Best practices on the cleanest way to purge stale/ inactive user records
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-09-2024 12:50 PM
I am doing analysis of stale users in my environment and after identifying them, I need to purge them.
What is the best practice to purge users from the user table without breaking anything?
How to find any records in the system these about-to-be purged user records might be referencing?
Is there a tool I can run to perform a system-wide check of any records connected to these about-to-be purged user records?
Any help here would be highly appreciated, and thanks in advance for the same.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-11-2024 11:16 AM
Hello @iamkurt ,
Normally, Implementations are never recommended which run on user (individual) level but based on group membership and roles. However, there can be some scenarios where such implementation is needed. Also, it is always advised to prefer inactivation for user records than deletion.
Here are some of the pointers which I could think of & can help you in taking cautious decision -
Capabilities | Configurations | Comments |
Access Controls | ACLs & QBRs | Use of Access analyzer can give you complete access details on resource level (Table, Records, Endpoints, etc.) It is free to install in your instance, if not already installed. |
Approvers | Workflows, Flows, Knowledge Base & articles, etc. | It is one of the possibility as you might be using the user profiles for approval for particular use cases. |
Email Notifications | Workflow, Flow, Script Action, Email notifications (whom to send), etc. | Possible scenario in case of TO/CC/BCC |
Integrations | Impersonation | It is one of the possibility as you might be using the user profiles for impersonation. |
UI | Client Scripts, UI Policies, View Rules, UI Page/UI Macro, etc. | It would not matter as we are not concerned on User experience for users who we are trying to inactivate. |
System Clone | Prod to lower instances | Need to take a cautious decision whether cloning should be preserved, excluded or both? |
User Preference | User preferences & subscriptions | It would not matter as such. |
As of now & as per my knowledge, there is no tool or application which can give a E2E picture of resources which have a dependency on any User profile.
Post all the changes, it is always advised to run Regression test suites to remain 100% sure about any functionality.
Hope it helps. Feel free to appreciate my efforts by hitting Accepted Solution/Helpful button. Thanks!
Best Regards,
Shubham
