What roles a user has used

At our company, people move around a lot.  Typically they get given additional roles, but old roles don't get removed.  I have been tasked to trim our users roles.  So my question is, "Is there any way to determine what roles have been needed by the user in say the last year?"  As an alternative, what is the best way to determine what TCodes they actually use?
Neal

As long as SU24 is well maintained, then removing roles can be easy as there are less "authorization surfers". Typically the "common role for all users" is the biggest problem.
But if you have relatively qualitative roles and Su24 well maintained, then a "coverage analyser" has worked very well for me (as Tobias indicated, you need to code it on your own or find partners who specialize in such concept conversions without disruptions.
Another cool trick is to license users via role classification and the user classification is inherited, and distribute the costs internally based on the assigned roles. As long as the roles can survive on their own (SU24!!), then you can assign system costs via role assignments and if role owners don't want the cost of the role which accesses their data assigned to the user, then they will contact you instead or you having to take best guesses.
However a "coverage analysis" will typically let you find the "movers and leavers" depending on how you build the roles.
Tapping into HR movements about users is also generally a good idea, depending on how qualitative the HR data is and whether all users are there (consultants? SYSTEM users? Test users? etc.. you might not want to automate this process, but good reporting is very useful....).
Cheers,
Julius

Similar Messages

  • What roles are required to use Guided Procedures?

    Hi ,
    What roles are required to use Guided Procedures?
    Thanks
    Srinivas.K

    Hi,
        Refer this block  https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/3603. [original link is broken] [original link is broken] [original link is broken]
        This blog is very useful to u and in this blog she is explained what roles to needed for Guided Procedure.The Composite Application Framework role is used for the Guided Procedure in the Portal.First create the user and then assign the CAF role for that user.This is way to obtain the Guided Procedure for that user.
    Thanks,
    satheshkumar.R

  • How can I tell if a user has used IMAP?

    How can I tell if a user has used IMAP?
    <P>
    Check their mailbox for a file called "__VALIDITY__" If they have this
    file in their mailbox, they've used IMAP.

    You may want to refer to the Java Security forum at http://forum.java.sun.com/forum.jspa?forumID=545 for information on Kerberos & JAAS.
    There is a also a post in this forum, outlining how to utilise Kerberos, JAAS with JNDI to access Active Directory. JNDI, Active Directory and Authentication (Part 1) (Kerberos)
    at http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
    Possibly the part you are looking for is the functionality included in the class that implements java.security.PrivilegedAction
    Good luck.

  • Reader SDK: any way to see what text the user has selected?

    I'm using the Adobe Reader SDK with C#, looking at the interapplication communication features.
    I can open a document in Reader and allow the user to user the reader tools like select text, etc.
    Here's the problem: I want to have my application know what text the user currently has selected.  And I'd like it to know the name of the field that the user has selected, not just the text of the field.
    Microsoft Office's Interop has something like this:
    currentDocument.GetSelectedText();
    Is there any way to do this with IAC or the javascript or plug-in features of the Reader SDK?
    If not, can it be done with the Acrobat API?  I've looked through both sets of documentation, and haven't found what i needed.
    Thanks for any help!

    To write a plug-in for the Adobe Reader you need to go through 2 separate steps.
    Step one - Download the Adobe Acrobat SDK (from here http://www.adobe.com/devnet/acrobat)
    and build your plug-in against the Acrobat product, following the documentation to make sure you only use API's that are available in the Reader program. The documentation tells you what version of the Adobe ACrobat or Reader program is needed for the function and whether the function can be called in Reader.
    Step two - Apply for a Reader certificate to allow your plug-in to be loaded by the Reader, the link is on the same web page as the above link. This step can be initiated before you have created your plug-in, and I would recommend that you do start this process before you develop your plug-in as Adobe can refuse to give you the certificate in which case all your development would be wasted.
    Only once you have permission form Adobe can you make your plug-in work with the reader application.
    Once you have done both these steps there are plenty of people on this forum that can help you with specific problems you may encounter.
    If you are not sure you have the knowledge to build the plug-in, there are plenty of people that you can hire to create the solution for you.
    HTH
    Malcolm

