What assets can be transferred from a removed user and how?
Removing a user from Atlan and transferring ownership of their assets may entail one of the following actions or a combination thereof:
- Remove the user from a list of owners.
- Delete the associated asset.
- Transfer ownership of assets to a new user.
| Category | Condition | Action |
|---|---|---|
| Persona | User is present | Remove user from the persona |
| Purpose | User is present | Remove user from the purpose |
| Owner metadata | Sole owner | Transfer ownership to transferee |
| Multiple owners | Remove user from owner metadata attribute | |
| Connection admin | Sole connection admin | Transfer role to transferee |
| Multiple connection admins | Remove user from list of connection admins | |
| Query collection owner | If query collection is private | Delete query collection along with its folders and queries |
| If query collection is shared and user has view permissions | Remove user from query collection | |
| If query collection is shared and user is sole owner | Transfer query collection to transferee | |
| If query collection is shared and has multiple owners | Remove user from list of owners | |
| Query owner | If parent collection of the query is to be deleted | Delete the query |
| If parent collection of the query is not to be deleted and user is sole owner | Transfer ownership to transferee | |
| If parent collection of the query is not to be deleted and query has multiple owners | Remove user from owner metadata of the query | |
| Starred assets | User is present in the starredBy attribute of an asset |
Remove user from starredBy attribute |
| API tokens | User has created API tokens | Delete all API tokens created by user |
| SCIM tokens | User has created SCIM tokens | Delete all SCIM tokens created by user |
| User-level integrations | User has created an integration with Jira, Slack, Teams, or more | Delete all user-level integrations |
| Requests | User has submitted requests | Delete all requests from user |
| Playbooks | One-time playbooks | No action |
| Scheduled playbooks | If user is the creator of the playbook and playbook schedule, transfer playbook and schedule to transferee | |
| Workflows | One-time workflows | No action |
| Scheduled workflows | If user is the creator of the workflow and workflow schedule, transfer workflow and cron to transferee | |
| Scheduled queries | If results are shared with other users | Remove user from the list of query result recipients, transfer the workflow, cron, and parent collection to transferee, and remove deleted user from owner metadata in queries |
| If results are not shared with other users | Delete the workflow |
Can I remove users if SSO or SCIM is enforced?
Yes, you can remove users irrespective of whether you're using basic authentication, SSO, or SCIM provisioning in Atlan.
Will the activity log include metadata updates made by a removed user?
The activity log will retain historical information on any metadata updates made by a removed user, logged under their username. This is crucial to maintain data integrity for auditing purposes.
Is it possible to reactivate a removed user?
No, it is not possible to reactivate a removed user. Since the user will be hard-deleted from Atlan, there will be no trace of the user in the identity system. Atlan maintains historical records of removed users for auditing purposes only. Whether you're using basic authentication, SSO, or SCIM provisioning, any returning user with the same username will be treated as a new user in Atlan.