Skip to content

Implement user auto-deletion for inactive accounts with configurable retention (default 2+ years)#413

Merged
Zakaria-Kofiro merged 17 commits intomasterfrom
zkofiro/SRE-35508
Aug 18, 2025
Merged

Implement user auto-deletion for inactive accounts with configurable retention (default 2+ years)#413
Zakaria-Kofiro merged 17 commits intomasterfrom
zkofiro/SRE-35508

Conversation

@Zakaria-Kofiro
Copy link
Collaborator

@Zakaria-Kofiro Zakaria-Kofiro commented Jul 18, 2025
edited
Loading

Summary

Implements an automated user deletion system that anonymizes users who haven't logged in within a configurable retention period (default: 2 years). This replaces the previously planned UserService endpoints with a more automated approach to manage inactive users and maintain database hygiene.

Changes

🗄️ Database & Model

  • Added last_login_ts column to user table with index for efficient queries
  • Updated User entity with lastLoginTs field (using java.time.Instant)
  • Modified user anonymization to set last_login_ts to epoch time, preventing re-deletion

🔐 Authentication & Login Tracking

  • Updated all authentication paths to record login timestamps:
    • UI login (TankIdentityStore)
    • SSO authentication (TankIdentityStore.validateSSOUser)
    • API token usage (AdminTokenService, RestSecurityFilter)
  • Added UI display of last login time in admin user edit page

🤖 Auto-Deletion Service

  • New UserAutoDeletionService that runs on server startup
  • Configurable via settings.xml:
    • user-auto-deletion-enabled: Enable/disable feature (default: false)
    • user-auto-deletion-retention-days: Days of inactivity before deletion (default: 730)
    • user-auto-deletion-permitted-users: Comma-separated list of protected users
  • Protection mechanisms:
    • Admin user (admin)
    • Users in admin groups
    • Configurable permitted users list
    • Already anonymized users
  • Handles both inactive users and users who never logged in (based on creation date)

🛡️ Safety Features

  • Batch processing to avoid system overload (max 50 users per batch)
  • Detailed logging showing protection reasons
  • No hard deletion - users are anonymized to maintain referential integrity

Configuration Example

<settings>
  <user-auto-deletion-enabled>true</user-auto-deletion-enabled>
  <user-auto-deletion-retention-days>730</user-auto-deletion-retention-days>
  <user-auto-deletion-permitted-users>service_account,legacy_user</user-auto-deletion-permitted-users>
</settings>

zkofiro and others added 10 commits July 11, 2025 19:11
@Zakaria-Kofiro Zakaria-Kofiro changed the title Add Users endpoint to Tank API with User Data Export and User Delete functionalities Implement user auto-deletion for inactive accounts with configurable retention (default 2+ years) Aug 11, 2025
kevin-mcgoldrick
kevin-mcgoldrick reviewed Aug 12, 2025
View reviewed changes
data_model/src/main/java/com/intuit/tank/project/User.java Outdated
Comment on lines +53 to +54
@Index(name = "IDX_USER_TOKEN", columnList = "token"),
@Index(name = "IDX_USER_LAST_LOGIN", columnList = "last_login_ts")})
Copy link
Collaborator

@kevin-mcgoldrick kevin-mcgoldrick Aug 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do you need these indexes?

Copy link
Collaborator Author

@Zakaria-Kofiro Zakaria-Kofiro Aug 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point - the only useful ones are IDX_USER_NAME and IDX_USER_LAST_LOGIN which are used by findByUserName() for authentication and user lookups (helps login performance) and auto-deletion queries for batch deletions, got rid of the rest

kevin-mcgoldrick
kevin-mcgoldrick reviewed Aug 12, 2025
View reviewed changes
kevin-mcgoldrick
kevin-mcgoldrick approved these changes Aug 18, 2025
View reviewed changes
Copy link
Collaborator

@kevin-mcgoldrick kevin-mcgoldrick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great Job!

@Zakaria-Kofiro Zakaria-Kofiro merged commit e2932da into master Aug 18, 2025
3 checks passed
@Zakaria-Kofiro Zakaria-Kofiro deleted the zkofiro/SRE-35508 branch August 18, 2025 21:56
kevin-mcgoldrick added a commit that referenced this pull request Aug 20, 2025
@kevin-mcgoldrick
Merge branch 'master' into chartjs
4306686 
* master:
  Implement user auto-deletion follow up PR: Update TankConfig to account for XMLConfig changes (#417)
  Implement user auto-deletion for inactive accounts with configurable retention (default 2+ years) (#413)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kevin-mcgoldrick kevin-mcgoldrick kevin-mcgoldrick approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Zakaria-Kofiro @kevin-mcgoldrick