  • Report for what transactions a per has used

    Hi Experts
    Is there any way to write our own report to show the trasnsaction code a person has used between dates or year so that we want to trace what transaction code are mostly used by the users .
    There are hundereds of transaction which will has to refered to give access
    Regards
    Piroz

    Hi gautham chakrav...
    Thanks, I know this transaction but it will not show the between dates , we can run start date and time only
    but I want monthly or weekly transaction run by the users. There is an option go to ST03 .
    I want to know which tables they are storing to write the report
    Regards
    Piroz

  • Report for what transactions a person has used

    Hi Experts
    Is there any way to write our own report to show the trasnsaction code a person has used between dates or year so that we want to trace what transaction code are mostly used by the users .
    There are hundereds of transaction which will has to refered to give access
    Regards
    Piroz

    Hi Peter
    Where is the date range i can see only
    Start date                  read time
    start time
    User
    Transaction
    program
    task type
    now tell me where is the date range is there any setup I have to do to see the date range peter

  • Can i see what questions a user has answered incorrectly??

    Hi
    We have various Captivate training modules that are placed on a GeoLearning LMS.
    All the modules have 5 Questions at the end. The quiz preferances are set up in such away that the user is required to get 100% to pass and is allowed to retake the quiz one more time if they fail first time round.
    My issue is that some of our users in Malaysia are failing the course even after the second attempt.... yes its fine and simpl enough to re-asign them the course but ideally i would like to see what question they are failing on.... if there is a trend then maybe there is a gap in the actual training material.
    Is it possible for me to review the quid the user has taken and understand where thay are answering incorrectly?
    Any help appreciated
    Darren

    All
    i have been using this Wodget now and the data is appearing on the adobe dashboard .. Brilliant
    1 question... if i have a course set so the user can retake the quiz another time if they get it wrong will there quiz results be sent to the dashboard twice, or will only the second attempt be logged?
    For example i have a module with 5 questions and a pass rate of 100%
    If the user gets 2 questions wrong they then have the option to retake... hopefully then getting them all correct... if not they then Fail the course and need to be re assigned it.
    If they pass on the second attempt will the dashboard show that the 5 questions have been taken twice and 2 were answered incorrectly the forst time... or will just the second attempt here they got them all correct be logged?
    Thanks

  • How to find which users has used external scripting

    I want to find out the users who used the scripting for doing any mass changes activity.

    Hi Murphy;
    Please check which user has which forms open? and Re: how to determine which forms are currently open?
    Hope it helps you in your issue
    Regard
    Helios

  • Windows Internal Database on Windows Server 2012 - How can I find out what role or feature is using it?

    We have setup many roles and features and apparently one of them is using the Windows Internal Database (WID). We have had some events logged for WID and need to troubleshoot them. But we are not sure which role/feature is using it. How can I find
    this out?

    Hi,
    Several components of Windows Server 2008 and 2012 use Windows Internal Database for their data storage: Active Directory Rights Management Services, Windows System Resource Manager, UDDI Services, Active Directory Federation Services 2.0, IPAM and Windows
    SharePoint Services.
    Which role did you setup or what is the error message did you received?
    Regards.
    Vivian Wang

  • How to Set-CasMailbox -ActiveSyncAllowedDeviceIDs (To Allow for all user devices, where I don't know what devices the user has)

    I need to change this for all of our users and have created this script so far.  Does anyone know how to Allow for all devices?  
    $mailboxes = Get-casMailbox -Filter {hasactivesyncdevicepartnership -eq $true -and -not displayname -like "CAS_{*"} | Get-Mailbox 
    foreach ($mailbox in $mailboxes)
        #write-output $mailbox.UserPrincipalName
        $devices = Get-MobileDevice -Mailbox $mailbox.UserPrincipalName
        foreach ($device in $devices){
            #write-output $device.deviceid
              Set-CASMailbox -identity $mailbox.UserPrincipalName -ActiveSyncAllowedDeviceIDs @{Add=$device}
              write-output $mailbox.UserPrincipalName
              write-output $device.deviceid

    For Exchange issues post in Exchange.  You should also just try searching.
    http://social.technet.microsoft.com/Forums/exchange/en-US/1ddc526d-f147-444c-a7bb-39d14415f9bc/clear-activesyncalloweddeviceids
    This was first on list.
    ¯\_(ツ)_/¯

  • How can i find out what cursor the user has selected on an xy graph?

