Remove User Access | OpsBlu Docs

Remove User Access

Remove user access in Umami — revoke permissions, deactivate accounts, and maintain security audit trails.

Use this procedure to delete user accounts when team members leave, contracts end, or access is no longer needed. Umami permanently removes accounts and all associated data.

Prerequisites

  • You have Admin role permissions (only Admins can delete users)
  • You've exported any audit documentation referencing this user
  • You've documented the business reason for deletion
  • You've verified no critical integrations depend on this account (especially for service accounts)

Step-by-Step: Delete User Account

1. Access User Management

  1. Log into Umami as Admin
  2. Navigate to SettingsUsers
  3. Locate the user to delete in the users list

2. Export Audit Trail (Critical First Step)

Before deleting:

  1. Take screenshot showing user's username, role, and website access
  2. Note username, role (Admin/User), and websites accessed
  3. Record deletion date and business justification
  4. Store in your IAM documentation

Important: Umami permanently deletes the account. You cannot retrieve this information after deletion.

3. Delete the User

  1. Find user in the list
  2. Click Delete, Remove, or trash icon
  3. Confirm deletion when prompted
  4. Account is immediately and permanently removed

4. Verify Deletion

  1. Confirm user no longer appears in users list
  2. Verify websites and data remain intact (only user account is deleted, not analytics data)
  3. If possible, verify user cannot log in

After Deletion: Additional Steps

Check for related access:

  • For service accounts, verify any scripts or integrations using these credentials are updated
  • Review any documentation referencing the deleted user
  • Update team contact lists

Rotate credentials if needed:

  • If deleted account was compromised or belonged to departed contractor, consider rotating passwords for other accounts as precaution
  • For shared service accounts, rotate credentials when team members with knowledge leave

Common Deletion Scenarios

Employee Offboarding

  1. Coordinate with HR offboarding timeline
  2. Export audit trail showing account details
  3. Document any analytics configurations or reports they created
  4. Delete account on last day of employment
  5. Update team documentation

Contractor Engagement Ends

  1. Verify contract end date or project completion
  2. Export any reports or analysis the contractor created for handoff
  3. Document which websites they accessed
  4. Delete account on contract end date
  5. Update contractor records

Client Relationship Concludes

  1. Confirm with stakeholders that client access should be revoked
  2. Export final reports for client if needed
  3. Document client details and access period
  4. Delete client's User account
  5. Update client engagement records

Service Account Retirement

  1. Identify all systems/scripts using this account
  2. Create replacement account with new credentials if automation continues
  3. Update all integrations to use new account
  4. Verify old account is no longer in use
  5. Delete old service account
  6. Document account replacement in integration documentation

Accidental Account Creation

  1. If account was created by mistake and never used, delete immediately
  2. Document the error and correction
  3. Verify username is now available for future use

Troubleshooting Deletion Issues

Cannot Delete User

Symptoms: Delete button disabled or deletion fails.

Solutions:

  1. Verify you're logged in as Admin (Users cannot delete accounts)
  2. Cannot delete your own account while logged in - use different Admin account
  3. Check for database errors in Umami server logs
  4. Restart Umami service if deletion appears stuck

Need to Restore Deleted User

Symptoms: Account deleted accidentally and needs restoration.

Solutions:

  1. Umami doesn't have "undo" for deletions
  2. Recreate account using Add User procedure
  3. Reconfigure role and website access to match deleted account (use your audit documentation)
  4. Share new credentials with user
  5. Consider implementing peer review process for deletions

Service Integration Breaks After Deletion

Symptoms: Automated reporting or API integration stops working after deleting service account.

Solutions:

  1. Identify which systems were using the deleted account credentials
  2. Create new service account with appropriate access
  3. Update integrations with new credentials
  4. Test integrations to verify functionality
  5. For future prevention, maintain documentation of which systems use which service accounts

Security Best Practices

Timely deletion:

  • Delete accounts on employee's last day or contract end date
  • For compromised accounts, delete immediately
  • Set calendar reminders for contractor accounts tied to engagement end dates

Comprehensive offboarding:

  • Include Umami in broader offboarding checklists
  • Coordinate with HR and IT to ensure all access points covered
  • Verify deletion before closing offboarding tickets

Audit trail:

  • Always export evidence before deleting
  • Document who requested deletion and why
  • Maintain deletion records for compliance retention period

Regular reviews:

  • Quarterly review of all accounts
  • Identify and remove stale accounts from departed contractors
  • Challenge accounts that haven't logged in recently

Alternative: Disable Instead of Delete

Consider whether disabling (if Umami supports it) or downgrading is more appropriate than permanent deletion:

When to consider alternatives:

  • User may need occasional access in future
  • Account provides historical context for audit purposes
  • Complete deletion would complicate compliance documentation

Options if keeping account:

  • Change password to unknown value to prevent login
  • Downgrade Admin to User role
  • Remove all website access for User accounts
  • Document that account is "disabled" in your records

Note: Umami may not support account disabling natively. If full deletion is required, ensure thorough documentation before proceeding.

Compliance Documentation

For each account deletion, document:

  • Deletion date and time
  • Username deleted
  • Role (Admin or User)
  • Websites previously accessed (for User accounts)
  • Business justification (offboarding, contract end, etc.)
  • Requestor (who requested the deletion)
  • Approver (Admin who performed deletion)
  • Verification (confirmation deletion successful)

Maintain deletion records for compliance retention period (typically 7 years for regulated industries). Since Umami provides limited audit logging, external documentation is critical for compliance.

返回顶部