Project

General

Profile

Actions

Bug #25479

open

Users cleanup configuration is too strict on disabled users

Added by Clark ANDRIANASOLO 2 months ago. Updated about 1 month ago.

Status:
Pending release
Priority:
N/A
Category:
Web - Maintenance
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Very Small
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

The current default is 60 days for the rudder.users.cleanup.account.disableAfterLastLogin configuration property : any user that did not log in a period of 60 days are disabled.
The disable reason is also empty in the users table (in the statushistory column) :

{"actor": {"name": "rudder"}, "reason": "", "actionDate": "2024-09-17T10:00:00.000Z"}, "status": "disabled"}

We should set it to a longer period of time by default : 90 days, because users should be able to leave a Rudder instance unused for a longer period of time, as demonstrated by some client use cases.
The configuration value should still be modifiable, and the never value should be a supported one (a documentation should be added in the configuration.properties.sample file).
Also, a known admin user should not be disabled.

We should also add a reason in the trace, e.g. "User did not login for too long" and log the disabling of users with a warning log (see also #25478).

Also, rudder.users.cleanup.account.deleteAfterLastLogin should only apply on already disabled users only (therefore the value of 120.days seems reasonable)

We should also update the doc and sample for the configuration parameters.


Subtasks 3 (0 open3 closed)

User management - Bug #25482: User cleanup configuration impact on user-managementReleasedFrançois ARMANDActions
Bug #25483: User cleanup configuration impact on user-management in 8.2ReleasedFrançois ARMANDActions
Bug #25490: User cleanup actions are logged every time even there is no change ReleasedFrançois ARMANDActions

Related issues 3 (1 open2 closed)

Related to Rudder - User story #23440: Add users table to better track user and sessionsReleasedVincent MEMBRÉActions
Related to Rudder - Enhancement #25478: Normalize authentication logsPending releaseFrançois ARMANDActions
Related to Authentication backends - Bug #25458: All OIDC user are disabled at onceResolvedClark ANDRIANASOLOActions
Actions

Also available in: Atom PDF