Disabling Inactive User Access & Accounts

As an  Enterprise Health standard, all user application access is regularly reviewed and validated, ensuring all user access–including of employees, clients, vendors, and partners–is appropriate, given the users’ roles and responsibilities. This provides assurance that object access and account management practices support the MIE Information Security Policies. For example, the security principle of least privilege requires all users to be granted the most restrictive set of privileges needed for the performance of their authorized tasks. Simply applying this principle limits the damage that can result from accident, error, or unauthorized use.

As such, all Enterprise Health systems will automatically disable any client and/or user account (e.g., MIExxxx) that has been inactive for an established and configured number of days. In other words, employees, clients, vendors, and/or partners functioning as system administrators of any database on MIE servers, shall take the responsibility of their user access by way of the tools and automation available in the system, described in further detail, below.

Days Inactive System Setting

To automatically disable a client and/or user account that has been inactive for a number of days, simply utilize the Days Inactive system setting, which allows the number of days of inactivity to be set, according to organizational preferences, or standards.

  1. Navigate to the Control Panel.
  2. Go to the System Settings menu tab.
Warning
System settings can only be maintained by those users with the appropriate security access of SuperUser, or higher.
  1. Search for the System, Security, Days Inactive security setting. Click the Edit link of the security setting, found in the Options column to the right of the page.
  2. Update the Value with the preferred days of inactivity to trigger account deactivation (e.g, 5, 7, 14, etc.).
  3. Provide a Reason for the change of the security setting, and click the Change button.

Disable Inactive Users Scheduled Job

In addition to the Days Inactive system setting, the  Enterprise Health system comes equipped with a job scheduler, which allows for recurring, automated jobs that may need to run periodically, at fixed times, dates, or intervals. This tool allows administrators to easily maintain common and necessary functions for general administration purposes. The Disable Inactive Users scheduled job is enabled in every system, by default, and is set to trigger every day. To add, manage, or update scheduled jobs, simply navigate to the Scheduled Jobs menu tab.

Info
From the Scheduled Jobs menu tab, users may search for existing scheduled jobs and edit, as needed, or use the Add Scheduled Job link, in the upper-right corner of the page.

Unless updated, the default behavior of the Disable Inactive Users scheduled job is to run daily, at 05:00, where any user access flagged as inactive, based on the Days Inactive system setting, discussed in detail, above, will hit and perform the disableacc function, automatically.


Enterprise Health Documentation

Last Updated:

Last Build: Mon, 07 Oct 2024 21:17:41 UTC
WikiGDrive Version: 2aacb51f060d0354a678419290943a99bd16aad1