4.21. Organisation Administrator - Delete organisation users

Preconditions

1. The User must be authenticated and have the Organisation Administrator role.
2. The user to be deleted must exist on the platform and belong to the Organisation Administrator’s organisation
   

Postconditions

1. The user is marked as “inactive”.
2. The user is disabled and can no longer login or use the system in any way.
3. After a period of X days (configurable by the Application Administrator), all personal data of that user is deleted (name, lastname, email) and replaced by generic data.
4. IMPORTANT: No data entries linked to the vertical cabling datasets that are linked to that user are deleted! The organisation information, to which that user was linked is kept.
   

Main flow

1. The Organisation Administrator retrieves a list of existing users that belong to his organisation with their details and roles (GET).
2. The Organisation Administrator uses an API to modify the existing user and the flag “active=false” (PUT/PATCH).
3. The system validates the input data.
4. The system saves the changes and updates the user list.
5. After the pre-defined period the system deletes all personal data linked to the inactive user.
   

Exceptions

[400 Bad Request] Invalid input:

If mandatory fields are missing or invalid, the system returns an error message.

[403 Forbidden] User cannot delete himself

If the Organisation Administrator attempts to delete his own user, an error will be returned.

[404 Not found] User not found

If the Organisation Administrator attempts to modify a user that does not exist or does not belong to his organisation, the system returns an error and prevents the action.

[500 Internal Server Error] System Error

If the system fails to save changes due to an internal error, it displays an appropriate message and logs the error for further investigation.