Mass deletion of roles from users

Similar Messages

• ECATT to mass delete singles roles from a composite

  Hi,
  I am creating an eCATT to delete singles roles from multiples Composites roles. The eCATT takes the same position of the single role for each composite.  And of course the single role may differ per role.
  Could someone help?
  Thank you in advance,
  Yolanda

  HI Garcia,
  I didnot quite get your example as I am not familiar with the roles tables or transactions.
  But, if I understood ur requirement, you want to delete all those single roles (some specific role) from a list of roles.
  I am not sure how the transaction looks here, but a standard way of doing it is to record one execution of deleting the role using TCD or SAPGUI using the position button when available, entering the role name, selecting the delete button on the screen and then save.
  Now, when you check the database table for the number of occurances that this type of role is present, collect the count of the table into a local parameter and execute the earlier script of deleting multiple times using DO command.
  Select count from <tabname> where <role field> is <value> into <Local parameter>.
  and use the earlier script with in
  DO (<local parameter>).
          SCRIPT
  ENDDO.
  This ideally works. You can come back if u need any additional inputs.
  Best regards,
  Harsha

• Mass deletion of SAP roles from users

  Hello All,
  i need to delete all assinged roles from a big number of users. I know the users but not the roles which the users have. I need to delete all roles from the users-id's.
  I know SU10 and i can select all my needed users. But in the role tab i can not work with roles-names like Z* to delete. I can select all z*-roles and select "remove" but when i click to save, i get the message no changes made on the users???
  Any idea?
  Gruß
  Toni

  Hi David.
  David Berry wrote:
  I take it this is being run in PRD? What checks are being carried out during the table entry deletions and are you 100% happy sitting at your keyboard when pressing the 'run' button?
  Changes are made in PRD. The program was tested and is approved by each customer.
  Is there an easy way back to the previous state should it go wrong and how do you explain it to the auditors if needed that you assigned-number of roles in PRD against your own user ID possibly with no CDHDR/CSDPOS entries to back you up.
  Sorry for the 'negative vibes' but I don't like direct table maintenance in PRD for security.
  Best wishes
  David
  The way back is uploading the old role assignment previously exported from AGR_USERS. The program takes an excel sheet. In addition this excel sheet is attached to the change requests.
  From risk perspective we say (and experienced): mass changes through copy and paste lead to much more errors and faulty authorizations.
  Regarding direct table maintenance: standard function modules are used (like the one mentioned above) and the changes are visible in the change documents, Therefore the auditors grant an exception for using such tools.
  Cheers, Tobias

• Unable to delete Role from User ID in SAP SOLMAN production system but able to from DEV with the same authorization, pls suggest

  unable to delete Role from User ID in SAP SOLMAN production system but able to from DEV with the same authorization, pls suggest

  Hi,
  For SU01 role removal, you do not need S_USER_AGR with 02, and as you mentioned both authorizations available in production, if so trace should not show you the S_USER_AGR with 02 with RC=04.
  I would recommend to do role comparison for the user performing the activity. and then check if you have the S_USER_AGR with 02 in user buffer SU56.
  But ideally it should not ask you S_USER_AGR for 02 through SU01, so please take help of abaper to debug it.
  Also put trace in non-prd to see if S_USER_AGR is getting checked with 02 for removal through SU01.
  BR,
  Mangesh

• Revoke roles from users

  I want to revoke a number of roles from users. What I found is if one or more roles were not granted to the user before, then the whole 'revoke' statement will fail, i.e. the granted roles will not be revoked from the user. Is there a way to let the statement revoke the granted roles even though there may be some roles were not granted. For example;
  REVOKE role1,role2,role3 from user;
  I want to revoke role1 and role2 even though role3 were not granted to the user.

  Why don't you test this yourself?
  satyaki>
  satyaki>select * from v$Version;
  BANNER
  Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Prod
  PL/SQL Release 10.2.0.3.0 - Production
  CORE    10.2.0.3.0      Production
  TNS for 32-bit Windows: Version 10.2.0.3.0 - Production
  NLSRTL Version 10.2.0.3.0 - Production
  Elapsed: 00:00:00.98
  satyaki>
  satyaki>
  satyaki>
  satyaki>
  satyaki>create role r1;
  Role created.
  Elapsed: 00:00:01.80
  satyaki>
  satyaki>
  satyaki>GRANT select  ON emp   TO r1;
  Grant succeeded.
  Elapsed: 00:00:00.51
  satyaki>
  satyaki>
  satyaki>create role r2;
  Role created.
  Elapsed: 00:00:00.02
  satyaki>
  satyaki>grant update on emp to r2;
  Grant succeeded.
  Elapsed: 00:00:00.05
  satyaki>
  satyaki>
  satyaki>grant r1 to hr;
  Grant succeeded.
  Elapsed: 00:00:00.17
  satyaki>
  satyaki>grant r2 to titan;
  Grant succeeded.
  Elapsed: 00:00:00.07
  satyaki>
  satyaki>
  satyaki>revoke r2 from hr;
  revoke r2 from hr
  ERROR at line 1:
  ORA-01951: ROLE 'R2' not granted to 'HR'
  Elapsed: 00:00:00.12
  satyaki>
  satyaki>Regards.
  Satyaki De.

