Skip to Content
Author's profile photo Rafael Guimbala

How to delete roles, mitigation controls, users, and other informations from one connector

When a user has to delete one Connector/System from GRC the syncs jobs will not remove from the tables the data from this connector,

but there is a report GRAC_DELETE_ACCESS_RULES that do the job, if you select the last check box as you can see in image:


You will delete data from the selected connector for the following GRC tables, *Noticed that all this tables has connector field and if this field is equal the connector that was choose the data will be erased.*

  1. gracactionsyst 
  2. gracactpermsys 
  3. gracactusage 
  4. gracauthpmsyst
  5. gracclasssyst 
  6. gracfldsys 
  7. gracfldsyst 
  8. gracfldvalsys       
  9. gracmgmtactusage 
  10. gracobjectauth 
  11. gracpdprofiles
  12. gracpermclssys 
  13. gracpermfldsys 
  14. gracpermfldval 
  15. gracprofile 
  16. gracprofilet 
  17. gracrlconn
  18. gracroleorg 
  19. gracroleusage 
  20. gractaskexecstmp 
  21. gracuser 
  22. gracuserconn 
  23. gracusermap 
  24. gracuserorg 
  25. gracuserprofile   
  26. gracuserrole      
  27. gracusrpdprofile 
  28. gracclasssyst 
  29. gracfldsyst 
  30. gracfldvalsys 
  31. gracprofile 
  32. gracroleorg 
  33. gracroleusage 
  34. gracusermap    
  35. gracuserorg 
  36. gracactionsyst 
  37. gracactpermsys

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Rakesh Ram
      Rakesh Ram

      Hello Rafael,

      Thanks for sharing the valuable information


      Deepak M

      Author's profile photo Former Member
      Former Member

      Hi Rafael,

      A really useful document. Superb.

      However, as per the naming convention of the options, it seems that, they delete accordingly, as below:

      1st: Functions, for the selected system, will be deleted. So, could you share your thought on this. Risk is not defined for a system. So, if a Risk has 2 functions from 2 diff. connectors, then this risk will only, be left with 1 function(from the non-removed connector).However, if a Risk contains functions only,from the selected connector, then the Risk, will be deleted

      2nd:Mitigation Control will be deleted/not-deleted, as per the Risk, deleted/non-deleted, as mentioned above

      3rd: Risk Analysis data, for the above Risks, and the users for the selected Connector

      4th: User, Role and Profile Sync data for the selected connector

      Author's profile photo Rafael Guimbala
      Rafael Guimbala
      Blog Post Author

      Hi Plaban,

      I just mention the last check, because some customers was with this doubt, but thanks for sharing the rest of the functionalities πŸ™‚ ,



      Author's profile photo Former Member
      Former Member

      Thank you Guimba,

      We embrace recurrent issues about this topic and this is a great 'How-to'.



      Author's profile photo Luciana Ullmann
      Luciana Ullmann

      Superb! Thanks Rafael!

      Author's profile photo Former Member
      Former Member

      Nice to know, good work!

      Author's profile photo Alessandro Banzer
      Alessandro Banzer

      thanks for sharing - so far this information was only available in the coding πŸ™‚

      Author's profile photo Former Member
      Former Member

      Excellent information


      Author's profile photo swadhin ghatuary
      swadhin ghatuary


      Nice document . I Appreciate this πŸ™‚ .

      Keep on Posting.

      Thanks Rafael.

      Author's profile photo Gustavo Soares
      Gustavo Soares

      Just to confirm:

      Is this to be used only if the connector is deleted?

      Is it useful if we see old data for an existing connector, for example, delete Business Roles that still appear in BRM?

      If a connector is removed and later on added again, should we run this report? At what point?

      If we run this report for an existing connector, will the incremental sync job pick it up?

      Sorry for Β the number of questions, but it sounds like this functionality is as useful as dangerous πŸ™‚

      Thank you

      Author's profile photo Rafael Guimbala
      Rafael Guimbala
      Blog Post Author

      Hello Gustavo,

      This is really dangerous, you should run only in the case that you want to exclude all the information related to this connector. After run this report all the other reports will run as was the first time. So the incremental sync will not work,



      Author's profile photo Vishnu Challa
      Vishnu Challa

      That's really good info. Is there a way to delete only old data from these tables? Especially GRACPERMFLDVAL, GRACPERMFLDVALG and GRACACTPERMSYS. These tables are too huge for the DB and we are looking for ways to cleanup.