Deleting or not-deleting users from Vault.

Hi All,

There is a mixed feeling among everyone about deleting or not-deleting
inactive users from the Identity Vault of an IDM system. I have come
across different opinions from different groups of people that I have
interacted and discussed on this topic.

Will like to collect the views / best practices being followed in
industry for the benefit of everyone in the IDM world.

Should we delete inactive users from the Vault, if so when? Sometimes
this depends on business decisions and HR policy but the question is,
when is it technically right to delete accounts. 
One school of thought is to keep the users until they are available in
the HR source repository; If that is the way to go, then ideally  HR
strategies have a lead time of 7 yrs before you can delete a user. Is
this right for the Identity Vault. 
What are the repercussions of not deleting the inactive IDs? Off
course, space and storage is a factor but does it do any good in keeping
them there in vault.

SO I would like the ideas of others who have faced the same challenge
before and put together a best practice for deleting users from Identity

Your ideas are welcome!


-eDir4ever :)

5/12/2009 10:56:02 PM 10360 articles. 2 followers. Follow

1 Replies

Similar Articles

[PageSpeed] 14

I think the short answear is: it doesn't matter. It all depends on your
system and how they are used.
One benefit of deleting the users is cost, you never pay for non
existing users. An other benefit is namespace, if you delete a user you
can use that account name for some one else.
To really benefit from keeping the disabled user you also need to keep
the user disabled in the target apps with mailbox, files etc but that
takes up a lot of space.
We do a two step inactivation.
When a user leaves the account is disabled and left for 18 month in all
connected systems as disabled.
After that period the user is deleted from the connected systems but
left in the vault for 10 years with a lot of attributes hr does not have
for traceability.

joakim_ganse's Profile:
View this thread:

5/13/2009 6:56:02 AM

Similar Artilces:

Deleting a user deletes all authorizations that user granted.
SQL Anywhere 11.0.1 I have a situation where I deleted a user who previously granted rights. All rights where were granted by that user were removed. example: UserA grants UserB rights to TableA. UserA is deleted UserB no longer has rights to TableA This is very undesirable. Is this by design or a bug? This is by design. See Revoke statement for more details but here is the relevant section: REVOKE CONNECT removes a user ID from a database, and also destroys any objects (tables, views, procedures, and so on) owned by that user and *any permissions granted by that user*. Y...

Lotus Notes
Hey all, I want to delete the terminated User's file after the adminp deletion process. I'm not really sure how to go about cleaning this up since the Notes administrator has to approve the delete and I have no further reference once the delete has occured. Might not even be possible....? Any thoughts or ideas on doing this would be appreciated. Thanks. Bryan -- brembold ------------------------------------------------------------------------ brembold wrote: > Hey all, > > I want to delete the terminated User's file afte...

Deletes are not being deleted.
Using ASA 7.03 I am having a problem in deleting field service orders that have been completed. Just getting started with sync so I am probably making a dumb mistake or just leaving out a step. The download_delete_cursor script is: Select ordernumber from ServiceOrderEntryMaster where Tech = ? and Order_Complete = 'Y' This based on the verbose reply from the MobiLink Synchronization server is picking the correct work order ( number 326 ) and showing a Delete Row line in the log. But the work order is not being deleted on the remote side. What could I be doing wron...

Delete user from a grid while deleting user information from another database table
I have created a seperate table for user information for my users. I would like to be able to delete the user and their role at the same time I delete the information from the grid view. Here is what I have so far.  This give me a No Object error: The username label is a templated field in the girdviewProtected Sub GridView1_RowDeleting(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.GridViewDeleteEventArgs) Handles GridView1.RowDeleting Try Dim Grid As GridView = GridView1 Dim Username As String = CType(Grid.SelectedRow.FindControl(...

When you delete a user from one portal, users with same username on other portals are also deleted!
Actually when you delete a user from one portal, SPC deletes the user from users table, all portal instances from userportals table and only one user from aspbet_users which belongs to that portal. When you want to access users from other portal admins you get an error. And the only way to recover is to delete the other users in other portals from aspnet_user tables.This seems to be a terrible bug.- DNN allows us to create the user with the same username on an other portal but does not allow to delete only one.We of course override this by changing the SPC but must be changed by DNN Team.I t...

How to delete home directories of deleted users
Hi all, I inherited a Netware 5.0 sp6a infrastructure and it looks like the last guy was deleting the users without deleting the home directories. I am pretty new at this so I was wondering if there is a simple way of running a tool of some sort which goes through the volume to match the folder to the user. Thanks, SA. Look for files/folders whose owner is "none" ...? -- Peter eDirectory Rules! ...

