- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā01-16-2019 09:01 AM
I've seen others ask about removing access if a user is not active for 90 days. We plan to perform the same operation where we will run a script. But what we don't want users to submit all of their roles again if they come back asking for access. That will create extra work for our support teams who today validate training before granting a role to a user.
Is there any way to reclaim a license without removing all the user roles from an inactive user? And then be able to simply re-activate the user with their old roles?
Thank you.
Solved! Go to Solution.
- Labels:
-
Best Practices
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā01-16-2019 09:12 AM
Hi,
If you're simply looking at removing access, you could set up a business rule looking at the last login time on the sys_user table, which simply marks an account as inactive past that 90 day mark.
If you're then using Subscription User Sets to track your licenses, you can use the Active field as a condition of being in the set.
We're currently in the process of implementing something similar, but just want to strip any itil access (rather than all access) off anybody who hasn't logged in for 90 days, to that effect, we've just set up a Scheduled job based on that last login time that strips the role and populates it into a new custom table, so we could restore things with a simple UI action that we've set up.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā01-16-2019 09:12 AM
Hi,
If you're simply looking at removing access, you could set up a business rule looking at the last login time on the sys_user table, which simply marks an account as inactive past that 90 day mark.
If you're then using Subscription User Sets to track your licenses, you can use the Active field as a condition of being in the set.
We're currently in the process of implementing something similar, but just want to strip any itil access (rather than all access) off anybody who hasn't logged in for 90 days, to that effect, we've just set up a Scheduled job based on that last login time that strips the role and populates it into a new custom table, so we could restore things with a simple UI action that we've set up.
