Risks to analysis in deactivating a user?

When we disable a user, will there be any risk associated with a scan? Are the scan directly tied with a user profile?


Hi John,

I’ve moved your post to a new thread since the one you appended to had been quiet for 2 years.

If the deactivated user is the one whose credentials you were using to run analysis, then yes you’ll probably face problems. As a best practice, we advise creating one or more technical users with minimal permissions and using them for analyses. Presumably your technical users will never be fired & deactivated. :smiley:

And BTW, since you’ll be generating tokens from these technical users, you can segment it out as narrowly as you like, whether that’s a (properly labeled) token per project or per team or division or… Then if there’s a problem you only have to delete the one token and disrupt a small slice of projects rather than everything.