Disabling Inactive User Access & Accounts
Covered by this topic
As an Enterprise Health standard, all user application access is regularly reviewed and validated, ensuring all user access–including of employees, clients, vendors, and partners–is appropriate, given the users’ roles and responsibilities. This provides assurance that object access and account management practices support the MIE Information Security Policies. For example, the security principle of least privilege requires all users to be granted the most restrictive set of privileges needed for the performance of their authorized tasks. Simply applying this principle limits the damage that can result from accident, error, or unauthorized use.
As such, all Enterprise Health systems will automatically disable any client and/or user account (e.g., MIExxxx) that has been inactive for an established and configured number of days. In other words, employees, clients, vendors, and/or partners functioning as system administrators of any database on MIE servers, shall take the responsibility of their user access by way of the tools and automation available in the system, described in further detail, below.
Days Inactive System Setting
To automatically disable a client and/or user account that has been inactive for a number of days, simply utilize the Days Inactive system setting, which allows the number of days of inactivity to be set, according to organizational preferences, or standards.
- Navigate to the Control Panel.
- Go to the System Settings menu tab.
- Search for the System, Security, Days Inactive security setting. Click the Edit link of the security setting, found in the Options column to the right of the page.
- Update the Value with the preferred days of inactivity to trigger account deactivation (e.g, 5, 7, 14, etc.).
- Provide a Reason for the change of the security setting, and click the Change button.
Disable Inactive Users Scheduled Job
In addition to the Days Inactive system setting, the Enterprise Health system comes equipped with a job scheduler, which allows for recurring, automated jobs that may need to run periodically, at fixed times, dates, or intervals. This tool allows administrators to easily maintain common and necessary functions for general administration purposes. The Disable Inactive Users scheduled job is enabled in every system, by default, and is set to trigger every day. To add, manage, or update scheduled jobs, simply navigate to the Scheduled Jobs menu tab.
Unless updated, the default behavior of the Disable Inactive Users scheduled job is to run daily, at 05:00, where any user access flagged as inactive, based on the Days Inactive system setting, discussed in detail, above, will hit and perform the disableacc function, automatically.
Enterprise Health Documentation
Last Updated:
Last Build:
Mon, 07 Oct 2024 21:17:41 UTC
WikiGDrive Version: 2aacb51f060d0354a678419290943a99bd16aad1