 |
| Only authorized persons have access |
On Friday, the IBM Cloud blog published the article "Cloud Offboarding: How to remove a user and maintain security". It looks into the steps to remove a user, things to note and how to follow up.
Considerations
The article mentions few things to keep in mind when a user is removed from an IBM Cloud account:- After a user is removed from an account, the user no longer can log into the account, switch to the account (when being logged in to another account), or access the account resources. All related access privileges are removed as part of the removal processing.
- The IBM Cloud IAM access management follows the model of eventually consistent. It means that changes are process asynchronously. Therefore, the full impact of the removal processing is not directly visible and only will be after it has been propagated throughout the system. The user in question may be logged in and some partial access might still be possible until access tokens have expired.
- Resources which the user created remain in the account. Thus, provisioned services, deployed apps, or instantiated VMs continue to work.
- Removing a user from an account does not remove the user's associated IBMid. The IBMid is tied to the email address. If the user is leaving the company and it is an enterprise email address, the associated IBMid should be deleted.
Read the offboarding blog post for details on how to remove the user and how to follow up. If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.