In regards to managing users, the husrmgr commandline utility does not have the feature
to remove (delete) groups (roles) from a user. I have created a couple of perl scripts that
is designed to accomplish this.
For example, I have had a customer that had a few thousand users that he wished to cleanup
specific groups (roles) from those users. The customer did not want to delete the groups but to
only clean his users roles by removing some specific groups from the user.
The first script 'harListUserRoles.pl' creates a .dat list of the users and all the roles assigned to the users
ordered by the role names. After the list is created, then the Harvest admin edits the list and removes
any lines that he/she wishes for the roles to remain in affect.
The second perl script 'harScrubUserRoles.pl' is run that uses the previous edited .dat list to scrub those
roles from the users. This perl script has two modes of operation 'TEST' and 'SCRUB' flags that are provided
as input parameter. The test mode will not actually scrub any roles, it produces a log file to show that it
performed on a per list line basis (this would be something like a dry run). The scrub mode actually
performs the roles removal and produces a log file that you can verify against with the edited list.
Caution: Do not take the scrub script lightly because it WILL update the database.
Normally the groups (roles) are manually removed via the administrator GUI in order to create an audit
log entry, if the audit log entry is not required or not a concern and the number of users volume to be
worked on is quite large then these scripts should work for you.
They have been tested in r12.5 and r12.6 database schema levels.
If these scripts can fit your role scrubbing requirements and the lack of the audit records are not a concern,
then to obtain these scripts for free you simply need to open an issue with Harvest L1 support requesting
access to these scripts.
To use these scripts will require the PERL runtime and SQLPLUS. You must have the capability to use sqlplus
to connect to the Harvest Oracle database using the Harvest schema owner credentials. These scripts can be run
on a client windows machine as long as the above requirements are met.
Disclaimer: These perl scripts are defined as 'field developed utilities' therefore they are provided as is with no
approved support. The user should use these scripts with caution.