Details about this thread
  • State Verified Answer
  • Replies 12 replies
  • Subscribers 294 subscribers
  • Views 3128 views
  • Users 0 members are here
Related content from around SugarClub

restore deleted user

admin guy

Hello! I made a REST API call to DELETE a user and the deletion was successful.

1) Is there a way to undelete or restore the deleted user?

2) Are there any time limits before which the deleted user has to be restored?

3) If undelete is not possible, is there a way to transfer the user's data (like leads, opportunities, etc.,) to some other user or an Admin?

I tried making a POST call sending the same details of a deleted user (like id, user_name, first and last_names), but it resulted in an HTTP 500 status. The response payload read something like 'Database failure. Please refer to sugarcrm.log for details.' Is this expected or a bug?

  • 0 in reply to admin guy

    The log in error message is correct for inactive users trying to log in. Password-entry system must never report to a potential cracker that the username they are trying is valid and they only need to get the password correct! Genuine users will know who to contact if they are unable to get in when they think they should.
    As for time limits: the User records that are Inactive are still valid and accessible in the GUI so they will not get purged. They can be kept in that state indefinitely if you wish. Sugar records that get deleted have the "deleted" flag set to true. These records are then not available in the GUI, API or any Sugar logic queries that you run (they can still be accessed via any raw SQL that your code writes though). Purging removes these deleted records completely from the database and this is only done via the Scheduler job(s) which the administrator has control of. If you never run the purge job(s) then the deleted record will remain in the database. This may eventually cause problems in terms of available storage so it is a call you have to make as to how much old data you keep that clogs up your available disk space.
    Thanks,
    JH.

  • 0 in reply to John Hawkins

    Thanks for the insights on the state of the User records when they are set to Inactive versus when they are deleted.

    I do disagree with the error message, though. Setting a user inactive doesn't change the user's login credentials whatsoever. It's just that the said user's license is removed which does not entitle them to use the SugarCRM services. So the right message for the user to be shown would be that their login is "blocked" or "disabled", or even better that their "license is removed".

    Of course, if username and/or password is incorrect and doesn't match with the Database records, it is always better to say "your credentials are incorrect. please retry". But this scenario is orthogonal to the one where the user is set to Inactive.