StrataFrame Forum

Delete user

http://forum.strataframe.net/Topic21684.aspx

By Teddy Jensen - 1/27/2009

Isn't possible to delete a user via the Security dialog anymore?

According to the documentation there used to be a delete user button and also an option to delete in the user context menu:

Has this functionality been removed? Hopefully not, because some of my customers has the need for deleting users, and it will be to bad to plumb this in my self every time SF comes in a new version.

/Teddy 

By Dustin Taylor - 1/27/2009

Hey Teddy,

I actually need to update the help docs on this, I didn't realise I had that in there for the end-user help. We've never allowed the end-user to delete a user, only to make a user inactive. This prevents records that are created with a "security stamp" (i.e. the primary key of the security user that created the record) from becoming orphaned.

As a developer you can delete users, but end-users have never been able to.

Sorry for the confusion! w00t

By Alex Luyando - 11/16/2010

Dustin -

Hi. Does this really make sense? I'd imagine in some environments (read ours) we have a "user" who is the security admin. Seems like once you have that title you should have the ability to add, edit AND delete users as you need to without needing developer interaction.

Just my two cents...

Thanks.
By Greg McGuffey - 11/16/2010

I'll pass this question/comment on to Dustin/Trent and get their take on it. My take is that this falls into the "dangerous" category. I'm sure there are situations were you could just allow the user's to be deleted, if the user ID is tracked no where and and never used in reports etc. However, the danger I see is that it would be real easy to miss this little detail when you decide to track the user for something, and that could lead to broken rules/bugs.  Further, if there is a strong need to delete users, you could build your own tool to do that. 
By Alex Luyando - 11/18/2010

Greg McGuffey (11/16/2010)
I'll pass this question/comment on to Dustin/Trent and get their take on it. My take is that this falls into the "dangerous" category. I'm sure there are situations were you could just allow the user's to be deleted, if the user ID is tracked no where and and never used in reports etc. However, the danger I see is that it would be real easy to miss this little detail when you decide to track the user for something, and that could lead to broken rules/bugs.  Further, if there is a strong need to delete users, you could build your own tool to do that. 


Thanks, Greg. I see the concern, but at the same time I can see being able to have sufficient safeguards in the framework to ensure that only users that can be deleted are (i.e., preventing orphaned records). In such cases I think the [  ] inactive flag is a great solution.

Looking at it from another perspective, I'm not a huge fan of developers having to become part of a production application's operational flow. I want to be able to head off to Aruba at any time and not have to worry that our security admin wants to delete a user and has to wait for me to return. Smile
By Greg McGuffey - 11/18/2010

Here is the "official" stance at this time, from Trent:

You can't delete the security users as it is a breach of security standards.  One of the primary things here to keep in minds is being able to track all of your application records and who created them.  For example, every single table that we create has a user tag on it and every row that gets created stamps that row with the user that is currently logged in.  If you delete that user, then you will never be able to determine who created that row.

It is, as a standard, bad mojo to allow users to be deleted.  In fact, Microsoft and other security tools and systems prefer making users inactive instead of deleting the user.  If you'll notice, you can delete a user through the design-time editor, just not the run-time.

As I mentioned, if it is really, really important for your app, just build a dialog to facilitate this. If you are only using the user to grant access (and never store the user ID anywhere) then you only have to deal with removing the links to roles and permissions.  We can help out if you go down this road.

And I hear Aruba is lovely this time of year  Wink

By Ivan George Borges - 11/18/2010

Yep, best windsurf spot I've ever been! Cool
By Edhy Rijo - 11/18/2010

Greg McGuffey (11/18/2010)
And I hear Aruba is lovely this time of year  Wink


Also consider Punta Cana in the Caribbean, wonderful and a lot of resorts to choose from and very affordable.  Man, I need a vacation soon Crazy
By Alex Luyando - 11/19/2010

Thanks for the follow-up Greg... Don't worry... I can deal with this on my end.

Yes, Punta Cana is awesome as well, although I wouldn't venture too far from the resorts there!

So many beautiful places to visit.... sooooo little time Sad