Is there any best practice how to remove old users that are no longer actively using ONE DATA? The following options come to mind:
Are there any disadvantages for any of these options?
Hi Marco,
we had a similar challenge at one customer and removal of colleagues even from groups (and degrading them from domain admins to normal users) led to some struggle, because their users were used in Workflows and execution was no longer possible.
You might want to check the resources that are affected by this user. This could be possible by retrieving affected resources via API.
If the user or the credentials of this user are also used in python processors or such, it might become a bit more difficult though.
There should be an option to change a resource owner via the API, so maybe also this could be an option to actively assign the resources to someone else before removing the user.
Apart from that I think it does not make a big difference if you remove the user from the domain, set it inactive or delete it.
If you “only” want to prevent a person to login anymore, you could also simply reset the password of the user, which should not affect the resources and rights in OD.
Hope this helps.
Viola
Thanks Vio. I took your advice to check the resources affected by the user with the following request (in case somebody reads this and wants to do it as well:
/generic?domainId={domainId}&genericResourceType=DATA,KEY,WORKFLOW,SCHEDULE,DB_CONNECTION,PRODUCTION_LINE,DYNAMIC_REPORT&limit=1500
I wanted to see what happens to resources owned by a user when that user is removed from the domain. As it turns out, the resources (it was only 2 workflows) seem to be reassigned (as owner) to the user who performed the deletion.