Question:
Our SAP Security team use two different ways to lock users:
- manually locking the user
- end-dating the user so it 'automatically locks' (useful for temporary staff)
Apart from messing up some of my enquiries (by showing users who are end-dated even after excluding locked users) is it fair to say that both ways of locking are equally sound?
Answer:
Both are equally sound as is deleting the ID
Answer:
In addition to the logon validity and lock status, one can use the validity date on the role assignment as an additional control if you need to keep the ID for record purposes or reactivation next year...
I think that in higher releases it will clear the buffers aswell.
Ned
Answer:
As ever, many thanks guys