Entitlements and Associations Deleted on Deleting the Driver
Is it a known fact that on deleting a driver, its related associations and entitlements are automatically removed as well from all the users? We are noticing this behavior and wanted to confirm. I know that driver associations gets deleted from all users but not sure about Entitlements. Strangely even the entitlements (provisioned by that driver) are getting automatically deleted as well upon deletion of the driver. Is there any way in which I can avoid this? Any pointers would be appreciated.. Thanks -- saurabhbl ----------------------------------------------------...

Delete old appts from deleted users
GroupWise 6.5 sp2 We have several users that have posted appts on their calendar that were created by users that are no longer or have GW accounts. Is there a way to retract all of these from the system level or does each user need to delete them manually? J, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at ...

Ask User to confirm delete before deleting
Hi Guys Using sql2005 and .net2.0 I have a detailsview which allows the user to delete, i want to pop up a window asking Are You Sure, Yes No, and if they select yes it will perform the delete or if they select no it will cancel the deletion.I do not want to use JAVASCRIPT I have heard of a Message box but have never used it can i use this? if so can someone provide an example, tutorial or solutionThanks and Kind RegardsNo one said it was gonna be easy, then again, nothing worth doing ever is. teddymeu4u:I have heard of a Message box but have never used it can i ...

Bug? : Manage Users Tab : Delete unauthorised users..
Noticed this today... Manage Users tab, show all users, click 'delete unauthorised users' dosn't. You have to delete each individually via edit user. There is a safety period so that very new registerations don't get deleted straight away. image as you press delete someone registers!! I think it is about a day. This might be what you are seeing.Visit - index of DNN threads - hand picked quality threads. TextLayout Module - create multiple column layouts easily Actually it is seven (7) days...Geert Veenstra Ty, ....apart from speed whats the differe...

How to suspend a user permissions without deleting his user id?
Hi, The revoke connect statement delete the user id and all his objects from the database but what I like to happen is to suspend the user from logging into the database including revoking all his access permissions to resource while keeping his user id valid. That way all records created by him would be valid for retrieval and he can be re- activated if so desired. Thank you in advance Farah. "Farah" <> wrote: > The revoke connect statement delete the user id and all his objects > from the database but what I like to happen is to susp...

BUG : Deleting a Portal deletes the users from other portals
Hello Everyone,   Bug Scenario: 1 - Clean DNN 3.0.12 installation 2 - Login as host 3 - Create a user call it testuser (name doesn't matter but make sure to remember all the data you entered) 4 - Create a portal call it PortalA (name doesn't matter), make the admin of the portal called "admin" 5 - Create another portal call it PortalB (name doesn't matter), use the same credentials you did for PortalA 5 - Login as admin or host to PortalA 6 - Add a user with the same credentials that you did in step 3 7 - Login as admin or host to PortalB 8 - Add a user with the same cre...

Delete User from child site deletes from all sites
Can anyone confirm this? Is this a bug...or an opportunity for another host setting? :c) If a user registers on two child sites, childsite1 and childsite2, then one Users record is created and two UserPortals records are created. If the admin of childsite1 goes into Manage Users and Deletes the user, that user is also deleted from childsite2. Shouldn't the user only be removed from childsite1? Perhaps there should be a hostsetting that determines whether deleting a user in one site deletes them from all sites in the database instead of assuming that. Am I missing something? A...

At what point are deleted users' emails deleted
Hi, Had the instance where I deleted a user that had left the company and my stats showed (GWMBSize32) that they had about 600Mb in use. After deleting the user and another couple small users I noticed that I didn't get much space back on the server (only about 100mb and watched it for a couple hours). I understand that if most of the users email had been sent to other users then the single instancing would be in effect but I would have thought I would get more back. I am running a nightly post office check and I also this morning ran a Reduce on the post office. This ga...

Web resources about - Deleting or not-deleting users from Vault. -

Spotify Sued for Not Deleting User Playlists
Ministry of Sound, a dance label, objects that the streaming website allows users to create playlists that mimic its compilation albums.

Why I am not deleting my Uber app
The big trend in tech blogging this week is deleting the Uber mobile app and then blogging about it. Look around and you’ll find dozens of bloggers ...

Google's Apology for Not Deleting Street View Data Isn't Enough
Google has apologized for keeping user data it said it destroyed, but that hasn't placated its critics.

Google's Apology for Not Deleting Street View Data Isn't Enough
... information it had collected over wireless networks in the U.K. while making its street view maps. Today, Google admitted that it did not in ...

Red Hat Squid web-proxy is not deleting files willy-nilly
There is indeed a Squid bug in Red Hat Enterprise Linux, but it's in pre-beta, unreleased code.

Resources last updated: 1/8/2016 2:10:22 PM