I'll suggest whenever a you want to delete the User do it in this fashion:
1. If you have installed ITSM delete the user from People form (Application Administration Console>Custom Configuration Tab>Foundation>People) by setting the status as "Delete".
Make it as Non-Support Staff. And remove all the Permissions from the Application Permission Area (Login/Acces DetailsTab). And grant him Read License.
Otherwise from the User form (AR System Administration Console).
2. There is a significant differnces between all the Status values:
Proposed: After Creation and Before enbaling the user an approval is required, during this User would be in Proposed Status.
Enabled: Once the User gets approved it would be set as Enabled.
Offline: If for certain duration User is unavailable then we set it as Offline
Obsolete: Status value between Offline and Delete.
Delete: If the User record is no longer required then set it as Delete.
3. If we change the User as Disabled they will still able to Login with system and they can create the request. Because this conditions are not specified in anywhere in the workflows.
Administering users could be an awful work and, as you says, every day you are receiving emails for deleting some of them, maybe also changing their organizational information, their support groups information, etc.
This can take you a nice amount of your daily time.
Maybe in your Company users information (Organizational Structure information) is managed via LDAP.
If so, you would have a large amount of work done in Remedy ITSM 7, developing an integration between Remedy ITSM and LDAP.
Developing some forms and workflow, you would be able to automatically populate these kind of information in their respective forms in ITSM7.
Also, any change on a user's organizational information, could be reflected in ITSM7.
With such an integration, you could also mantain the organizational information itself (I mean, for example, when a new Company/Organization/Site is created in LDAP, this integration could create this information in ITSM7).
You could also mantain specific Support Group information for users that are technicians (Support Group(s) the user belongs to, Notification language based on the Company he belongs, License Type,...)
On the other hand, it must be said, that the workflow to achieve this is not trivial. You'd have to take into consideration many factors and how deep you want to integrate, for example, in your case, when a user doesn't exists any more in LDAP, you'd have to delete his information in many forms...
And more complicated things:
- when a Company changes its name in LDAP, you'd have to propagate to all the users that belong to the old Company name, the new one
(the same for a Site or Organization)
- and... what if you have CI's on a CMDB, and a change in some organizational information in LDAP happens? Again, you'd have to propagate these change to all CI's also.
As you can see, there are many benefits integrating with LDAP and maybe, in a future, you could take into consideration this information.
Björn, do you have such a LDAP integration, you described, running in your environment?
In the ITSM7's latest patch, there is wonderfull improvement available: A Data Management Console has functionality for changing user's loginID, updating organization changes and so far. You do not need anymore to worry about where to update changed information.
I recently planned an "automated foundation data updating solution" which will be developed during a first qtr of 2009.
Hi Purkka (matti),
One of our customers has a "cutted" version of this integration running.
All user change or organization structure information change is automatically refreshed in ITSM7.
But, as far as now, CI's are not integrated.
The customer's environment info is:
Windows Server 2003 Enterprise Edition con SP1
SQL Server 2005 Enterprise Edition
ARS 7.00.01 (patch 004)
CMDB 2.0.1 (patch 003)
CI Viewer 7.0.1 (patch 005)
Incident Management 7.0.02 (patch 005)
IM+TMS AddOn 9002
Problem Management 7.0.02 (patch 005)
Mid-Tier (IIS6+New Atlanta+SDK1.4.2) (patch 004)
Clients (Admin & User) (patch 004)
Email Engine (patch 004)
In my case, all users maintenance is done via LDAP and replied to ITSM.
Remedy Administrator's need only to take care of specific people's information (Support Groups they belong, License Types, Notification Language,...).
Regarding to this Data Management Console you exposed, it would be nice to see how it works!
Yes we have also faced the same issue then we have adopt the steps which I have written earlier.
But If you are still facing the performance issue you might have to increase the server's hardware configuration.
Or apply the latest patch available for Incident Management. But I'm not sure it will work.
Yes, we have also had "bad moments".
I've forgot to say that the aforementioned Customer runs its Production Server on a VMWare.
ARS+BBDD+MidTier all running on same machine.
Users experienced delays the most of the times when opening Overview Console or Incident Management Console.
Also when clicking on New Incident or Search Incident (from within Incident Management Console).
We could solve the problem increasing the number of CPUs assigned to the VMWare.
Now its running with 2 CPUs and 4 GB RAM.