Delete user profiles

[m_powell]

Hi everyone

Looking at a bit of housekeeping and would like to know if anyone has any gotchas when it comes to deleting user profiles out of Enterprise One and any tips you may have.

Thanks in advance.

Malcolm
XE SP22_Q1

 

[Soul Glo]

For us for financial/legal reasons we do not delete any user ID from the system. We have created a group called disabled that does not have any Env. access and is 100% locked out and move all terminated employees or expired ID to that group.

 

[G Jackson]

The steps we use...
1) Delete any user overrides
2) Delete user (database) security
3) Delete security workbench records for the user
4) Delete roles that have been assigned (ie. we use Solution Explorer)
5) Delete main user profile record last

The gotchas for this approach...
1) Ensure you copy any overrides or security workbench records etc to another group or user/s if required before deletion. For overrides, we have set up the important ones on a group basis, so deleting individual user overrides is not an issue, as the group override will kick in.
2) Be careful what you delete! Don't touch unless you have an "undo" process in place.

For audit purposes, we keep a record of any changes made, but this is not an automated process unfortunately.

Hope this helps.

 

[jean_driscoll]

what are the legal/financial reasons for not deleting user profiles? unused user profiles, even disabled, are a security risk, if your ask me.

 

[Soul Glo]

Well it has not been an issue for us...the user ID has no env. access. the disabled group has not env. access, the ID has no menu and the group has *PULLIC No for everything....SOX has not issues with it and for audit purposes we can track that ID all throughout the system.

This may not work for all, but it has worked for us without any issues. In the event the employee comes back we don't have to re-create a profile simply re-enable their ID re-assign their role and maintain the same Address book number and we are all set and the trail audit continues.

We use JDE mainly fro financial so we do have to maintain tight audit trails as to what is done where and when for at least 7 years.

 

[Robert Robinson]

Agreed.

I'm more of a "Disable" fan than a "Delete" fan...if you are diligent with your disabling policy and keep good records, any auditor will be happy.

 

[SULLY1]

Malcolm

We delete the user profile but keep the address book record and make it a search type 'EX', for ex-employee. I keep the security workbench records for a month or so. I get many request to make the access for the replacement employee the same as the ex-employee.

Patty

 

[jean_driscoll]

Thanks, so what does keeping the disable profiles on the system give you?

 

[Soul Glo]

How about Control and an overall audit trail. If maintained properly it is easy and doe not affect anything. Now if you are a private company that does not have to deal with SOX and such then go ahead and delete them.

 

[gregglarkin]

Robert

We have had a "Disable" user policy for years. We have a security group named "Terminated" which has no access. When we receive a notice of termination from HR, we move the user id into the "terminated" group and then document that change in our change control database. Up until this year that has satisfied our SOX auditors. Now they are starting to give us grief about retaining unused accounts, even though they have no security access. We may be amending our policy. First we'll move them into terminated, and then after 12 to 18 months, delete the account. That change is still under review.

Gregg Larkin
JDE System Administrator (CNC) / North America
Praxair, Inc.

 

[jean_driscoll]

I'm sorry, I must be missing something. What information in the profile is used for audit? Maybe the user id to Address Book number?

I do work for a private company so we aren't having to go through this. I'm just curious.

 

[DSauve]

If you delete the user profile record, then the P98OWSEC form C will not display any security history for the deleted user profile. The business view used in this app joins in the user profile table.

 

[m_powell]

Hi all

Thanks very much for all your suggestions and advice.

Regards

Malcolm