RowsAffected OUT number)
IS
p_RowsAffected NUMBER;
-- select the itemdetail for the analysis
CURSOR c_itemdetail
IS
SELECT
itemdetailid
FROM itemDETAIL
WHERE itemid = :p_ItemID;
BEGIN
-- loop through each itemdetail and delete the itemdetailoutlay
FOR r_itemdetail IN c_itemdetail
LOOP
BEGIN
DELETE FROM ITEMDETAILOUTLAY
WHERE itemdetailid = r_itemdetail.itemdetailid;
COMMIT;
END;
END LOOP;
-- delete the itemdetail
BEGIN
DELETE FROM ITEMDETAIL
WHERE itemid = :p_ItemID;
COMMIT;
END;
-- delete the main item
BEGIN
DELETE FROM ITEM
WHERE itemdid = :p_ItemID;
COMMIT;
p_RowsAffected := SQL%ROWCOUNT;
END;
END DeleteItem;Hi,
Welcome to the forum!
As you may notice, this site normally compresses white-space. Whenever you post code, or any formatted text, on this site, type these 6 characters:
\(small letters only, inside curly brackets) before and after each section of formatted text, to preserve spacing.
I don't think you mean to use bind variables anywhere, so don't use colons before any variable names. You were doing this correctly with p_RowsAffected; do the same thing with p_ItemID.
Try this:PROCEDURE DeleteItem (p_ItemID IN NUMBER, p_RowsAffected OUT number)
IS
-- p_RowsAffected NUMBER; -- Don't name local variables the same as arguments
-- select the itemdetail for the analysis
CURSOR c_itemdetail
IS
SELECT
itemdetailid
FROM itemDETAIL
WHERE itemid = p_ItemID; -- No : before p_ItemID
BEGIN
-- loop through each itemdetail and delete the itemdetailoutlay
FOR r_itemdetail IN c_itemdetail
LOOP
BEGIN
DELETE FROM ITEMDETAILOUTLAY
WHERE itemdetailid = r_itemdetail.itemdetailid;
COMMIT;
END;
END LOOP;
-- delete the itemdetail
BEGIN
DELETE FROM ITEMDETAIL
WHERE itemid = p_ItemID; -- No : before p_ItemID
COMMIT;
END;
-- delete the main item
BEGIN
DELETE FROM ITEM
WHERE itemdid = p_ItemID; -- No : before p_ItemID
COMMIT;
p_RowsAffected := SQL%ROWCOUNT;
END;
END DeleteItem;
The most important "best practice" with PL/SQL is to avoid doing it whenever possible.
If SQL offers a way o do the same thing, it's usally best not to code anything in PL/SQL.
Have you considered foreign key constraints, with "ON DELETE CASCADE"? That way, you could simply "DELETE FROM item", and all the dependent rows in the other tables would automatically be deleted. You wouldn't need to remember to call a procedure like this; in fact, you would have no need for a procedure like this.
Given that you do have such a procedure:
You're doing row-by-row processing, which some mad wags like to call "slow-by-slow" processing.
For example, iYou're xplicitly finding each ItemDetailID separately, and deleting each one separately, like this:... CURSOR c_itemdetail
IS
SELECT
itemdetailid
FROM itemDETAIL
WHERE itemid = p_ItemID;
-- loop through each itemdetail and delete the itemdetailoutlay
FOR r_itemdetail IN c_itemdetail
LOOP
BEGIN
DELETE FROM ITEMDETAILOUTLAY
WHERE itemdetailid = r_itemdetail.itemdetailid;
COMMIT;
END;
END LOOP;
It's more efficient for the system (and less coding for you) if you let SQL handle as much as possible, so do this instead... DELETE FROM ItemDetailOutlay
WHERE ItemDetailID IN
( SELECT itemdetailid
FROM itemDETAIL
WHERE itemid = p_ItemID
Do you really want to COMMIT 3 times? 0 or 1 times might be better.
What happens if there is some kind of error, say, after you've delete rows form ItemDetailOutlay and ItemDetail, but before you've delete from Item? Wouldn't you want the entire transaction to fail, and leave all three tables in a consistent state? If so, either have the calling procedure COMMIT, or have a single COMMIT at the end of DelteItem.
Edited by: Frank Kulash on May 6, 2010 2:25 PM -
Best Practice - Securing Schema from User Access
Scenario:
User A requires access to schema called BLAH.
