Mass Removal of Roles through SU10

Similar Messages

• Mass selection of roles in SU10

  Hi
  I have to remove lot of roles from 2000 users which have more than 20 roles in SU10.
  I am doing part by part by pasting 20 roles in SU10.
  Is there a way to select mass roles in su10 like the user selection.
  Thanks
  Baskar R

  > I have to enter every 20 roles in su10 roles tab. Instead of that,
  >
  > i want to paste entire 500 roles in one short in su10 roles tab.
  You want to assign 500 roles to each user!!!!!!! Did you think about the maximum number of profile assignment limit for each user id? If not, then i would like to request you to check the following SAP Notes:
  [Note 841612 - Maximum number of profiles per user|https://service.sap.com/sap/support/notes/841612]
  [Note 410993 - Maximum number for profiles and authorizations|https://service.sap.com/sap/support/notes/410993]
  [Note 511200 - PFCG/PFUD/SU01/SU10: Role assignment and profile comparison|https://service.sap.com/sap/support/notes/511200]
  Also, if you need to assign so many roles to each user id then it is missing the important topic SOD. Also the design is itself Incorrect.
  Regards,
  Dipanjan
  Edited by: Dipanjan Sanpui on Oct 22, 2009 3:21 PM

• Mass deletion of roles from users

  I want to delete all roles from locked users. Is there a specific transaction for this instead of SU10? In SU10 one has to enter the roles to remove.

  We developed our own application which locks users after a while, then removes their role assignments after a while, and then lists roles which no longer have any assignments or no one is using anything which the role authorizes.
  This way you can optimize / automate periodic controls.
  There is no standard monitoring cockpit for this, but you can use declaritive system params to destroy password based authentication.
  The real trick with periodic controls is to target the sample before you unassign and destroy roles, but the ability to do that depends on how you buikd the roles.
  Disclaimer: If you use composite roles then you have no chance. You are doomed.. ;-)
  Cheers,
  Julius

• Changes like password and removal of roles for all users

  Hi
  i want to change password for all users and remove single roles from all users.When i am doing this in SU10 changes are not reflecting for users.Please help reg this
  Vinod

  Me too...I have never been able to remove roles from multiple users with SU10.  I don't know if it's a bug or (more likely) just a confusing screen, but in 4.7 it never worked for me.

• Restricting an administrator to only adding or removing Business Roles

  Hi:
  Is there an out of the box rule or form in IDM that can restrict an administrator to only adding or removing business roles from accounts?
  Thanks.

  Hi Dwayne,
  This BU ruling is somewhat of a newer function with OIA. For mass alteration, the old-school way would be to execute a SQL script directly towards the DB.
  Simply change the last line on what correlation you wish (in this situation, it's looking at the BU Name and the GU office name)
  delete from BU_GLOBALUSERS where businessunitkey > 0;
  insert into BU_GLOBALUSERS(BusinessUnitKey,GlobalUserKey)
  select BU.BusinessUnitKey, GU.GlobalUserKey from BUSINESSUNITS BU, GLOBALUSERS GU
  where BU.BusinessUnitName = GU.officename;
  Regards,
  Daniel Redfern
  Technicalconfessions.com

• VIRSA mass creation of roles

  Hi All:
          Can anyone tell me how to perform mass creation of roles using VIRSA role expert,also if you could point me to some documentation it will be very helpful.
          Thanks,
            J D

  Hi Olivier,
  I am afraid, my help is limited to this forum.
  However, I can help you with some ABAP logic :
  Table AGR_1252 is used to store the ORG values of derived roles.
  You can start working with an ABAP'er to get his coding magic started. Though I am not familiar with ABAP, I believe our ABAP'er debugged PFCG and  knew what needed to be done. I have no clue what he did
  the logic:
  Start of Selection
  Load information into internal tables for use in creating report
  Upload the Organsational Changes Spreadsheet
  Ensure Roles exist and there are no duplicates
  Ensure Organistional levels exist and there are no duplicates
  *Checks if the file exists
  Role must exist
  Ignore duplicate roles
  Authority Check Role for user
  IMP Logic checks-
  For Add High range of Role must be greater than low range
  *...if adding specific ranges - remove existing * or space entry if it
    exists
  *...if adding * access remove other accesses if they exist
  *Process All Org Levels for each role
  ...submit report to generate profiles
  You can start working with your ABAP'er with this logic.
  *Disclaimer* - this may need enhancements to meet your requirements. Also, I have just put the logic what I could remember at the top of my head. I may have missed something.
  Hope it helps
  Abhishek

