A.01 - Unlocked Terminated Users
This workflow identifies terminated employees who still have an active SAP security account. It uses two RFC Destinations:
-
RFC1 connects to an HR system and removes Active employees from the Inactive list. Active Employees are determined based on a dynamic date where the STAT2 column in table PA0000 has the value 3. Inactive employees have a STAT2 value not equal to 3 in the PA0000 table.
-
RFC2 connects to the Security system to identify unlocked user accounts (where the UFLAG column in the USR02 table has the value 0).
The results are stored in the Unlocked Terminated Users Table dataset, which has the following columns:
| Column | Description |
|---|---|
| PERNR | Employee number. |
| USERID | The employee’s User ID. |
| FIRST_NAME | The employee’s first name. |
| LAST_NAME | The employee’s last name. |
| USER_VALID_UNTIL | The date when the user account expires. |
| USER_GROUP | The user’s group. |
| USER_CREATED_ON | The date when the user account was created. |
| PERNR_START_DATE | Employee number start date. |
| USER_LAST_LOGON | Date of last logon for this account. |
| USER_LOCK_STATUS | Indicates whether the account is unlocked (0) or locked (other values). |
Creating RFC Destinations
Before you begin, you will need to create an RFC Destination for the SAP systems you wish to analyze.
Preparing the Workflow
To prepare the A.01 - Unlocked Terminated Users workflow, drag its workflow template from the Templates folder into your own workspace, and modify the workflow as follows:
To specify the systems to analyze:
-
Select the RFC 1 parameter and choose ‘Edit RFC Destination’ from its context menu to display the RFC Destination dialog.
-
Select the RFC Destination for the system to analyze, then click ‘Save’.
Repeat the above steps to link the RFC 2 parameter to the RFC Destination for your HR system, and the Security System parameter to the RFC Destination for your Security system. Save the workflow using the ‘Save’ toolbar button.
Running the Workflow
To run the A.01 - Unlocked Terminated Users workflow, click the ‘Run’ toolbar button, choose ‘Run Now’ from the diagram’s context menu, or press F5. The currently running workflow action is marked with an animated display. When the workflow execution has completed, select the Unlocked Users with Terminated PERNR Records dataset and choose ‘View Details’ from the context menu to display the result table.