Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Aged User Accounts

    Enviado por

    Lokesh Surana
    7 visualizações2 páginas
    This document discusses aging inactive application user accounts by generating reports of accounts that have never connected or have not connected in over 120 days. The first step is to count these inactive accounts, and the second step is to produce a list with details of the inactive accounts to send to HR or others for review and potential closure of unused accounts. Not all aged accounts need to be closed, as some must exist but are rarely used. Running the report monthly helps manage security of the application.

    Descrição original:

    Direitos autorais

    © Attribution Non-Commercial (BY-NC)

    Formatos disponíveis

    DOCX, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    This document discusses aging inactive application user accounts by generating reports of accounts that have never connected or have not connected in over 120 days. The first step is to count these inactive accounts, and the second step is to produce a list with details of the inactive accounts to send to HR or others for review and potential closure of unused accounts. Not all aged accounts need to be closed, as some must exist but are rarely used. Running the report monthly helps manage security of the application.

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato DOCX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    7 visualizações2 páginas

    Aged User Accounts

    Enviado por

    Lokesh Surana
    This document discusses aging inactive application user accounts by generating reports of accounts that have never connected or have not connected in over 120 days. The first step is to count these inactive accounts, and the second step is to produce a list with details of the inactive accounts to send to HR or others for review and potential closure of unused accounts. Not all aged accounts need to be closed, as some must exist but are rarely used. Running the report monthly helps manage security of the application.

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato DOCX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 2

    Aged User Accounts

    Much like the Accounts Receivable ages debtor accounts function in any business, we
    can age application user accounts that have never connected to the application or have
    not connected in some time via the full and self-service screens.

    Why would we want to do this? Having people who have long left the business retaining
    active accounts is a security issue, and all the best managed sites have processes in
    place to check that such accounts are being closed on a timely basis.

    It is possible to generate a list of application user accounts that have either never
    connected or have not connected in the last 120 days.

    The first step is to identify the number of accounts you have that are candidates for
    review:

    SELECT count(*)
      FROM applsys.fnd_user fu
    WHERE (fu.last_logon_date is null
                   or (sysdate - fu.last_logon_date) >= 120 )
          and (fu.end_date is null
                  or fu.end_date > sysdate )
         and fu.user_name not in ('SYSADMIN','GUEST');

    The second step is to produce a list of application accounts that are candidates for
    review:

    SELECT fu.user_id,
                 fu.user_name,
                 substr(fu.description, 1, 40)
                 decode(sign(length(fu.description) - 40), 1, '...') description,
                 nvl(to_char(fu.last_logon_date, 'DD-Mon-YY HH24:MI'), 'Never Connected')
                           last_connect_date,
                 decode(fu.last_logon_date, null, null,
                 round( (sysdate - fu.last_logon_date),0) ) days_since_last_connect
      FROM applsys.fnd_user fu
    WHERE (fu.last_logon_date is null
                   or (sysdate - fu.last_logon_date) >= 120 )
           and (fu.end_date is null
                  or fu.end_date > sysdate )
           and fu.user_name not in ('SYSADMIN','GUEST')
    ORDER by decode(fu.last_logon_date, null, (sysdate - 10000), fu.last_logon_date),
                    fu.user_name;

    The output will look something like the following example:


    Remember: Not all Aged User Accounts are candidates for end dating:

    There are of course exceptions, those accounts that must exist but are never used and
    those that are used very infrequently. You can exclude these by simply adding these
    accounts to your SQL statement:

                 and fu.user_name not in (‘SYSADMIN’,’GUEST’)

    You should run the second report say once per month as part of your normal application
    maintenance routine and send it to your HR department or whoever manages your
    application user accounts. It shows the business you are on top of managing the
    application and the business loves anything to do with security...

    Você também pode gostar