KBEC-00464 - What Happens When a User is Deleted?

Deleting a user has certain impacts to the objects in the CloudBees CD environment, which we will discuss here. This article tries to check the impact from the object point of view. In other words, we discuss the impact to the objects in the CloudBees CD environment. Please find the object types in Automation Platform intrinsic properties.

Impact to Existing Objects

There’s no impact to existing objects. For example, the owner of the object will still be the user "test" after the user "test" is deleted. This also applies to the "launchedByUser" property and all other properties. In other words, no object will be changed because of the deletion of a user.

Here’s an example of the properties of a job after running ectool getJobDetails "job_1946_20200708183405":

<response requestId="1" nodeId="192.168.101.182">
    <job>
      <jobId>8c0a211d-c106-11ea-aa20-000c29673bd2</jobId>
      <jobName>job_1946_20200708183405</jobName>
      <archived>0</archived>
      <combinedStatus>
        <message>Success</message>
        <status>completed_success</status>
      </combinedStatus>
      <createTime>2020-07-08T10:34:05.155Z</createTime>
      <directoryName>job_1946_20200708183405</directoryName>
      <elapsedTime>928</elapsedTime>
      <environmentWaitTime>0</environmentWaitTime>
      <external>0</external>
      <finish>2020-07-08T10:34:06.083Z</finish>
      <lastModifiedBy>admin</lastModifiedBy>
      <launchedByUser>test</launchedByUser>
      <licenseReshareWaitTime>0</licenseReshareWaitTime>
      <licenseWaitTime>0</licenseWaitTime>
      <liveProcedure>test_proc</liveProcedure>
      <modifyTime>2020-07-08T10:34:06.193Z</modifyTime>
      <outcome>success</outcome>
      <owner>test</owner>
      <priority>normal</priority>
      <procedureName>test_proc</procedureName>
      <projectName>Test_s_prj</projectName>
      <resourceWaitTime>0</resourceWaitTime>
      <start>2020-07-08T10:34:05.155Z</start>
      <status>completed</status>
      <totalWaitTime>0</totalWaitTime>
      <workspaceWaitTime>0</workspaceWaitTime>
      <propertySheet>
        <propertySheetId>8c0a2121-c106-11ea-aa20-000c29673bd2</propertySheetId>
        <createTime>2020-07-08T10:34:05.155Z</createTime>
        <credentialProtected>0</credentialProtected>
        <lastModifiedBy>test</lastModifiedBy>
        <modifyTime>2020-07-08T10:34:05.155Z</modifyTime>
        <owner>test</owner>
        <tracked>0</tracked>
      </propertySheet>
      <jobStep>
        <jobStepId>8c1c22f0-c106-11ea-8714-000c29673bd2</jobStepId>
        <stepName>step1</stepName>
        <allowSkip>0</allowSkip>
        <alwaysRun>0</alwaysRun>
        <assignedResourceName>local</assignedResourceName>
        <broadcast>0</broadcast>
        <combinedStatus>
          <message>Success</message>
          <status>completed_success</status>
        </combinedStatus>
        <command>echo test</command>
        <condition>1</condition>
        <createTime>2020-07-08T10:34:05.248Z</createTime>
        <disableFailure>0</disableFailure>
        <duration>0 seconds</duration>
        <elapsedTime>269</elapsedTime>
        <environmentWaitTime>0</environmentWaitTime>
        <errorHandling>failProcedure</errorHandling>
        <exclusive>0</exclusive>
        <exclusiveMode>none</exclusiveMode>
        <exitCode>0</exitCode>
        <external>0</external>
        <finish>2020-07-08T10:34:05.979Z</finish>
        <hostName>192.168.101.182</hostName>
        <jobId>8c0a211d-c106-11ea-aa20-000c29673bd2</jobId>
        <jobName>job_1946_20200708183405</jobName>
        <lastModifiedBy>project: Test_s_prj</lastModifiedBy>
        <licenseReshareWaitTime>0</licenseReshareWaitTime>
        <licenseWaitTime>0</licenseWaitTime>
        <liveProcedure>test_proc</liveProcedure>
        <liveProcedureStep>step1</liveProcedureStep>
        <logFileName>step1.8c1c22f0-c106-11ea-8714-000c29673bd2.log</logFileName>
        <modifyTime>2020-07-08T10:34:06.083Z</modifyTime>
        <outcome>success</outcome>
        <owner>project: Test_s_prj</owner>
        <parallel>0</parallel>
        <postExitCode>0</postExitCode>
        <postProcessor />
        <precondition />
        <procedureName>test_proc</procedureName>
        <projectName>Test_s_prj</projectName>
        <releaseExclusive>0</releaseExclusive>
        <releaseMode>none</releaseMode>
        <resourceWaitTime>0</resourceWaitTime>
        <retries>0</retries>
        <runTime>10</runTime>
        <runnable>2020-07-08T10:34:05.248Z</runnable>
        <start>2020-07-08T10:34:05.710Z</start>
        <status>completed</status>
        <stepIndex>0</stepIndex>
        <timeLimit />
        <totalWaitTime>0</totalWaitTime>
        <waitTime>462</waitTime>
        <workingDirectory />
        <workspaceName>default</workspaceName>
        <workspaceWaitTime>0</workspaceWaitTime>
      </jobStep>
      <workspace>
        <workspaceId>ed318811-9669-11ea-bd3f-000c29673bd2</workspaceId>
        <workspaceName>default</workspaceName>
        <createTime>2020-05-15T05:07:08.302Z</createTime>
        <description>Local workspace created during installation.</description>
        <lastModifiedBy>admin</lastModifiedBy>
        <local>0</local>
        <modifyTime>2020-05-15T05:07:08.302Z</modifyTime>
        <owner>admin</owner>
        <propertySheetId>ed31d633-9669-11ea-bd3f-000c29673bd2</propertySheetId>
        <unix>/opt/electriccloud/electriccommander/workspace/job_1946_20200708183405</unix>
        <winDrive />
        <winUNC />
        <workspaceDisabled>0</workspaceDisabled>
        <zoneName>default</zoneName>
      </workspace>
    </job>
  </response>▼

