Dear Ferran: On Tue, 20 Dec 2016, Ferran Jorba wrote: > is there any established tool or procedure to delete expired users > from the database, cleaning up all tables with information about those > users? > > For expired users I mean users that haven't logged into our Invenio > site(s) for some time. This time, obviously, should be parametrised. > > We are on 1.1.6.
There is no such facility integrated in Invenio. The closest is the Invenio garbage collector that optionally removes the old guest users and the never-activated accounts. You can have a look at: https://github.com/inveniosoftware/invenio/blob/maint-1.1/modules/websession/lib/inveniogc.py for inspiration, and borrow some code from there, if you really want to remove some of your regular users in this fashion. For example, the `user` table contains `last_login` information, so you can easily detect which users haven't logged into your system since say a year: $ echo "SELECT email FROM user WHERE last_login<'2016-01-01'" | \ /opt/invenio/bin/dbexec A word of warning though. A user could have logged in say 16 months ago, set up an automated notification alert for the subject topic of his/her interest, and never come back afterwards. Can such a user be considered active or inactive, since he/she might still be reading the notification alert emails daily? (This use case is similar to how researchers follow arXiv.org subject notifications without possibly never logging there.) Obviously, this may not apply to your use case. Another complication may be shared baskets that the original user may have set up for colleagues. After he/she has left, he/she remains the (now inactive) owner, but the colleagues may have rights to feed the shared basket and so still actively use it. Just some use cases to think about, related notably to alerts and baskets. (Another use case would be submission updates, which only admins would be able to do after removing the original user.) It may be easier to keep the user accounts as is and simply flip the activated/inactivated switch, see the `note` column of the `user` table. If you set CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS to 1, this would prevent old users from being able to re-activate their accounts by themselves. Best regards -- Tibor Simko
