Skip to Content
author's profile photo Former Member
Former Member

Simple Terminated Employee Group question.


Can you please tell me how you woudl handle the following:

1.When the employee is terminated

2.When the employee goes on a long vacation

3.When an employee Resigns

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

4 Answers

  • Posted on Nov 26, 2007 at 03:37 PM

    There are a few posts covering the termination/leavers process so I suggest you have a browse/use the search for points 1 & 3.

    For point 2 it's a bit more subjective. Most places I have been to usually treat the ID like any other i.e. leave it until it has remained unused for x days. When that happens then following the leavers process and locking ID/removing roles/setting expiry date etc.

    You could easily lock the ID and set to a user group like HOLIDAY if you so wished if you have a large number of these users.

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi George,

      90 days is typical for the majority of places I have worked at/audited.

      Some have 60 and from memory, some have a 45 days policies. I don't think you will be surprised that special considerations usually only apply to very senior management who like the ability to log on every now and then!

      Personally I find that 60 days is a reasonable compromise covering typical ranges of users e.g. functional, reporting, T&E, occasional purchasing via SRM for example. If you make the period too short then you get to a situation where you create extra admin overhead & inconvenience the users for a negligible reduction in risk. If you can automate parts of the process then it makes it easier i.e. set up a job that automatically locks users after x days & sends an email to their manager to say that the user has been locked due to inactivity & can they confirm that the user is still required etc. If no response after a certain period then the user will enter into the termination process. There are lots of ways of doing it, the important thing is that you have a consistent, manageable & auditable process that is supported by (the easiest bit) a sound technical solution.

      I'm sure Julius & others will be along soon to give some other good advice!

  • author's profile photo Former Member
    Former Member
    Posted on Nov 26, 2007 at 04:26 PM


    I tried searching in the forum, but cannot be identified.

    If I create a group say "termainted" what are the autorizations or profile do I create ? Just with no autorization ?

    Also the user will already have few or many other authorizations which will still need to be used.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 03, 2007 at 10:18 AM

    The good practice for the terminated or resigned user is :

    1. Never delete the user id from the system.

    2. lock the user.

    3. Assign the user group to the EXPIRED [ as created for the resigned ].

    4. set the validity date of the user to the previous days/ the day the user is locked.

    <b>Deletion of user id</b> depends upon the company policies & procedures set. And the policy mostly does not recommend to delete any user id.

    The good practice for user on Leave :

    1. Lock the user id.

    2. change the user group to 'XYZ' as subjected to the employee on vacation.

    3. change the validity of the roles to the date the user started his vacation.

    Once the user is back with his request for the access, renew all the accesses.

    This way, one can maintain the user information to improve the performance and to maintain the consistancy and integration required for the system.

    This results in the best way of practice during the Audit also.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 03, 2007 at 10:40 AM

    Once you try with the solution, giving the points to the particular id is the best practice to establish a good practice.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.