/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
- Active scoping question: "Do you want to remove substitutions and authorizations for users whose validity date is in the past?" is enabled in the tenant.
- Authorizations are not revoked for business users whose validity period is set to 01/01/0001 to 01/01/0001.
- Also Business roles remain assigned to such business users.
- Only when the "Valid To" date is manually updated (e.g., to 01/02/0001), the system auto-revokes the roles.
Environment
SAP Cloud for Customer
Reproducing the Issue
- Enable the scoping question: "Do you want to remove substitutions and authorizations for users whose validity date is in the past?".
- Set a user's validity period to 01/01/0001 to 01/01/0001 (e.g., via automated employee replication messages).
- Observe that authorizations and business roles remain assigned to the user despite the validity period being in the past.
- Manually update the "Valid To" date to a different value (e.g., 01/02/0001).
- Confirm that roles are auto-revoked after the manual update.
Cause
Users with a validity period set to 01/01/0001 to 01/01/0001 are considered as initial users by the system. This classification prevents the background job from detecting them as invalid users, resulting in business roles remaining assigned.
Resolution
- This behavior is standard in the system.
- If you require automatic removal of substitutions and authorizations for users whose validity has expired, please avoid using the default validity period of 01/01/0001 to 01/01/0001.
- For employees involved in replication scenarios, ensure that accurate validity dates are transmitted to the C4C system to prevent this issue.
See Also
For additional details on standard behavior regarding user validity periods: Check KBA 2923192 - Users are Getting Unlocked Automatically
Keywords
user validity period, 01/01/0001, business roles not revoked, scoping question, SAP Cloud for Customer, auto-revoke roles, inactive users, validity date past, background job, identity management, SAP IAS/IPS integration, employee replication, authorization removal, not removed , KBA , SRD-CC-IAM , Identity & Access Management , Problem
Product
SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications all versions
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)