restore deleted user

Hello! I made a REST API call to DELETE a user and the deletion was successful.

1) Is there a way to undelete or restore the deleted user?

2) Are there any time limits before which the deleted user has to be restored?

3) If undelete is not possible, is there a way to transfer the user's data (like leads, opportunities, etc.,) to some other user or an Admin?

I tried making a POST call sending the same details of a deleted user (like id, user_name, first and last_names), but it resulted in an HTTP 500 status. The response payload read something like 'Database failure. Please refer to sugarcrm.log for details.' Is this expected or a bug?

Parents
  • Hello,

    If you have deleted Users using the REST API then you can restore it. Basically when you delete any record using REST API or SugarCRM interface it will not delete record from the database. It just mark deleted flag to true. 

    So, to restore your deleted record go to the users table of CRM database and updated value in the deleted field to '0' for desired user record.

    As SugarCRM do not delete record permanently you can restore it at any time there is no time limit to restore.

    Regarding the error with code 500, please check your php log. there might be some error in execution.

    Hope this will helps you!

    Thanks

  • Hi admin guy,

    I'm not sure wether the standard SugarCRM REST API v10 lets you update the "deleted" field of any record, as I think that when you try to 'GET' the user for instance by ID, the API would through a 404 error or something like this, indicating that the user hasn't been found in the system.

    However, you could create your custom endpoint, receiving as a parameter for instance the username (or the user ID, as desired), and then performing an SQL query in order to look for the given user in the database, and then UPDATE it using again an SQL query.

    Knowing that, you can create your custom endpoint and then perform an SQL query (SELECT) to fetch the user in the database, and then if found perform the UPDATE query in order to bring it back to life... something like:

    UPDATE users SET deleted = 0 WHERE user_name = "jon.doe"

    You also must take into account that if you've got enabled for your instance the Prune Database on 1st Month  scheduler, then your users will be always deleted on 1st of every month and then you won't be able to restore them.

    Hope this helps.

    Regards,

    David.

  • Hi,

    If you have no direct access to the database then a workaround to undeleting any records that have accidentally been deleted either via API or GUI is to simply import those records back in using the standard GUI import tool. This technique relies on knowing the original data (or at least the relevant bits of it) but has always worked for me.

    You need to either use an existing exported CSV or create yourself a new one that has the data. Importantly you need the original "id" value plus any required fields (for Users that is "Last Name", "User Name" and "Status"). When importing select the "Create and Update Existing..." option as you want to update the existing data. You need to add a column in the CSV called "Deleted" and use the value "0" in that column. This will then effectively update the record to change the soft delete flag from 1 to 0 and will undelete the record in the GUI.

    N.B. This technique will (obviously) only work if the record has only been soft deleted. As David Lopez says, if the "Prune Database" type Scheduler jobs have been run and have hard deleted the record from the database then you will not be able to "undelete" the record. You may, however, be able to re-import the record using the original data, including the id, and it should** then link up with any existing related records that still exist (** I haven't tested this though).

    Finally, if you have no database access and do not have the original data to re-import then obtaining a backup of the database (either from your sys admin or from SugarCRM Support for On-Cloud) will provide you with the data you require.

    Thanks,

    JH.

  • Thanks John, but this idea looks as hard as exposing new API endpoints and/or running queries on Database. It's just that our case is different from a usual SugarCRM customer. We only provision users for our customers who own a SugarCRM instance using the REST API, which means we won't have any automated way of doing any of this.

  • OK. In that case then the answer is not to use the DELETE function for User records.

    My best practice advice would always be not to delete users anyway. If you delete then you lose the ability to track previous actions and assignments. You should really be setting users to a Status of "Inactive" instead. This removes that user from the license list (purchased licenses are only used up for Active users) and prevents them logging in but the record still exists and all links are maintained. That way the user can be restored in the future by simply changing the Status back to Active (if there is a spare user license).

    Thanks,

    JH.

    BTW, the payload response you had on doing a re-POST to the same user is because the SQL query is trying to INSERT using an id that already exists as a primary key in the table. The API does not have the ability to do a "UPSERT" from a single call. Bit of a shame when the GET responds that the record doesn't exist!

  • are you sure the user's records still exist after setting their status to Inactive? The User Fields section says below, which kind of provides a hint that their records would be removed or otherwise made irrecoverable.

    When making a user inactive, the admin is prompted to use the Reassign Records function. 

    Yes, as for the 500 error in trying to restore a deleted user, you nailed it. It's a bug SugarCRM folks should look at.

  • Ignore my previous reply. I created a user, logged in that user, created a few projects and leads. Then, logged in as an Admin user, set the status of the other user to Inactive. That user was unable to login (the error message is misleading, though. It says Username/password error, when it could clearly that the login is blocked). Then as the Admin user, set the status of the other user to Active. So logged in back as that user, now I could see the Projects and Leads data fine.

    So this confirms the fact, that when setting a user inactive, though the Admin is prompted to reassign the records to other users, it's not required because when that user is set to active, those records are still in tact. By the way, is there a time limit as to how the long an Inactive user's records are kept before purging happens (if any)?

    Thanks, John! Very helpful.

  • The log in error message is correct for inactive users trying to log in. Password-entry system must never report to a potential cracker that the username they are trying is valid and they only need to get the password correct! Genuine users will know who to contact if they are unable to get in when they think they should.
    As for time limits: the User records that are Inactive are still valid and accessible in the GUI so they will not get purged. They can be kept in that state indefinitely if you wish. Sugar records that get deleted have the "deleted" flag set to true. These records are then not available in the GUI, API or any Sugar logic queries that you run (they can still be accessed via any raw SQL that your code writes though). Purging removes these deleted records completely from the database and this is only done via the Scheduler job(s) which the administrator has control of. If you never run the purge job(s) then the deleted record will remain in the database. This may eventually cause problems in terms of available storage so it is a call you have to make as to how much old data you keep that clogs up your available disk space.
    Thanks,
    JH.

Reply
  • The log in error message is correct for inactive users trying to log in. Password-entry system must never report to a potential cracker that the username they are trying is valid and they only need to get the password correct! Genuine users will know who to contact if they are unable to get in when they think they should.
    As for time limits: the User records that are Inactive are still valid and accessible in the GUI so they will not get purged. They can be kept in that state indefinitely if you wish. Sugar records that get deleted have the "deleted" flag set to true. These records are then not available in the GUI, API or any Sugar logic queries that you run (they can still be accessed via any raw SQL that your code writes though). Purging removes these deleted records completely from the database and this is only done via the Scheduler job(s) which the administrator has control of. If you never run the purge job(s) then the deleted record will remain in the database. This may eventually cause problems in terms of available storage so it is a call you have to make as to how much old data you keep that clogs up your available disk space.
    Thanks,
    JH.

Children
  • Thanks for the insights on the state of the User records when they are set to Inactive versus when they are deleted.

    I do disagree with the error message, though. Setting a user inactive doesn't change the user's login credentials whatsoever. It's just that the said user's license is removed which does not entitle them to use the SugarCRM services. So the right message for the user to be shown would be that their login is "blocked" or "disabled", or even better that their "license is removed".

    Of course, if username and/or password is incorrect and doesn't match with the Database records, it is always better to say "your credentials are incorrect. please retry". But this scenario is orthogonal to the one where the user is set to Inactive.