What is best practice for deleting records?

Megan C · ‎11-25-2020

What is the widely accepted best practice for allowing or restricting deletions? We have a blanket rule that no one but our Security Admin can delete in Prod, but have already made one exception to allow users to delete a personal filter. We've now received a request to allow people to delete drafts of knowledge articles. Thoughts? We know we can make the exception, but as a new implementation we are trying to determine if we should.

Kieran Anson · ‎11-25-2020

Hi Megan,

Hope the new implementation is going smoothly. Good question and it will largely be down to business decision. My usual guidance is

If the record is user specific (notification device, user preference, filter, report, template etc) they should be able to self manage. This often allows for better data management as users tend to "clean as they go".
Any records to which more than one user can access should be restricted to trusted administrators. This doesn't necessarily mean users with the "admin" role but could mean "itil_admin" or "knowledge_admin" or even a custom role.
Where caution is needed, I've not refrained from creating custom delete roles for specific tables whereby the elevated role functionality has been used. Why? Well, a handy event is created whenever this occurs 'security.elevated_role.enabled' which gives the userID and role that was added as part of the elevation. This further encourages those few trusted users to ensure what they're doing is appropriate.

sachin_namjoshi · ‎11-25-2020

You should not allow delete for any user since this may trigger cascade delete operations.

Instead, you should look to make records inactive as far as possible.

Regards,

Sachin

Allen Andreas · ‎11-25-2020

Hi,

My personal recommendation is to really consider not allowing deletions by anyone other than admin for anything, as much as possible (and admins shouldn't really be doing it either, especially in Prod).

If they need a personal filter deleted and it's that annoying that it's there, submit a request perhaps (sounds silly, but that's an example).

If a company location no longer "exists", retire it (look in to adding a simple "Location Retired" checkbox and utilizing that).

If a user leaves the company, lock the account, remove roles, etc. and make it inactive.

These are just some examples, but it's best to try and make a record inactive, retire, non-operational, etc. as much as you can.

Once you do allow it, as you can see, it sort of starts to snowball and then someone asks for just a tiny bit more...then another user asks for more than that...and it grows and grows.

Just my 2 cents 🙂

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Allen Andreas · ‎12-06-2020

Hi,

I just wanted to check-in on this and see if this has been resolved.

If my reply above helped guide you correctly, please mark as Helpful & Correct.

Thank you!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!