Skip to Content

How to delete roles, mitigation controls, users, and other informations from one connector

When a user has to delete one Connector/System from GRC the syncs jobs will not remove from the tables the data from this connector,

but there is a report GRAC_DELETE_ACCESS_RULES that do the job, if you select the last check box as you can see in image:


You will delete data from the selected connector for the following GRC tables, *Noticed that all this tables has connector field and if this field is equal the connector that was choose the data will be erased.*

  1. gracactionsyst 
  2. gracactpermsys 
  3. gracactusage 
  4. gracauthpmsyst
  5. gracclasssyst 
  6. gracfldsys 
  7. gracfldsyst 
  8. gracfldvalsys       
  9. gracmgmtactusage 
  10. gracobjectauth 
  11. gracpdprofiles
  12. gracpermclssys 
  13. gracpermfldsys 
  14. gracpermfldval 
  15. gracprofile 
  16. gracprofilet 
  17. gracrlconn
  18. gracroleorg 
  19. gracroleusage 
  20. gractaskexecstmp 
  21. gracuser 
  22. gracuserconn 
  23. gracusermap 
  24. gracuserorg 
  25. gracuserprofile   
  26. gracuserrole      
  27. gracusrpdprofile 
  28. gracclasssyst 
  29. gracfldsyst 
  30. gracfldvalsys 
  31. gracprofile 
  32. gracroleorg 
  33. gracroleusage 
  34. gracusermap    
  35. gracuserorg 
  36. gracactionsyst 
  37. gracactpermsys
You must be Logged on to comment or reply to a post.
  • Hi Rafael,

    A really useful document. Superb.

    However, as per the naming convention of the options, it seems that, they delete accordingly, as below:

    1st: Functions, for the selected system, will be deleted. So, could you share your thought on this. Risk is not defined for a system. So, if a Risk has 2 functions from 2 diff. connectors, then this risk will only, be left with 1 function(from the non-removed connector).However, if a Risk contains functions only,from the selected connector, then the Risk, will be deleted

    2nd:Mitigation Control will be deleted/not-deleted, as per the Risk, deleted/non-deleted, as mentioned above

    3rd: Risk Analysis data, for the above Risks, and the users for the selected Connector

    4th: User, Role and Profile Sync data for the selected connector

    • Hi Plaban,

      I just mention the last check, because some customers was with this doubt, but thanks for sharing the rest of the functionalities πŸ™‚ ,



  • Just to confirm:

    Is this to be used only if the connector is deleted?

    Is it useful if we see old data for an existing connector, for example, delete Business Roles that still appear in BRM?

    If a connector is removed and later on added again, should we run this report? At what point?

    If we run this report for an existing connector, will the incremental sync job pick it up?

    Sorry for Β the number of questions, but it sounds like this functionality is as useful as dangerous πŸ™‚

    Thank you

    • Hello Gustavo,

      This is really dangerous, you should run only in the case that you want to exclude all the information related to this connector. After run this report all the other reports will run as was the first time. So the incremental sync will not work,



  • That's really good info. Is there a way to delete only old data from these tables? Especially GRACPERMFLDVAL, GRACPERMFLDVALG and GRACACTPERMSYS. These tables are too huge for the DB and we are looking for ways to cleanup.