    I have an XY graph in which while the program runs it will be creating cursors in certain locations on the plot. I want to give information about this cursor when selected upon, I THOUGT that active cursor does this.. but appreently not.. it seems to jsut keep spitting out 0, any ideas?

    > I have an XY graph in which while the program runs it will be creating
    > cursors in certain locations on the plot. I want to give information
    > about this cursor when selected upon, I THOUGT that active cursor does
    > this.. but appreently not.. it seems to jsut keep spitting out 0, any
    > ideas?
    You might look at the Selected Cursors property. It indicates which
    cursors will be acted upon by the movement palette. It should be
    equivalent to the small LED buttons on the cursor palette.
    Greg McKaskle

  • How to determine ADF roles a user is in - before fully authenticated

    [JDev/ADF v11.1.1.5.0]
    I am trying to intercept a user's login to our ADF application (to log it to a database). I have written a custom login page and backing bean to handle the login using:
    mySubject = login(this._username, this._password);
    HttpServletRequest request = (HttpServletRequest)ctx.getExternalContext().getRequest();
    ServletAuthentication.runAs(mySubject, request);
    ServletAuthentication.generateNewSessionID(request);
    // determine what ADF 'Application Roles' the user has
    // log to database here
    // ... [code removed] ...
    HttpServletResponse response = (HttpServletResponse)ctx.getExternalContext().getResponse();
    RequestDispatcher dispatcher = request.getRequestDispatcher("/adfAuthentication");
    dispatcher.forward(request, response);
    What I need to do, however, is determine what roles a user has in the app, at the "???" point in the above code. If I interrogate the 'mySubject' object, it lists the groups from our authentication source that the user is a member of. In ADF Security, I've mapped these "Enterprise Roles" to "Application Roles", and need to get access to the Application Roles before redirecting them to the adfAuthentication servlet.
    I've tried using ADFContext.getCurrent().getSecurityContext().getUserRoles() where the '// ???' is, but it returns the 'anonymous' user (and associated roles). It appears that even though I've switched to runAs the authenticated user (via ServletAuthentication.runAs), ADF still thinks I'm running as the initial (anonymous) user.
    Is there a way to tell ADF to 'refresh' who it thinks I am now, so it will see me as the (now-authenticated) user, with their roles, etc.? Or, is there some other way to determine what (Application) roles a user has given their username?
    Thanks!
    Edited by: Karl C on Nov 27, 2012 12:28 PM

    Just checked code.
    Sorry, in our code we test enterprise roles(and not application roles) because we are using ReadOnlySqlAuthenticator to retrieve db users/roles.
    Set<Principal> allPrincipals = mySubject.getPrincipals();
    for (Principal principal : allPrincipals) {
          if(principal instanceof WLSGroupImpl ) {
               roles.add(principal.getName());
    }Dario

  • What Roles should the gwconnector user have in CRM

    Hi Guys,
    I have setup GWConnector etc and have assigned GWConnector user with full admin rights on the CRM system.
    I cannot find any document that tells me what roles this user must have etc?
    Could one of you guys either tell me what they should be - or point me to the right documentation as itu2019s not in the groupware setup guide only the AD stuff?
    Thanks

    Honeslty, that is up to you.  I have customers that start off WLC and AP all in the same subnet, but it is not necessary.  I also have customers that put the WLC mgmt in the 'server' VLAN, and the AP in their own.
    IMHO, I like the WLC to be in 'server' or 'secured' VLAN, then I put the AP in their own VLAN that is locked down to only getting DHCP and talking to the WLC.  that way if someone unplugs an AP and connects something they can't get anywhere.
    HTH,
    Steve
    Please remember to rate useful posts, and mark questions as answered

  • Detecting what flash player a user has

    Is there some code that will detect what player a user has
    and prompt them to install player 8?
    I was told something about that player 8 automatically does
    this but have yet to see it happen when I test on a computer with
    player 7. Not a think pops up telling me to download the new player
    it just seems like my movie is broke.

