Former employee user account security question
Posted: Thu Dec 15, 2011 1:25 pm
I have a dispute here at work on how to handle former employee's user accounts. The former employees had access to the entire site, including admin. My co-worker thinks it is adequate to simply change the user type to normal 'user', so that they only lose access to admin. They can still make purchases (even with a stored corporate card) even though they don't have access to their company email. I want to fully disable the account (set it inactive), which prevents them from even logging in.
So even though this isn't really a PHP question (we use PHP in the app so it might apply), what is the better way to go?
So even though this isn't really a PHP question (we use PHP in the app so it might apply), what is the better way to go?