There may come a time when you need to step in and stop one or more accounts from working for a time without deleting them. How you do this depends on your set-up.
I'm using OpenAthens accounts that I've created in the interface...
You have two options: removing permission sets or expiring the account.
If you set today's date as the expiry date the account will stop working and you'll have an implied record of when it was disabled. The risk with this method is that if the account is left in this state beyond the automatic deletion threshold, the account will be deleted rather permanently.
To restore access, set a new expiry date in the future.
If you use restrictive mode, removing an account's permission sets will remove all access to resources. If you are not using restrictive mode, you will need to use the expiry method above.
To restore access, add the relevant permission sets back to the account.
I'm using local accounts such as ADFS, Azure, LDAP, Sirsi, etc...
You have three options:
Disable the cached account
If you open up the account details on a local account (use list or quick-search) there's an option to disable the account (next to the save changes button).
To restore access, click the button again.
If you use restrictive mode, removing an account's permission sets will remove all access to resources. Again in the account details, go to the permissions tab, select manual mode and remove all the permission sets.
To restore access, switch the permission set assignment back to automatic.
Add a permission rule
This one has the potential to make a part of the interface a bit messy if you have to do it for individual users. It's better suited for blocking large groups such as the geology department, but...
- On you local connection (Management > Connections) go to the permissions tab
- Click the add rule button and select the suspend account option
- Enter details that will block the account, click on done and save
To restore access, update or remove the rule and save.