Objects Created by the Deleted User Are Not Affected

All objects created by the deleted user (Procedure, Schedule, EmailConfiguration, etc.) continue to work as if the user has not been deleted.

What Will Continue to Work?

As mentioned above, objects created by the deleted user continue to work. This means:

We can run a procedure created by the deleted user
Schedules created by the deleted user continue to run new jobs
A job uses credential/emailconfiguration created by the deleted user should continue to work (as if the user is not deleted).
Similar result should result on pipeline and other objects

What is Changed?

When the Deleted User is an Approver of a Manul Task

The user will automatically be deleted from the approvers of the manual task when the user is deleted. This applies to the tasks (in stages and gates) in pipeline and tasks in pipeline runtimes. Also, when the user is recreated, it will not be added back to those tasks.

The Result of "getUsers" and "getUser" API Calls

The result of "getUsers" API call will not have any information about the deleted user.

The "getUser" API call that tries to get the data of the deteted user will result in failure.

Notes

ACL

When a user is deleted, the ACL entries related to the user is not deleted. In other words, once the user is recreated with the same username, all the existing ACL data related to that username applies to the user. For example, a user "test" is able to create a project if the previous user "test" was granted modify privilege on the system "projects" object.

Impersonation

Impersonation actually is not related to CloudBees CD user except the credential (which contains the username/password information of a user on the agent machine) may be created by the deleted user. As mentioned above, the credential continues to work.

Impact from deleting the user in other systems

It’s a common case that a person’s accounts are deleted from various systems after s/he leaves a company. The deletion of the person’s accounts in other systems may impact the CloudBees CD system. Here are some examples:

a credential becomes invalid as the username/password is no longer valid after the person’s account is deleted from the agent machine (or LDAP)
an email configuration become invalid as the username/password is no longer valid after the person’s email account is deleted from the mail system

So it’s a good idea to go through credentials and email configurations to make necessary deletion/update. The Clodubees CD APIs are helpful to filter the interested objects.