infra-docs-fpo/modules/sysadmin_guide/pages/accountdeletion.adoc

= Account Deletion SOP

For the most part we do not delete accounts. In the case that a deletion
is paramount, it will need to be coordinated with appropriate entities.

Disabling accounts is another story but is limited to those with the
appropriate privileges. Reasons for accounts to be disabled can be one
of the following:

____
* Person has placed SPAM on the wiki or other sites.
* It is seen that the account has been compromised by a third party.
* A person wishes to leave the Fedora Project and wants the account
disabled.
____

== Contents

* <<_disabling>>
** <<_disable_accounts>>
** <<_disable_groups>>
* <<_user_requested_disables>>
* <<_renames>>
** <<_rename_accounts>>
** <<_rename_groups>>
* <<_deletion>>
** <<_delete_accounts>>
** <<_delete_groups>>

=== Disabling

Disabling accounts is the easiest to accomplish as it just blocks people
from using their account. It does not remove the account name and
associated UID so we don't have to worry about future, unintentional
collisions.

== Disable Accounts

To begin with, accounts should not be disabled until there is a ticket
in the Infrastructure ticketing system. After that the contents inside
the ticket need to be verified (to make sure people aren't playing
pranks or someone is in a crappy mood). This needs to be logged in the
ticket (who looked, what they saw, etc). Then the account can be
disabled.:

....
Login to ipa01.iad2.fedoraproject.org
kinit admin@FEDORAPROJECT.ORG
ipa user-disable LOGIN
....

You can also use the ipa web ui.

=== Renames

For renames, we ask users to create a new account and simply get re-added
to all the groups they were in in the past. There's some discussion about
allowing renames in noggin, but it's not currently implemented.

=== Delete or GDPR requests

Users making GDPR delete or personal data requests should file a ticket at
https://pagure.io/fedora-pdr/ for processing. Thats out of the scope
of this SOP.
Added the infra SOPs ported to asciidoc. 2021-07-26 10:39:47 +02:00			`= Account Deletion SOP`

			`For the most part we do not delete accounts. In the case that a deletion`
			`is paramount, it will need to be coordinated with appropriate entities.`

			`Disabling accounts is another story but is limited to those with the`
			`appropriate privileges. Reasons for accounts to be disabled can be one`
			`of the following:`

			`____`
			`* Person has placed SPAM on the wiki or other sites.`
			`* It is seen that the account has been compromised by a third party.`
			`* A person wishes to leave the Fedora Project and wants the account`
			`disabled.`
			`____`

			`== Contents`

Incorporate Kevins comments and remove obsolete guides 2021-08-06 14:09:17 +00:00			`* <<_disabling>>`
			`** <<_disable_accounts>>`
			`** <<_disable_groups>>`
			`* <<_user_requested_disables>>`
			`* <<_renames>>`
			`** <<_rename_accounts>>`
			`** <<_rename_groups>>`
			`* <<_deletion>>`
			`** <<_delete_accounts>>`
			`** <<_delete_groups>>`

			`=== Disabling`
Added the infra SOPs ported to asciidoc. 2021-07-26 10:39:47 +02:00
			`Disabling accounts is the easiest to accomplish as it just blocks people`
			`from using their account. It does not remove the account name and`
			`associated UID so we don't have to worry about future, unintentional`
			`collisions.`

			`== Disable Accounts`

			`To begin with, accounts should not be disabled until there is a ticket`
			`in the Infrastructure ticketing system. After that the contents inside`
			`the ticket need to be verified (to make sure people aren't playing`
			`pranks or someone is in a crappy mood). This needs to be logged in the`
			`ticket (who looked, what they saw, etc). Then the account can be`
			`disabled.:`

			`....`
accountdeletion: update and rework Signed-off-by: Kevin Fenzi <kevin@scrye.com> 2022-03-25 10:59:26 -07:00			`Login to ipa01.iad2.fedoraproject.org`
			`kinit admin@FEDORAPROJECT.ORG`
			`ipa user-disable LOGIN`
Added the infra SOPs ported to asciidoc. 2021-07-26 10:39:47 +02:00			`....`

accountdeletion: update and rework Signed-off-by: Kevin Fenzi <kevin@scrye.com> 2022-03-25 10:59:26 -07:00			`You can also use the ipa web ui.`
Added the infra SOPs ported to asciidoc. 2021-07-26 10:39:47 +02:00
			`=== Renames`

accountdeletion: update and rework Signed-off-by: Kevin Fenzi <kevin@scrye.com> 2022-03-25 10:59:26 -07:00			`For renames, we ask users to create a new account and simply get re-added`
			`to all the groups they were in in the past. There's some discussion about`
			`allowing renames in noggin, but it's not currently implemented.`
Added the infra SOPs ported to asciidoc. 2021-07-26 10:39:47 +02:00
accountdeletion: update and rework Signed-off-by: Kevin Fenzi <kevin@scrye.com> 2022-03-25 10:59:26 -07:00			`=== Delete or GDPR requests`
Added the infra SOPs ported to asciidoc. 2021-07-26 10:39:47 +02:00
accountdeletion: update and rework Signed-off-by: Kevin Fenzi <kevin@scrye.com> 2022-03-25 10:59:26 -07:00			`Users making GDPR delete or personal data requests should file a ticket at`
			`https://pagure.io/fedora-pdr/ for processing. Thats out of the scope`
			`of this SOP.`