# 4.21. Organisation Administrator - Delete organisation users

<table border="1" id="bkmrk-id-4.1.-description-" style="border-collapse: collapse; width: 100%; height: 268px;"><colgroup><col style="width: 50%;"></col><col style="width: 50%;"></col></colgroup><tbody><tr style="height: 29px;"><td style="height: 29px;">**Id**</td><td style="height: 29px;">4.21.</td></tr><tr style="height: 94px;"><td style="height: 94px;">**Description**</td><td style="height: 94px;">As an **<span class="notion-enable-hover" data-token-index="1">Organisation Administrator</span>**,   
  
I want to be able to mark users of my organisation for deletion,   
  
So that I can ensure that users that do no longer require access to the System have their access revoked.</td></tr><tr style="height: 29px;"><td style="height: 29px;">**Priority**</td><td style="height: 29px;"><span style="color: rgb(230, 126, 35);">**Medium**</span></td></tr><tr style="height: 29px;"><td style="height: 29px;">**Actors**</td><td style="height: 29px;">Organisation Administrator</td></tr><tr style="height: 29px;"><td style="height: 29px;">**API Calls**</td><td style="height: 29px;">**PUT** /admin/api-users/&lt;user-id&gt;  
**PATCH** /admin/api-users/&lt;user-id&gt;

**DELETE** /admin/api-users/&lt;user-id&gt;

</td></tr><tr style="height: 29px;"><td style="height: 29px;">**Linked Processes**</td><td style="height: 29px;">  
</td></tr><tr style="height: 29px;"><td style="height: 29px;">**Status**</td><td style="height: 29px;">**<span style="color: rgb(22, 145, 121);">Implemented</span>**</td></tr></tbody></table>

### Preconditions

1. The User must be authenticated and have the **Organisation Administrator** role.
2. The user to be deleted must exist on the platform and belong to the Organisation Administrator’s organisation

### Postconditions

1. The user is marked as “inactive”.
2. The user is disabled and can no longer login or use the system in any way.
3. After a period of X days (configurable by the **Application Administrator**), all personal data of that user is deleted (name, lastname, email) and replaced by generic data.
4. **IMPORTANT:** No data entries linked to the vertical cabling datasets that are linked to that user are deleted! The organisation information, to which that user was linked is kept.

### Main flow

1. The **Organisation Administrator** retrieves a list of existing users that belong to his organisation with their details and roles (GET).
2. The **Organisation Administrator** uses an API to modify the existing user and the flag “active=false” (PUT/PATCH).
3. The system validates the input data.
4. The system saves the changes and updates the user list.
5. After the pre-defined period the system deletes all personal data linked to the inactive user.

### Exceptions

#### \[400 Bad Request\] Invalid input:

If mandatory fields are missing or invalid, the system returns an error message.

#### \[403 Forbidden\] User cannot delete himself

If the **Organisation Administrator** attempts to delete his own user, an error will be returned.

#### \[404 Not found\] User not found

If the **Organisation Administrator** attempts to modify a user that does not exist or does not belong to his organisation, the system returns an error and prevents the action.

#### \[500 Internal Server Error\] System Error

If the system fails to save changes due to an internal error, it displays an appropriate message and logs the error for further investigation.