RSUSR_USERS_DESTRUCTION: Complete Deletion of the User Master Data

Posted by — April 4, 2022 in SAP PROGRAM Leave a reply

If you have enabled the locking and deletion of user master records, the address data from the user master records is saved in the blocking area when the users are deleted. You can display the locked users with the application Deleted Users – Lock Entries (transaction SU06).

You now use a variant of this program to completely delete the user master records (the lock entries that is).

In the variant you can define the following:

  • Default selection for user and user group.
  • Option: Recheck end of retention period.
    • The user master records cannot be completely deleted until the retention period defined in SAP ILM has expired. This date is calculated once for each user during the first destruction run and then saved to the buffer (End of Retention column in transaction SU06). Until the retention period expires, the user is ignored during subsequent destruction runs. If you change the retention period in SAP ILM, you can force a recalculation of the buffered date.
  • Veto checks on remaining user references.
    • Once the retention period has expired, complete deletion of the user master records can only be prevented by veto checks. The veto checks run in sequence in accordance with the prioritization of their categories, and the result of the checks is saved to the buffer. If a veto check prevents the deletion, the data destruction run is stopped. No more veto checks are performed. If no veto checks prevent the deletion, the user is completely deleted.
    • For repetitions of veto checks during the data destruction run, the following possibilities apply:
      • Start from Last Veto
        • A new data destruction run starts with the last veto check that prevented the deletion.
      • Start from Last Veto Except for Categories to…
        • A new data destruction run starts with the last veto check that prevented the deletion. An exception applies if the veto check belongs to the category specified or one with a higher priority than the one specified.
        • If a veto check with category Configuration has prevented deletion for example, the user cannot be deleted until all system configurations made by the user have been deleted. It might be a good idea to check complete deletion of these users less frequently.
      • Repeat Previous Veto Checks
        • The buffered results of the previous veto checks for each user are deleted. The veto checks are repeated from the beginning.
      • Execution of All Veto Checks
        • With this option, ever veto check is executed, regardless of whether or not it prevented the deletion. This allows you to find out which veto checks prevent deletion.
  • Flow Control
    • When the retention period expires, the veto checks are executed and their results saved to the buffer, both in test mode and production mode. Complete deletion only takes place in production mode however, provided it has not been prevented by a veto check.
  • Type of logging for this run.

Use the Data Destruction application (transaction ILM_DESTRUCTION) to plan and execute deletion jobs. Use the Data from the Database option to set up data destruction for the ILM object IDENTITY. In the action Destroy, select a variant of report RSUSR_USERS_DESTRUCTION to schedule the data destruction report.

Requirements

You have activated the lock and deletion function in the system settings and configured the retention policy for user data.

You May Also Like

RSAU_TRANSFER: File-Based Transports of SAL Configuration

REGENERATE_SAP_APP: Create Full Authorizations for Applications

RS_ICF_SERV_MASS_PROCESSING: Mass processing of ICF services

How to Export All Active and Inactive SICF Services in SAP

Leave a Reply?