• State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 93 subscribers
  • Views 2633 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User is not getting deleted from Person table even if deffered deletion is 0

ruchita.mantri
over 5 years ago

Hi

I am trying to delete the user in One IM and even from all the targets. So, I set, IsInActive = "True" and deffered deletion is "0". In this case, user accounts are getting deleted in targets but not in one IM i.e the user is still there in Person table. Please suggest how can this be resolved. Thank you.

  • 0 over 5 years ago

    For starters, did you try to delete the person?

  • 0 over 5 years ago in reply to Markus Weiss-Ehlers

    if I manually delete the person, it gets deleted. But the user should get deleted automatically in this case,isn't it? 

  • 0 over 5 years ago in reply to ruchita.mantri

    No.  If they are IsInactive, they are...inactive...not deleted.  The system is behaving as designed.

  • 0 over 5 years ago in reply to George Cerbone

    ohh ok. so it will never get deleted automatically and needs to be deleted manually, is it? 

  • 0 over 5 years ago in reply to George Cerbone

    ok thank you so much for the quick response

  • 0 over 5 years ago in reply to ruchita.mantri

    I have one doubt here. what is the use of deffered deletion then? My understanding was if is inactive and deffered deletion is set to 0 days, the user should get deleted immediately. I have referred below link 

    support.oneidentity.com/.../6

  • 0 over 5 years ago in reply to ruchita.mantri

    A user is not a person.  If a person loses an account definition (for whatever reason) then delayed deletion will delay the deletion of the user account.  But a person account will never be automatically deleted.

  • 0 over 5 years ago in reply to ruchita.mantri

    When you carefully read the documentation from the link you will see that there is more than one use case in regards to account deletion.

    And setting Person.IsInActive to 1 is the use-case to permanently disable an employee, not to delete him.

    Think about the deferred deletion of a person as a grace period where you are able to recall your decision with the ability to restore this person including all inherited permissions.

    Account Definition Master Data for Account Definition Assignment Behavior
    Property Description

    Retain account definition if permanently disabled

    Specifies the account definition assignment to permanently disabled employees.

    Option set: the account definition assignment remains in effect. The user account stays the same.

    Option not set: the account definition assignment is not in effect. The associated user account is deleted.

    Retain account definition if temporarily disabled

    Specifies the account definition assignment to temporarily disabled employees.

    Option set: the account definition assignment remains in effect. The user account stays the same.

    Option not set: the account definition assignment is not in effect. The associated user account is deleted.

    Retain account definition on deferred deletion

    Specifies the account definition assignment on deferred deletion of employees.

    Option set: the account definition assignment remains in effect. The user account stays the same.

    Option not set: the account definition assignment is not in effect. The associated user account is deleted.

    Retain account definition on security risk

    Specifies the account definition assignment to employees posing a security risk.

    Option set: the account definition assignment remains in effect. The user account stays the same.

    Option not set: the account definition assignment is not in effect. The associated user account is deleted.