By Teddy Jensen - 1/27/2009
Isn't possible to delete a user via the Security dialog anymore?According to the documentation there used to be a delete user button and also an option to delete in the user context menu: Has this functionality been removed? Hopefully not, because some of my customers has the need for deleting users, and it will be to bad to plumb this in my self every time SF comes in a new version. /Teddy
|
By Dustin Taylor - 1/27/2009
Hey Teddy,I actually need to update the help docs on this, I didn't realise I had that in there for the end-user help. We've never allowed the end-user to delete a user, only to make a user inactive. This prevents records that are created with a "security stamp" (i.e. the primary key of the security user that created the record) from becoming orphaned. As a developer you can delete users, but end-users have never been able to. Sorry for the confusion!
|
By Alex Luyando - 11/16/2010
Dustin -
Hi. Does this really make sense? I'd imagine in some environments (read ours) we have a "user" who is the security admin. Seems like once you have that title you should have the ability to add, edit AND delete users as you need to without needing developer interaction.
Just my two cents...
Thanks.
|
By Greg McGuffey - 11/16/2010
I'll pass this question/comment on to Dustin/Trent and get their take on it. My take is that this falls into the "dangerous" category. I'm sure there are situations were you could just allow the user's to be deleted, if the user ID is tracked no where and and never used in reports etc. However, the danger I see is that it would be real easy to miss this little detail when you decide to track the user for something, and that could lead to broken rules/bugs. Further, if there is a strong need to delete users, you could build your own tool to do that.
|
By Alex Luyando - 11/18/2010
Greg McGuffey (11/16/2010) I'll pass this question/comment on to Dustin/Trent and get their take on it. My take is that this falls into the "dangerous" category. I'm sure there are situations were you could just allow the user's to be deleted, if the user ID is tracked no where and and never used in reports etc. However, the danger I see is that it would be real easy to miss this little detail when you decide to track the user for something, and that could lead to broken rules/bugs. Further, if there is a strong need to delete users, you could build your own tool to do that.
Thanks, Greg. I see the concern, but at the same time I can see being able to have sufficient safeguards in the framework to ensure that only users that can be deleted are (i.e., preventing orphaned records). In such cases I think the [ ] inactive flag is a great solution.
Looking at it from another perspective, I'm not a huge fan of developers having to become part of a production application's operational flow. I want to be able to head off to Aruba at any time and not have to worry that our security admin wants to delete a user and has to wait for me to return.
|
By Greg McGuffey - 11/18/2010
Here is the "official" stance at this time, from Trent:
You can't delete the security users as it is a breach of security standards. One of the primary things here to keep in minds is being able to track all of your application records and who created them. For example, every single table that we create has a user tag on it and every row that gets created stamps that row with the user that is currently logged in. If you delete that user, then you will never be able to determine who created that row.It is, as a standard, bad mojo to allow users to be deleted. In fact, Microsoft and other security tools and systems prefer making users inactive instead of deleting the user. If you'll notice, you can delete a user through the design-time editor, just not the run-time. As I mentioned, if it is really, really important for your app, just build a dialog to facilitate this. If you are only using the user to grant access (and never store the user ID anywhere) then you only have to deal with removing the links to roles and permissions. We can help out if you go down this road. And I hear Aruba is lovely this time of year
|
By Ivan George Borges - 11/18/2010
Yep, best windsurf spot I've ever been!
|
By Edhy Rijo - 11/18/2010
Greg McGuffey (11/18/2010)
And I hear Aruba is lovely this time of year
Also consider Punta Cana in the Caribbean, wonderful and a lot of resorts to choose from and very affordable. Man, I need a vacation soon
|
By Alex Luyando - 11/19/2010
Thanks for the follow-up Greg... Don't worry... I can deal with this on my end.
Yes, Punta Cana is awesome as well, although I wouldn't venture too far from the resorts there!
So many beautiful places to visit.... sooooo little time
|
|