    Here is some javascript code that may help you

  • How to check which privileges user is using

    Hello All,
    I have a user assigned DBA role in mistake many years back.
    During our security overview I is flagged and now I need to revoke the DBA role from that user.At the moment it look like as follows and I am on 10204 database
    Privilege
    Category Granted Privilege
    Role Privs CONNECT
    DBA
    OEM_MONITOR
    RESOURCE
    Sys Privs ALTER ANY MATERIALIZED VIEW
    ANALYZE ANY
    CREATE ANY MATERIALIZED VIEW
    CREATE PROCEDURE
    CREATE ROLE
         CREATE SEQUENCE
    CREATE SESSION
    CREATE TABLE
    CREATE VIEW
    DROP ANY MATERIALIZED VIEW
    GLOBAL QUERY REWRITE
    UNLIMITED TABLESPACE
    Now I need to find what all privileges out of approx 158 in the DBA role this user is using so that I can revoke the DBA role and assign that sys privielege exclusively and later on trim down a bit on those as well if possible?
    Can someone help me in finding or is there a way possible to find out which privileges are actually being used by the user assigned to him via DBA role?
    I can find something on net on those lines, any help or useful pointers would be highly appreciated.
    Many Thanks,
    Rishi

    Hello All,
    Right I think auditing the DBA role could save my day.I have enable the auditing on the DB for dba role as shown below:
    audit_file_dest string /oraadmin/tgtx/10/adump
    audit_sys_operations boolean FALSE
    audit_syslog_level string
    audit_trail string DB, EXTENDED
    Exact version of the database is:
    Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Prod
    PL/SQL Release 10.2.0.4.0 - Production
    CORE 10.2.0.4.0 Production
    TNS for Linux: Version 10.2.0.4.0 - Production
    NLSRTL Version 10.2.0.4.0 - Production
    I have enable the audit dba role for user exeter as shown:
    SYS@TGTX> AUDIT DBA by exeter WHENEVER SUCCESSFUL;
    Audit succeeded.
    Now I expect to audit all the sys privs assigned to dba role but alas its not working as expected if anyone can shed any light ON it, what I am trying to do is as follows:
    I am trying to use the sys priv that is create any table as user exeter who is assigned dba role as follows:
    SYS@TGTX> select * from dba_role_privs where grantee='EXETER';
    GRANTEE GRANTED_ROLE ADM DEF
    EXETER DBA NO YES
    EXETER CONNECT NO YES
    EXETER RESOURCE NO YES
    EXETER OEM_MONITOR NO YES
    EXETER@TGTX> create table dbaschema.test2 (srno number(10));
    Table created.
    Now I expect to see some records in dba_audit_trail as a result of above commands but there is none, am I doing anything wrong here?
    SELECT * FROM dba_audit_trail
    WHERE USERNAME = 'EXETER'
    ORDER BY timestamp;
    No rows returned but I shall have expected atleast one row to be returned here after enabling the audit on DBA role by exeter.
    Any Ideas?
    Thanks
    Rish

Maybe you are looking for

  • Create empty document

    Hi, I try to create empty pdf document using C# from standalone app. Here is my code. CAcroApp acroApp = new AcroAppClass(); acroApp.Show(); AcroPDDoc pdDoc = new AcroPDDocClass(); Object jsObj = pdDoc.GetJSObject();     //  jsObj = null in this Type

  • FireFox current tab loses scrolling when a .PDF file is opened in a new tab through a hyperlink

    Hey, This is Praveen! I have a problem in FF 4.0 and even in the previous versions wherein when I open an .PDF file (in a new tab) from a link, the current tab loses scrolling until I switch over to the newly opened tab. Kindly address this issue. Th

  • Help in moving a Premier CS4 project from one coputer to another

    As the subject line says: I have upgraded my editing computer to a 12 G, i7 system and I would like to move an existing project on my older Duo Core 2 system to the i7 system. Both are on my network and I have already copied the media files over. I w

  • SD file "becoming" anamorphic widescreen...?

    I work at a university and we currently shoot performances in SD and capture to an older G4 with FCP 4.5 (multi-cam through a Grass Valley switcher, converted to firewire for capture through a JVC miniDV deck, if any of that matters). Anyway, I'm usi

  • HT4106 Device takes to much energy..." ?

    When I try to connect my camera directly to my iPad with Retina, I get a message along the lines that the device being connected is taking too much energy and cannot be connected. How can I connect my camera to my iPad? SD Card works fine, but there