How to delete users in the child systems with CUA?

Similar Messages

• CUA- Deleting user IDs from Child systems

  Is there a possibility of configuring CUA in such a way that user IDs can be created and access can be updated from CUA but deleting user IDs should be taking place only in the child system (Not in all the child systems)?

  Generally good advice to keep the uniqueness of UIDs over time, also after Elvis has left the building
  What you could consider is a CUA RFC user which is not authorized to delete UID's and schedule a purge job for those IDOCs which deleted only them.
  However these sorts of "workaround" solutions are not the best advise, to be honest. What happens it someone temporarily assigns SAP_ALL because there is a big problem and authorizations should be excluded as the cause to get it working again?
  Also, every time a new child system is added to the CUA you will be flooded.
  My advice: Rather change your procedure (as discribed by Jurgen).
  What would be interesting to test is whether you are authorized to move a user (change the authorization relevevant group which they currently have) to a group which the CUA user is no long able to subsequently administrate? But theen you will still be hunting down IDOCs from time to time, most likely.
  If your shop is big enough to have these systems you have described, then you might want to consider an IdM system to replace your CUA at some time.
  If you wish, I will move this thread to the IdM forum.
  Cheers,
  Julius
  ps: Please do not cross-post.

• User update in Child system through CUA

  Hi,
  I created a role in child system and assigned it to the users in the parent system
  However, users are not getting updated in the child system
  Plz suggest

  Did you run text comparison after creating the role ?
  If not do that .
  [SU01 --> enter user --> Roles --> Text comparison from child system OR run report SUSR_ZBV_GET_RECEIVER_PROFILES ]
  Thanks
  Prince Jose
  Message was edited by:
          Prince Jose

• How to delete messages on the Iphone 4s with operating software 8.1

  I can't figure out how to delete individual messages in a conversation on the Iphone 4s with operating software 8.1, it only seems to allow to delete the whole conversation. Any ideas?

  Hey AndreaKarima,
  Thanks for the question. The following resource outlines how to delete a specific message (as opposed to an entire conversation):
  Manage conversations - iPhone
  http://help.apple.com/iphone/8/#/iphf2d85437
  Delete a message. Touch and hold a message or attachment, tap More, select additional items if desired, then tap the delete button.
  Thanks,
  Matt M.

• How to delete users in CMC BO integrated with SAP BW

  hello experts,
  i am using bo 4.1 , i want to delete users in CMC which is integrated with SAP BW role import.
  i am deleting manually but after BW connection refresh again users is coming in to CMC.
  please tell me any alternate way to delete users
  thanks,
  naresh.

  Hi,
  You cannot delete the users if they are integrated with SAP BW role import.
  However if you remove all the roles that the users is/are member of then the user will be removed automatically in next update but by doing so it will remove all other users part of those groups that you are not interested in also.
  may i know why are you looking to delete users ?
  If you delete manually then all the personal folders will be vanished and even if your user comes back in the next update you will not be able to recover the personal folders.
  Thanks,
  Tanveer.

• How to delete entries in the T030 table with LSMW?

  Hi all,
  I need to delete 600 entries from T030 table (Fix account table), Tcode OBYG, and I want to use a legacy for this,
  but I don´t know how or if is possible delete entries from a table with a legacy.
  Thanks in advance!

  You Can Use SCAT instead.

• How to get the list of roles assigned to a user in all the child systems

  how to get the list of roles assigned to a user in all the child systems from CUA SYSTEM

  Try transaction SUIM in your CUA system. Go to user, cross-system information, users by roles. If you run it wide open, you'll get all users and all roles assigned for all systems managed in your CUA.
  Krysta

• RFC for User Lock and Unlock for child systems in CUA

  Dear All,
  Can anyone tell me, how to lock or unlock a user in child systems from CUA using a BAPI or RFC.
  As per the requirement I can not use TCode SU01 for this purpose. I can only use RFC/BAPI for the same.
  Thanks
  Om
  Edited by: Om Somesh on Apr 13, 2009 3:57 PM

