As an Administrator of high-value resources in an Organization, you are likely to encounter situations that call for a need to disable end-user data access or system operation. SSProtect provides highly secured operations in support of these needs.
Operations described in this article must be carried out by an Organization Administrator or Delegate. Operations only apply to Accounts within the managed Organization. In some cases, operation requires coordination with another Privileged User and/ or DefiniSec Support. Details are described in related sections, below.
User Interface Details
This article does not described UI elements, controls, or procedures in detail. For each consideration, you will find general guidance often sufficient to understand how to carry out related tasks. For more information, refer to articles specific to the noted UI displays.
Disabling Individual Accounts
You cannot Disable an Individual Account with today's version of the software. If such a need arises, contact Support to coordinate proper forward action.
Disabling Organization Accounts
You can disable (and also re-enable) one or more Accounts in your Organization from within the Administer Users dialog, available to Privileged Users in the notification tray's context menu. This operation results in an :Assess event history entry for visibility to other Privileged Users.
When you disable an Account, you not only prohibit subsequent SSProtect Login, but also immediately disable all further User operation. Login attempts present an error message noting that the Account has been Disabled, and in-Session attempts to continue using the software offer similar results.
Note that target Account Users are not currently notified when this occurs.
Data managed by a Disabled Account remains accessible to authorized Users, subject to Sharing Policy. Because you can independently control with whom you share data and those able to access your content, you can also Disable a Third Party Trust relationship. Refer to articles in the :Collaborate Topic to gain more insight on how to manage these relationships.
Note that you cannot disable Organization Account access to content generated by other Organization Accounts - even if they are disabled.
Further, if you Delete an Account, his/ her sharing peers retain access to shared content. However, when re-protecting, the Operating Mode reverts back to Optimized Offloading since the owning Account's :Recover Archive is no longer active.
For detailed insight on different scenarios, contact our Support department as described at the end of this article.
Disabled Organizations and Licensing
You cannot disable an entire Organization of Accounts, though you can encounter this dynamic if for example you do not abide by your License Agreement. Any attempt to Login to an Account in a Disabled Organization reflects this specific case, different from a Disabled Account. Similarly, any action taken from within a previously active Session will reflect the same.
If you encounter this dynamic, contact Support to resolve the issue. For more information specific to Licensing, refer to the article, SSProtect Licensing.
LOCKDOWN for Organizations
LOCKDOWN is different from Disable in that it is applied to all Organization Accounts, though with limited impact to Privileged Accounts. LOCKDOWN requires the coordinated action of two qualified Privileged Users in conjunction with your Service Provider.
The procedure for executing LOCKDOWN, along with the resulting impact, is at present described in the article, Administering Client Resources.
This article was updated w/ v9.1.0 of the :Foundation Client