The present invention relates generally to computer security, and more specifically, to providing staged user identifier deletion.
Secure computer systems typically employ user identifiers (IDs) to control user access to resources. Given a large organization running security systems with many thousands of users, sometimes mistakes are made where a user ID is deleted which should not have been deleted. This can be especially serious when deleted user IDs are associated with system tasks that run automatically. Over time, administrators may not remember which user IDs are associated with these tasks. If a user ID associated with a task is deleted, the task may no longer work, resulting in an error condition. It can take time to understand why the task has failed, and then even more time to re-establish the user ID for the task.
The deletion of the user ID can have side effects on other information associated with the deleted user ID. Digital certificates and encryption keys are examples of information that can be associated with particular user IDs. If the deleted user ID cannot be restored from backup data, the results can be devastating and possibly unrecoverable. If the backup data contains other deleted user IDs, there is also a risk of restoring deleted user IDs that should still be deleted, making the restoration process more cumbersome.