Page 1 of 1

Former employee user account security question

Posted: Thu Dec 15, 2011 1:25 pm
by dhinged
I have a dispute here at work on how to handle former employee's user accounts. The former employees had access to the entire site, including admin. My co-worker thinks it is adequate to simply change the user type to normal 'user', so that they only lose access to admin. They can still make purchases (even with a stored corporate card) even though they don't have access to their company email. I want to fully disable the account (set it inactive), which prevents them from even logging in.

So even though this isn't really a PHP question (we use PHP in the app so it might apply), what is the better way to go?

Re: Former employee user account security question

Posted: Fri Dec 16, 2011 4:42 am
by Weirdan
Changing account type seems fair to me.

Re: Former employee user account security question

Posted: Sat Dec 17, 2011 3:24 am
by social_experiment
Yes it's a good idea to suspend the account; you don't mention the circumstance under which the ex-employee left so their might be some resentment from their side and if they still have access to the account, what's to stop them from distributing their login information to other (and potentially more malicious) users.