I’ve been using IEM since it’s early days as BigFix. One of the mantras that was repeated to me was “Do not delete acounts” once created. Disable YES, Delete No. This was because any content or actions created by the account were ‘signed’ by the Console Operator account.
With the move to keep all the signing keys in the database, does this allow us to ‘safely’ delete Console Operator accounts?
In our environment we delete inactive users automatically after a year of non-use. The only thing to be concerned of is the loss of custom content in their op site, which could be backed up automatically before deletion.
This can certainly be automated via the REST API ( https://developer.bigfix.com/rest-api/ ). Aside from deleting the operator, you can also disable their ability to log in as an initial measure prior to deletion after perhaps a longer period of time.
This past week I ran into an issue in which an operator that was removed and then had their back end data removed via the audit trail cleaner tool caused the analyses that the operator had activated to become de-activated. This impacted the SCA application in which the analyses displayed as <not activated>. To workaround the situation, another active operator was able to re-activate the analyses to correct the issue.