  Hi OM,
  One way could be to use RFC_READ_TABLE in order to look at USR02.
  The second method is by using SCUM transaction code
  Regards
  Krishna

• How to unlock users in a SAP system if all of them are locked

  How to unlock users in a SAP system if all of them are locked
  Posted: Mar 21, 2007 10:07 AM         Reply      E-mail this post 
  Hello Experts,
  In any SAP System,if a user having authorizations has mistakingly locked all the users of the SAP system,then how wll we unlock those users bcoz we wont be able to logon into the SAP System. Requested to revert your valuable replies at earliest.This happened with us,how to resolve it.My Email Id is [email protected] .
  Regards,
  Saumya

  Hello Siva And Manas,
  Thanx for ur replies .
  Manas: These SQL statements we hv to run at the Command Prompt level only na.......
  Siva : U r telling to delete the SAP* user ,u dont mean with the System created default user SAP* rite but u mean to delete our self created SAP*/any super user rite? Secondly how to delete tat user at the database level?
  Regards,
  Saumya
  If all the users are locked , they can only be unlocked via sql.
  Actually waht happens is if the uflag field of an user in table usr02 is 0 then the user is unlocked. Different values of the uflag field in table USR02 mean:
  0          User not locked
  32         Locked by CUA central administrator
  64         Locked by administrator
  128       Locked after failed logon
  Incase all the users are locked execute the following sql to unlock them
  update sap<sid>.usr02   (means update sapd01.usr02 or sapq01.usr02 etc)
  set uflag='0' ;
  commit.;
  This unlocks all the users.
  update sap<sid>.usr02
  set uflag='0' where bname='xxx';
  commit.;
  This unlocksonly the user xxx.

• Delete option coming in child System

  We have recently implemented CUA in our landscape.Now that we are able to see delete option available in one of the child system which is not there in the initial stages and not in any othere child systems.Can any one help me in finding the reason for its occurance and make it consistent with other systems.

  Hi Naveen,
  Do one thing. Try to save the CUA model through SCUA once again and look out for errors. Let yus know the errors you get. Also do one thing. Try remote login from the master ssytem into child system using the RFC destination. I think the ALE user in the RFC destination is either locked or has wrong password maintained.
  regards.
  Ruchit.

• Cannot delete users from the Central Management Console

  I cannot delete users from the Central Management Console.  I'm logged in to Enterprise as administrator but still get the following error:
  There was an error while writing data back to the server: Sorry, you do not have the right to 'Delete objects' (id - 22) for 'koberg' (id - 725415). Please contact your system or permissions administrator if you require this right.
  Thanks in advance for any help on this matter.