User A is a developer that built an application using this schema in a separate development environment, although has the same privileges mirrored to production (same roles etc - required for operation of the application built).
This means that the User has roles that grant Select, Update etc rights for the schema / table in order to use (and maintain) the applications.
How can we restrict access to the BLAH schema in PRODUCTION, enforcing it to only be accessible via middle tier / application (proxy authentication?)?
We've looked at using proxy authentication, however, it's not possible to grant roles and rights to the proxy account and NOT have them granted to the user (so they can dive straight in using development tooling and hit prod etc)>
We've tried granting it on a session basis using proxy authentication (i.e. user a connects via proxy, an we ENABLE a disabled role on the user based on this connection), however, it causes performance issues.
Are we tackling this the wrong way? What's the best practice for securing oracle schemas (and objects in general) for user access where the users actually get oracle user account (or even use SSO) for day to day business as usual.
To me this feels like a common scenario, especially where SSO comes into play ...What about situations where we have Legacy Oracle Forms stuff? In these cases the user must be granted select etc rights to particular objects, as this can't connect via a middle tier.
The problem we have is that our existing middle tier implementation is built expecting the user credentials to be passed to it during initial authentication and does not use a proxy, or super user style account. We have, historically, been 100% reliant on Oracle rights and controls to validate and restrict access to our underlying data. From what you are saying, we should start to look at using proxy or super user access and move this control process further up - i.e. into Code or Packages ? If so, does this mean that there is no specific way to restrict schema access to given proxy accounts and then grant normal user accounts to connect through these to get access (kind of a delegated access scenario), without using disabled roles? -
What is the best practice to create IDM user and target accts via recon
usecase:
LDAP<--->idm---->AD.
User exists in LDAP. IDM and AD are empty. Need to create IDM user and AD acct from LDAP data.
I can recon against LDAP and create the IDM user. But I cannot create AD acct in the same recon process. What is the best practice to do the above.i think you have to have a "Per-account Workflow" set which creates the user in AD.
-
Best practice for deleting multiple rows from a table , using creator
Hi
Thank you for reading my post.
what is best practive for deleting multiple rows from a table using rowSet ?
for example how i can execute something like
delete from table1 where field1= ? and field2 =?
Thank youHi,
Please go through the AppModel application which is available at: http://developers.sun.com/prodtech/javatools/jscreator/reference/codesamples/sampleapps.html
The OnePage Table Based example shows exactly how to use deleting multiple rows from a datatable...
Hope this helps.
Thanks,
RK. -
Best practices to delete old content
What is the best way to delete old content? The amount of data (documents and recordings) is growing steadily and our server is running out of disc space. According to our policy documents and recordings older than 6 months can be removed.
What is the best way to do this (via API) and what else do we have to consider? Any recommendations?
Thanks & best regards,Remove the application from your applications folder.
Then navigate to the ~/Library/Application Support folder and delete everything in there associated with the specific program.
Also navigate to the /Library/Application Support folder and delete the files specific to the program.
~/Library/Preferences to delete the preferences you have for that specific application for when/if you reinstall it.
That's basically the most thorough way to remove something from your mac.
Maybe you are looking for
-
Link to child level detail report via variable ? / navigate to ?
I was wondering if anyone has had a similar experience; I am trying to based on selection link to customer details Example: Fact & Dimensions; Fact (I aggregated to Customers gained); Dimension1 (Date / Period); Dimension2 (Customer Dimension) Proble
-
Hi, I am using flex1.5. As per my requirement, i have to display the different mxmls in same page(that mxmls also will have .as everything). As per the user option slected. For that i am placing one loader and i am dynamically changing my loader sour
-
Hi All, Can u anybody have SAP Knowledge warehouse? if, please contact me thro mail ID : [email protected] Thanks, - Sel
-
Hi people, Has anyone managed to get gallium3d working with nouveau? I have these packages: nouveau-dri 7.8.2-1 xf86-video-nouveau 0.0.16_git20100517-1 The former provides /usr/lib/xorg/modules/dri/nouveau_dri.so, but in /var/log/Xorg.0.log, I keep g
-
I'm a starter to LDAP and want to know how to create a new plugin from a existing one. I want to replicate uid uniqueness plugin to work as email uniqueness so that I can use two plugins uid and email uniqueness. I'm using DS 5.2 Please help !