View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0020805 | mantisbt | administration | public | 2016-04-12 22:05 | 2016-09-01 02:50 |
Reporter | vboctor | Assigned To | |||
Priority | normal | Severity | feature | Reproducibility | N/A |
Status | new | Resolution | open | ||
Product Version | 1.3.0-rc.1 | ||||
Summary | 0020805: Protect administrators against deleting users without understanding implications | ||||
Description | Someone leaves the company and the administrator goes and deletes their account. Later they discovered that this was not a good decision. They can't filter on the user, they can edit issues that user reported or handled. They lose track of the person and just see the id, etc. Hence, we should protect the administrator against making this mistakes via one of the following approaches: Option 1: When user clicks Delete User, we block the deletion if user has rows associated with them in the database for entities (e.g. issues, issue notes, history, attachments). And in such case, offer a button to disable the user instead. Option 2: Give a warning to the user explaining that they should use disable instead with some explanation, but give them the option to do both actions. My preference is option 1. | ||||
Tags | mantishub | ||||
If you don't allow to delete users you will be able to generate something like "list of user names who left the company" So maybe there should be an option to anonymize names of deactivated users. |
|
Just my €0.02 how we handle this case: If one of our users leaves the company, I edit her real name (add " (left)" for example) and set her account to "deactivated" and "protected". So she can't be assigned any more. We like to see her user name on issues she worked on. |
|