When a user leaves the company, you might want to retain their account profile to ensure all of the files they created on your organization’s UNIX and Linux computers have an owner. You can use the predefined listed role to retain an account profile with no access privileges.
To create the group and assign the role
- Create an Active Directory group in the UNIX Groups organizational unit called Listed. In the description enter, Terminated users.
- In Access Manager, expand Zones and find the zone where the account profile is required.
- Expand Authorization and Role Assignments, then select Assign Role.
- Select the listed role, click Add AD Account, search for and select the select the Listed Active Directory group, then click OK.
To terminate a user
- Remove the user account from all of the UNIX Groups that have access rights.
- Verify that the user has no role assignments and no effective rights in any zone.
- Add the user account to the Listed group.
If the user rejoins the company, you simply delete the user from the Listed group and add the user to groups, as needed.