• Issue while Removing a role

  Hi,
  Here is my scenario.
  User 'test1' is created by assigning a role (say A). Role A has AD and database table resource assigned, so there are 2 resources assigned to the user i.e. AD and a database table resource. (This is the exisitng process, I cannot change this process at all).
  Now while removing the role, my requirement is to delete only AD resource account and it should not try to delete the database table resource account. Is there a way to do this?
  Please share your ideas.
  Thanks in advance.

  Do you only want to keep the ressource account or also keep the link? If you want to keep the link, do what the previous poster suggested. If you only want to prevent the deletion of the database row, you can configure this in the database table resource adapter by deactivating the capability to delete accounts.

• How to mass cancel the requisitions through program

  How to mass cancel the requisitions through program

  Check this...you should get good idea
  http://docs.oracle.com/cd/E18727_01/doc.121/e13410/T446883T443951.htm#4021290
  Mahendra

• Mass  Generation Of  Roles

  Hi
  Which option does user have to choose from the list to output the mass generation of roles at PFCG?
  Nag.

  Hi ,
  unfortunately there is no way in standard to bypass the manual work.
  IF SU24-values have been changed for a t-code, all roles that contain that t-code, have to be adapted manually and afterwards regenerated.
  The profile gets the status ' To adjust' until you have maintained the authorizations once and saved. Until then no mass generation (SUPC) will be able to regenerate thos profiles.
  Please consider enough time to adapt your roles during your test upgrade. A good idea is to adapt all roles to the new authorizations in a test environement and save them afterwards in a transport. AFter you have performed the upgrade in your productive environement, you can import then this transport and you don't have to perform this time consuming  'adaption-work' again in your p-environement....
  b.rgds, Bernhard

• Assign biz role through CRM -SU01 and display page at portal

  HI, SDN Fellows.
  I am creating some custom portal roles at portal and mapped it to the custom business roles for some PCUI screens at crmc_blueprint_c --> "Assign Portal Role to Single Role" ("Assignment of CRM Role to Portal Role").
  Currently, our portal UME data source is mapped to CRM system.
  Right now, I have to assign both the CRM Role through SU01(to have access the CRM Object Method at CRM-PCUI application) and Portal Role through User Admin of WAS/portal (to access/display the PCUI iView in the portal).
  My goal is to just assign role through CRM-SU01 and achieve the same output as I described above. Meaning can I just do the role assignment for the CRM role (through SU01) and able to access to the CRM-PCUI application through portal (able to see the pcui screen)?
  Thanks,
  Kent

  What I want is when I assign a role (Sales Manager) said user A in CRM system, userA should able to see the related workset/page/iviews in the portal (without the need to assign the same: Sales Manager role in portal).
  Now, what I have to do is assign the related objects into a single/composite roles in CRM (for backend data access), then I have to assign a portal role (through User Admin of Portal, so that they can see the portal content),
  is that a way we can do it in one step?
  Thanks,
  Kent

• Removing/updating data through CAF entity service

  Does anyone know a way to remove/update data through a CAF entity service from a web dynpro which uses the webdynpro model of the CAF project ?

