Best practices on the cleanest way to purge stale/ inactive user records

iamkurt
Tera Contributor

I am doing analysis of stale users in my environment and after identifying them, I need to purge them.

What is the best practice to purge users from the user table without breaking anything?
How to find any records in the system these about-to-be purged user records might be referencing?

Is there a tool I can run to perform a system-wide check of any records connected to these about-to-be purged user records?

Any help here would be highly appreciated, and thanks in advance for the same.

1 REPLY 1

ShubhamGarg
Kilo Sage

Hello @iamkurt ,

Normally, Implementations are never recommended which run on user (individual) level but based on group membership and roles. However, there can be some scenarios where such implementation is needed. Also, it is always advised to prefer inactivation for user records than deletion.

 

Here are some of the pointers which I could think of & can help you in taking cautious decision -

 

Capabilities

Configurations

Comments

Access Controls

ACLs & QBRs

Use of Access analyzer can give you complete access details on resource level (Table, Records, Endpoints, etc.) It is free to install in your instance, if not already installed.

Approvers

Workflows, Flows, Knowledge Base & articles, etc.

It is one of the possibility as you might be using the user profiles for approval for particular use cases.

Email Notifications

Workflow, Flow, Script Action, Email notifications (whom to send), etc.

Possible scenario in case of TO/CC/BCC

Integrations

Impersonation

It is one of the possibility as you might be using the user profiles for impersonation.

UI

Client Scripts, UI Policies, View Rules, UI Page/UI Macro, etc.

It would not matter as  we are not concerned on User experience for users who we are trying to inactivate.

System Clone

Prod to lower instances

Need to take a cautious decision whether cloning should be preserved, excluded or both?

User Preference

User preferences & subscriptions

It would not matter as such.

 

As of now & as per my knowledge, there is no tool or application which can give a E2E picture of resources which have a dependency on any User profile.

 

Post all the changes, it is always advised to run Regression test suites to remain 100% sure about any functionality.

 

Hope it helps. Feel free to appreciate my efforts by hitting Accepted Solution/Helpful button. Thanks!

 

Best Regards,

Shubham