• Remove role from user

  HI how do i remove a role from a user when he id terminated or disabled.
  I am assigning a role in the following way during creation with the help of a rule
  <setvar name='newuser.waveset.roles'>
  <filterdup>
  <appendAll>
  <ref>accounts[Lighthouse].roles</ref>
  <s>General-Provision-Role</s>
  <rule name='Get Location Role'>
  <argument name='LocationCode' value='$(newuser.global.LocationCode)'/>
  </rule>
  </appendAll>
  </filterdup>
  </setvar>
  How do I remove this role when termination of user.

  We looking for a way to automate the removing of a user (US) or role (AG) from a position (S).
  There is a report called RHGRENZ2 which can be used to delimit specific OM infotypes (like IT1001- Relationships) specifying the end-date and Position ID (Object Type S and Object ID= Position) manually. In your case, I believe IT1001's Relationship A008 and B007 have to be delimited in order to remove a user (US) or role (AG) from a position (S) but this report cannot be run for specific relationship types of IT1001 (atleast I did never find an option to filter based on relationship types).
  You can try using report RHRHDL00 to delete IT1001 relationships from PP Database but you should consider the consequences of such deletions and restrict the selection based in infotypes and relationship types carefully.
  Alternatively, you can also build a LSMW script to automate the process of mass delimit/deletion of IT1001's relationship types using transaction PP02 (PP01 is not compatible to BDC/background processing)
  Thanks
  Sandipan

• How do you delete specific message from users in Exchange 2013 DAG database?

  Our network has been inundated with spam from INTUIT.COM with the SUBJECT: PAYMENT OVERDUE and contains a link to download a form from a Dropbox. Obviously, very suspicious and clearly spam. We're using Postini as our Edge Transport/ Spam filter but messages
  are still getting in. I've enable anti-spam on all my mailbox servers, set the SCL values but that hasn't worked.
  I understand that Exchange Edge Transport role has the more aggressive spam fighting features but Microsoft also recommends an online spam filter. 
  Needless to say, we've taken steps to quarantine those messages based on subject and sender in Postini but now would like to delete those messages from the users in went to. My users are two different DAG mailbox databases. I found this article http://www.techieshelp.com/delete-mail-from-multiple-mailboxes/ but
  the command didn't work. I'm thinking its because I have DAG and a couple of databases. I even tried "get-mailbox -database "databasename" | search-mailbox -searchquery subject: "Payment Overdue"" and that didn't work. 
  I'm running Exchange 2013 SP1 DAG across two sites comprised of four 2013 SP1 mailbox servers.

  Check this out
  http://technet.microsoft.com/en-us/library/ff459253%28v=exchg.150%29.aspx and specifically look at the section titled  "Search messages and log the search results"
  Or you can use this
  http://technet.microsoft.com/en-us/library/aa996371%28v=exchg.150%29.aspx with the WHATIF parameter
  Alternatively if you are open the 3rd party solutions check out Lucid8's DigiScope
  http://www.lucid8.com/product/digiscope.asp
  which would allow you to see the search results and then delete OR if desired you can set the On FIND action to Export to PST and then Delete so that you can preserve and then remove messages on the fly as the search system finds
  Search, Recover, & Extract Mailboxes, Folders, & Email Items from Offline Exchange Mailbox and Public Folder EDB's and Live Exchange Servers or Import/Migrate direct from Offline EDB to Any Production Exchange Server, even cross version i.e. 2003 -->
  2007 --> 2010 --> 2013 with Lucid8's
  DigiScope

• How to delete a role from other role.....