  Hi Nicolaij,
  This example describes how UPDATE and DELETE works under SP8.
  Hopefully it helps.
  Regards
  Kamil
  UPDATE of entity called "Bank"
  =======================
  ABank recordBank;
  recordBank = BankServiceProxy.read(“000000024”);
  recordBank.setCountryId(„Germany“);
  IAspect aspectList = recordBank.getAspect();
  aspectList.sendChanges();
  DELETE from entity called "TransferID"
  ============================
  ATransferID recordTransferID;
  recordTransferID = TransferIDServiceProxy.read(„123115651“);
  IAspect aspectList = recordTransferID.getAspect();
  IAspectRow aspectRow = aspectList.getAspectRow(0);
  aspectList.removeAspectRow(aspectRow);
  aspectList.sendChanges();

• I tried to remove a role from one of my 2012R2 DC's

  I tried to remove a role from one of my 2012R2 DC's and now I basically can't do anything to that DC.  Attempting pretty much anything on it tells me that it can't do it because it needs a reboot, and a reboot fixes nothing.  The role I wanted
  to delete is removed (print services), but I can't re-add it, or change any other role or feature.  There is a 'pending.xml' file, and it is rather large.  I can't delete, or rename the 'pending.xml' file, as it is owned by 'TrustedInstaller'.  This
  is the FSMO DC and there are some other services on it that I would rather not have to re-install and reconfigure. I've looked for other things that could prohibit installs and more, but there are no 'Pending Renames' in the registry.
  At least getting server manager to stop complaining would be a good start.
  Thanks in advance for any assistance.

  Hi Mike,
  Just addition, please run
  sfc /scannow command to scan all protected system files and use
  Chkdsk command to check the status of the disk in the current drive. any find?
  à
  The role I wanted to delete is removed (print services), but I can't re-add it, or change any other role or feature.
  Just a confirmation, did you mean that had un-install
  print services successfully? No error occurred? Please check relevant log file (such as event log file and so on) if find some errors. In addition, I noticed that you attempt to re-install the role. Did you get any error message when failed to re-install?
  Did you use Install-WindowsFeature PowerShell command to install? Any difference?
  If any update, please feel free to let us know.
  Hope this helps.
  Best regards,
  Justin Gu

• How to copy and remove admin Role from SAP_ALL profile

  Hi SDN Experts,
  I need to copy SAP_ALL profile to another in CRM 5.0 system, thereafter i need to remove admin Role from SAP_ALL profile. Can any help regarding this point..
  regds
  gcp

  Chandra,
  I saw ur post in this forum regarding configuring sap intergration with genesys gplus adapter. We are in need of the same configuration. Can you please help me in configuring sap phone for gplus adapter. Reply me on [email protected]
  Thanks in Advance

• Removing UM role servers that don't exist anymore?

  Have come into a situation where I have a Exchange 2010 SP3 install with 2 node DAG and the management console references two UM role installed servers that technically no longer exists. I am planning on doing a migration to 2013 and just know I will run
  into some issue with these lagging references to these machines. Can someone direct me on how to remove these roles from my Exchange 2010 organization? Again, the servers that the roles were installed on are gone and of course, UM is not being used at all,
  so no worries there.
  Thanks.

  Do the servers still exist in AD and part of the configuration container under the Exchange org?
  If so, the supported way to do this is to run setup with the recoverserver option and install Exchange again on a server. It could be any crummy server or virtual guest.
  Once installed, run setup and gracefully remove the server with Add/Remove Programs.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• PFUD - profiles are removed, but role is in

  Hello,
  I am testing background job based on report RHAUTUPD_NEW.  I assign role to a user via SU01 and time-limit it.  When limit expires I check user's record via SU01.  I see that the profile is being removed from the user's record, but role's assignment still shows in the user's record.  Is this a correct behavior?  Is there a way to remove role from the user's master record as well?
  Thanks
  Galina

  That is indeed interesting question.
  If might make sense to agree on an approach with them.
  If your provisioning of access support model and infrastructure supports it, then removing the role is a better option in my opinion. SAP seems to be going that way as well, since IdM also without deleting the user ID which is usefull.
  It helps a lot if you do not have too many (sets of) roles and the tools interogate their validity.
  It is without a doubt a very usefull control to set the date of expiry when assigning the access. At that point in time you know most about the user and their request for access!
  Cheers,
  Julius
  Edited by: Julius Bussche on Mar 30, 2010 12:14 AM