Terminating a user account in Raiser's Edge Security

When a staff person who has been using The Raiser’s Edge at your organization leaves, do not begin by deleting her user account in Security.  Instead:

a. Run an Action Detail Report to identify all incomplete actions for the user.  Do this before deleting the user as, otherwise, the user's name is not available to be selected from the report criteria.  Reassign, mark as complete, or delete as appropriate.  Check each of the following fields for the user’s activity:

i. Action solicitor

ii. Action user

iii. Action added by

b. Identify all open solicitor assignments for the user/constituent and re-assign them.

c. Deactivate the user as a solicitor.  When you do so, RE will prompt you to add a date as the Date To for the person’s open solicitor assignments.

d. Update Business and Constituent Code information in the user's constituent record to reflect that she is now a former employee.  Update other fields as appropriate for the person as well.

e. Rename the user to First Name Last Name Title (as much as will fit) and save.  This makes the name more meaningful for other users when they see it long after this user has left the organization.

f. Do not delete the user account if this user has User Options, a Home Page and a Dashboard page that would be difficult to re-create and are worth saving for the next user in the departing user’s position.  Save the user account until the new user begins so you can use the option in Plug-Ins to copy the old user’s settings, but change the password on the account so it cannot be used inappropriately.

If you don’t have this situation, you now have two options to consider for the user account:

i. Delete the user from Security.  The user’s name and work will remain in the database after the user name has been deleted.  Leaving the user name in the database presents a small security risk of access through that account.  Deleting users removes none of the work the person has done, such as queries and reports, and does not remove the person’s name from Properties, such as Added by and Last Changed by in constituent and gift records.  The only downside to deleting a user is that it is no longer possible to write a query with criteria of ‘Added by’ and select that user’s name.  In my experience, that has not been a problem.

ii. Move the user to a security group with no rights.  Due to the inability to query on deleted users’ names, some database administrators prefer to leave the user name in the system.  If you take this approach, it is recommended you 1) change the user’s password so the account cannot be accessed (remember the password long enough to change it, but afterwards it is no longer needed), and 2) have a security group called “Inactive” with no rights and assign the user to that group only (remove the user from whatever group(s) the account was in previously).  Some administrators add an “x” to the beginning of the user name to sort the user name to the bottom of the list of users.

For more information on deleting users, see Knowledgebase solution BB55385.

g. Remove the person as an authorized user of the Blackbaud website for your organization.

h. Review all queries, reports, mailings, and exports the user created and used only under her name to re-assign them as necessary.  This may involve re-saving the parameters using Save As if the user set up security on the parameters to allow only herself access to them or just changing the Execute and Modify options to allow other users access.

Bill Connors:

 

For more information on deleting users, see Knowledgebase solution BB55385.

 

Christine Cooke:

I would never delete a former user -- you lose the audit trail for changes/additions that were made to records --  I remove all of the rights for that user and put a "z." in front of their name so that it pushes them to the bottom.