  Hi All,
  I have a query like....
  I have created one new role ATH:MDC:INV3 and added two existing roles to that new role on DEV system ie Added ATH:MDC:INV2 + ATH:PUR:PMG0
  So,now i need to remove only one role ie ATH:PUR:PMG0 from ATH:MDC:INV3.
  All the 3 roles are single roles.
  Is there any way to remove/delete that role or do we need to do manually by deleting one by one authorisation,which is time taking process....
  Please give me if there could be any better way to approach....
  Thanks & Regards,
  Swapna.D
  Edited by: swapna devi on Feb 1, 2008 3:53 AM

  Doug,
  You gave me an idea. What if you create a new folder on the desktop. Select the roll above #20, which you said will also select #20, and move that roll to the desktop folder? Will roll #20 move with the one above it? If so, then you could go back to iPhoto, drag them both to the trash, delete trash (will it delete with the roll above it?), Import to Library the pictures where you put them on the desktop.
  Caution, you would probably lose some of the info from the roll you delete and re-import, like their dates, etc. So I wonder... can you select, say, half the photos in that roll and Create New Roll? Will the remaining roll still be linked to #20? If so, can you do it again and again until the linked roll only contains 1 picture? Then move it to desktop, trash in iPhoto, and re-import?
  What happens if you play with it like that?

• Remove roles from users

  Hi All,
  I would like to ask what can I do if I would like to remove multiple roles from ALL users in the system?
  Normally, for a list of users , I use SU10 to do it.
  However, since there are 1 thousand something users in the system, is there a more efficient way to do it?
  Thanks for your help.
  Regards,
  Chris

  Thanks.
  I would say, in my case, it's the best to use PFCG sinceI only need to remove 3X something roles from them. (I don't know which users have those particular roles, the only thing I need to do is to make sure that the 3X roles have no corresponding users).
  Thanks again !
  Regards,
  Chris

• Fetch Admin Roles from User Object

  Hi,
  I have user object from which I need to fetch name of all Admin roles a user is having.
  I tried this method - getExpandedAdminGroupRefs() but its returning me null.
  getAttribute method works fine with <s>firstname</s>
  <invoke ='getExpandedAdminGroupRefs'>
  <ref>userObj</ref>
  </invoke> --> null
  Along with this I also need all IDM capabilities that user is having and managed organizations.
  Can anyone help.
  Thanks in Advance :)

  Hi
  Not sure exactly where you are doing this from but there are reports in SIM that give you this information without writing any code.
  Admin role report
  Administrators report.
  If this doesn't suit you you could look at the code that runs these reports and maybe anser your code question there.
  Cheers

• Mass load of Roles to User ids - ESS/MSS

  HI all,
  We are implementing ESS/MSS in NW04, EP6 SP13 and want to find out if there is a way to load the appropriate roles to user assignments automatically? We will have 5,000+ users.
  Regards, Neeta

  Neeta,
  http://help.sap.com/saphelp_nw04/helpdata/en/7d/49ae0771924cf4a1fc7e2af7b2e18c/frameset.htm
  You need to do this from UserAdministration->Export.You can choose the details of the users you need to export.
  The text file you are using incase of importing users should look like this (below).
  uid=username
  group=groupname(if needed)
  email_address=
  first_name=
  last_name=
  department=(if needed)
  provide values for all these fields. all of them need to be seperated by semi colon.Repeat this for the no. of users you require.Once this text file is ready you can import it from UserAdmin-Import users.
  here give the path to this text file using the browse tab and then import.
  Please don't forget to reward points.
  Regards,
  James

• Mass deletion of email from iPhone is possible with Yahoo

  I have been able to mass delete messages from my iPhone using Yahoo. I log on to the server and highlight messages in my Inbox that I want to delete and send them to the Trash folder. I then empty the Trash folder. I then log off the server. I then go to my Inbox on my iPhone, hit refresh, and once the connection is made, the email is deleted! This method of deletion only affects the messages stored in your Inbox. If you have any messages in your Trash folder on your iPhone it might be easier or quicker to move the messages back to your Inbox before deleting them. This does not work yet with Comcast.
  Message was edited by: eaflorida2

  This is the default behavior with an IMAP account. The same does not work with or applies to a POP account.
  The reason you are able to do this with the iPhone's Mail client is because you are accessing your Yahoo account as an IMAP account with Mail on your iPhone.
  Firmware update 2.0 nor any future iPhone updates will be able to provide this for a POP account - for any POP account. There is a different protocol involved with each account type which Apple, the iPhone or iPhone firmware updates have any control over nor can solve. There is nothing to solve here.

