We have a large number of users who have left the company and their IFS IDs are inactive.
At the Oracle database level they are also inactive and our DBA would like to remove them.
Does anyone have experience with removing users from the Oracle data base but leaving them in IFS as inactive. They do not own any schemas, events, triggers, batch jobs, etc.
Page 1 / 1
Hi @dmanuele,
The recommended way is to delete the users using the ‘Delete Cascade’ RMB option on Users window which deletes both the Foundation 1 user and it’s associated oracle account and all database objects owned by the user.
But you can also delete the oracle account but keep the IFS account inactive by simply dropping the user and it will not do any harm as long as the account is inactive and they do not own any schemas, events, triggers, batch jobs, etc. You can use the following command to delete the user from the oracle database.
DROP USER <username>
Hope that helps!
Thank you Himasha. This is exactly what I thought I could do but was looking for corroboration.
“ But you can also delete the oracle account but keep the IFS account inactive by simply dropping the user and it will not do any harm as long as the account is inactive and they do not own any schemas, events, triggers, batch jobs, etc. ...”
I would strongly recommend not deleting the accounts from Oracle once the users have used IFS for a period of time.
Even though they may not own any database objects from a schema perspective, the IFS accounts that are tied to them (even though they are inactive) may be used throughout the system in terms of approvals, or document management aspects and deleting the underlying Oracle accounts may cause you issues in the long run.
Unless your DBA has some very unusual requirement, all they are probably looking to do it do some housekeeping, and putting your ERP system functionality at risk just for that reason is a risk I wouldn’t personally be willing to take.
Nick
I agree with @NickPorter here. It’s a great risk even if the users aren’t active anymore. We highly recommend the ‘Delete Cascade’ option. It may remove the relevant data or if it's not possible, will show an error. If an error is shown, you will need to remove the referenced data manually and then try to remove the user again
Inactive Oracle users can’t log in, and user reactivation can be audited at the database level. What other need would be addressed by removing them altogether?
As a side note, if you have ASFU licensing, I recommend keeping your active Oracle users in line with your active IFS users to ensure you’re not over- or under-utilizing your license count.
Hello @Himasha Abeywickrama
I have a follow-up question even though this thread was answered. I hope that’s alright.
We maintain AD and IFS user IDs similarly, and the user IDs are created with a certain format. But, if a particular user leaves the the company, the AD user will be deleted, but the IFS user shouldn’t be removed as we need to keep track of old ERP data which were altered \ used by the legacy users.
For example, the user Max Bermen will have BERMENM as both AD and IFS IDs. If the user left the company, the AD user will be deleted but the IFS user will be kept inactive. However, if we have a new user named Martin Bermen, the AD user will still be newly created as BERMENM but it’s not possible with IFS.
What is the IFS’s standard suggestion \ solution to handle these situations? Removing old IFS User ID isn’t an option as stated due to ERP Data regulations.