  Oops, my mistake, sorry. Ok, so the Administrator cannot delete user koberg.
  Check top level:
  Logon to CMC, browse to Home > Settings and select the Rights tab. These are your top level settings. Factory default will show only Administrators and Everyone. Select the Net Access "Advanced" for the Administrators group. NB: Do not select these group names links - they will jump you out of the top level! On the Advanced rights page, ensure the right to "Delete objects" is explicitly granted.
  Then set for the Users top level folder:
  In the CMC, browse to Home, and select Users. Select the "Rights" button. Again - NB: Do not select these group names links - they will jump you out of the Users top level folder! Set the Administrators group to "Full Control". Save.
  That should be all you need. However, there is a possibility the previous admin was busy setting security not only at the account level, but on groups so we need to verify the user:
  In the CMC, browse to Home, and select Users. In the User list, select koberg. In the koberg account page, select the Rights tab. If the Administrators is not set to (Inherited Rights), make it so, and when you select the "Update" button, you should see the Net Access update to "Full Control". If this is the case, you should follow these steps on each account and accomplish this.
  And if you still can't delete it, verify the groups:
  In the CMC, browse to Home, and select Users. In the User list, select koberg. In the koberg account page, select the "Member of" tab. Note all groups koberg is a member of. Then in the CMC, browse to Home, and select Groups. Select the name hyperlink for the group(s) that koberg belongs to. On the group page, select the Rights tab, and ensure the Administrators have (Inherited Rights) - Full Control on all of these, also. If not, set it.
  Finally, I know you inherited this, but let's overview some basics of simplifying your deployment administration. Follow these guidelines, and your administration life will be so much easier.
  1. The Everyone group should never have any subgroups. Ever. All accounts on the system are a member of the Everyone group. Adding subgroups to the Everyone group is redundant.
  2. For simplicity's sake, Application level access should be set on the Adminstrators Group, and the Everyone group. I know there are customers who add groups to application rights. I don't understand why users would have an account on the system if they are not allowed access to InfoView, but it's your system.
  3. From a report object perspective, the Everyone group should be set at the top level to "No Access". This will result in them having no rights on anything at all. You break this inheritance at the application level to give them access to InfoView and other apps. On folders and objects, you ADD groups, then assign (ADD) rights as desired.
  4. If you can help it, never explicitly deny a right to any user or group for any object or application. Explicitly deny overrides any other setting. If a user belongs to group A and group B, and group A is explicitly denied a right, you can explicitly grant it for group B or the user all day long, and it will still be denied. Always try to put yourself in the position of adding groups/users, and adding rights, then inheriting as far down the folder tree as you can.

• To get the logical system names of all the child systems in a CUA envirnmnt

  Hi Gurus ,
  Is there any table where we can find the logical system names of all the child sytems in a CUA environment .
  This is for a requirement that i need to develop an automated process where we can reset the password of all the child system in a CUA environemt when requested by the user at once .
  I found some tables such as V_TBDLS , but they do not contain the exact information what i need .
  Thanks in advance ,
  Harshit Rungta

  Hi,
  You are in the right track. BD54 will show you the logical system name for all the existed systems in CUA.
  Else you can also go to your CUA system and execute t-code SALE --> Basic Setting --->Logical Systems  ---> Assign logical system to client -
  > Display details
  here you can see logical system names for all the clients assigned to CUA.
  Thanks,
  Deb

• How do we determine if the BW system is running  slow?

  Dear BWers,
  How do we determine if the BW system is running slow? I have a situation where it is taking about 1 hr 30 min to load 700,000 records from the application server with direct mapping and no major transformations. How do i conclude if my BW system is running slow? Is there any documentation on this or benchmarks to analyze this? All and any help is appreciated.
  Thanks
  Raj

  The time taken to load depends on a few factors like the following:
  1. network bandwidth
  2. system memory on the application server.
  3. available processes in the application server to start the job
  Make sure to load the master data, activate them and also apply change run before you load the transaction data. If you have secondary indexes, make sure you delete them before laoding data. I will suggest to have sequential load and put all the processes in a process chain. Where ever you can, try to split the package size. But in your case, the no of records is not that much and so you should be fine with one info package.
  Ravi Thothadri

• Diferent password expiration days for different users in the same system.

  Hi sdn gurus,
  We need to configure different password expiration days for different groups of users in the same system.
  We know how to configure the system to define a password expiration time for the complete system (parameter login/password_expiration_time), but we must configure some expiration time to a group of users and another expiration time to another one in the SAME system.
  Somebody know a way to do this?
  Thanks in advance for your help!!!

  Hi Sunny,
  Thanks for your reply!!!
  We know the parameter is for the complete system ... but we are trying to find out if exist another way to define diferent passwrod expiration days, to diferent group of users (may be with an additional system parameters or UME configuration).
  Thanks to all for your help.

• I have itunes on a mac with 2 users but the library only shows on the main user how can both users have the same library?

  i have itunes on a mac with 2 users but the library only shows on the main user how can both users have the same library?

  Hi,
  Have a Look at these Links on Home Sharing:
  http://support.apple.com/kb/HT4620
  http://support.apple.com/kb/HT3819
  Could be what you need...
  Cheers,