• Mass deletion of TCode from roles

  Hi
  I would like to remove a certain Tcode from a list of roles. I would not like to do this manually (PFCG'ing every role). Is there another way by which this requirement can be taken care of?
  Can a ABAP program be created for this (thru table AGR_TCODES)
  best regards
  Ravi

  Hi
  From what I understand Tcode removal is a manual process (at the most what one can do is to search through the binoculars in the Menu tab to see if the Tcode is present and then manually scroll down to identify the Tcode and then delete the same)
  How can a CATT script search for a Tcode to be removed?
  best regards
  Ravi

• Block deleting DMS Document from user that is not initiator

  Hi All
  Hello
  I Want to Block deleting DMS Document ((CV02N)
  form all users that are not the initiators of the Document or
  Bolcking for all user
  for that I created new user authrization for CV01N,CV02N
  without authorization for delete
  I created a DOC in SPS (production) No 3001591
  but I successed to delete the doc through cv02n
  in the buttom icon for delete original
  There is an option to block any user or specific form delete document ?
  If there is no option for that there is an user exit that I can used ?
  Thanks in advanse for your help

  Hello,
  it is possible to extract DMS's file to application server directory:
  FUNCTION Z_DMS_VIEW.
  ""Interfase local
  *"  IMPORTING
  *"     VALUE(DOC_NUMBER) LIKE  BAPI_DOC_DRAW2-DOCUMENTNUMBER OPTIONAL
  *"     VALUE(DOC_PART) LIKE  BAPI_DOC_DRAW2-DOCUMENTPART OPTIONAL
  *"     VALUE(DOC_TYPE) LIKE  BAPI_DOC_DRAW2-DOCUMENTTYPE OPTIONAL
  *"     VALUE(DOC_VERS) LIKE  BAPI_DOC_DRAW2-DOCUMENTVERSION OPTIONAL
  *"     VALUE(ORIGINAL_PATH) LIKE  BAPI_DOC_AUX-FILENAME OPTIONAL
  *"  EXPORTING
  *"     VALUE(P_RETURN) LIKE  BAPIRET2 STRUCTURE  BAPIRET2
  *"  TABLES
  *"      DOC_FILES STRUCTURE  BAPI_DOC_FILES2 OPTIONAL
    CLEAR:   doc_files.
    REFRESH: doc_files.
    DATA: i_doc_files like bapi_doc_files2.
  DATA: i  type i.
  i = 2.
  while i = 2.
     i = 2.
  endwhile.
    CALL FUNCTION 'BAPI_DOCUMENT_CHECKOUTVIEW2'
      EXPORTING
        DOCUMENTTYPE    = DOC_TYPE
        DOCUMENTNUMBER  = DOC_NUMBER
        DOCUMENTPART    = DOC_PART
        DOCUMENTVERSION = DOC_VERS
        DOCUMENTFILE    = i_doc_files
        GETSTRUCTURE    = '0'
        GETCOMPONENTS   = 'X'
        ORIGINALPATH    = ORIGINAL_PATH
        HOSTNAME        = ' '
        GETHEADER       = 'X'
        PF_HTTP_DEST    = 'SAPHTTPA'
        PF_FTP_DEST     = 'SAPFTPA'
      IMPORTING
        RETURN          = P_RETURN
      TABLES
        DOCUMENTFILES   = DOC_FILES.
  ENDFUNCTION.
  ORIGINAL_PATH must be a directory of application server.
  By background is not possible (I don't know how can we do that) download thsi file to PC.
  Then with the file in application server we can :
  - to map application server directory in a drive unit of Pc
  - to transfer with a ftp client from Pc
  - rfcexec
  But always the bapi can not download the file: it must be a process in Pc who transfer the file.

• Problem in Deleting frontendCa​llback from User folder

  Hi,
   I am customizing my own frontend callback seq and during application installation am copying that to user Frontendcallback folder (ie D:\Documents and Settings\All Users\Documents\National Instruments\TestStand 4.2.1\Components\Callbacks\FrontEnd) it overrided the default callback and worked fine.
  and during uninstallation am deleting the frontend callback from that location but after deletion of the files am getting "WINDOWS TRY TO CONFIGURE TESTSTAND" (refer attachment) on openig the TestStand after deletion of callbacks.this messages continues until i copy the deleted frontend call back in tht fuser older.
  Why this is happening? any help to get rid of this?
  Thanks
  Bharathi
  Solved!
  Go to Solution.
  Attachments:
  configurewindows.JPG ‏11 KB

  This is being caused due to the frontendcallbacks.seq file being missing.  The installer detects that a component is not properly installed (in this case the frontendcallbacks.seq file), and attempts to repair itself by running the installer again.
  However, the installer was not designed properly to account for your ability to change or even remove this file.  Issue #257564 has been created to fix this in a future version of TestStand.  However, until the installer is modified, the only way to prevent this from happening is to have a file with the name frontendcallbacks.seq in that location.  I would suggest on uninstall putting the default file back in place to avoid this issue.  I apologize for the inconvenience.
  -Allen P
  NI