Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  • Overview

  • Proposed System Requirements

  • Phase 1 : Allow deletion of account only by Public users

  • Phase 2 : Allow deletion of account only by all users

...

A user interface should be implemented to guide users through the account deletion process. Users should receive clear information regarding the implications of account deletion ( and also the data that will be removed ?)

Data Removal from the Platform:

...

  1. User credentials used for signing in.

  2. Personally Identifiable Information (PII) including masked data like phone numbers and email addresses.

  3. Consent to data usage, including PII, should be reset with a notice of account deletion.

    1. isdeleted flat will be made true and status as 0

    2. Email, phone number.. will be emptied. Consent provided will be 'No'

    3. User entry will not be removed from the reports. User Phone and User Email Id columns will be marked as User account deleted.

      1. OR

    4. User entry will not be removed from the reports.The report will contain another column which will have the status of the user account - Deleted / Active / Inactive

Data Retention Post Deletion:

...

Consequences and Considerations:

  • Account deletion does not affect resource consumption on the platform.

  • Deleted users will be logged out and treated as guest user.

  • Account deletion requires proof of ownership via OTP.

  • There might be a lead time for account deletion completion (need to specify).

  • After the completion of account deletion, the same credentials can be used to register again as a new user.

  • Only active user accounts can be deleted. Incase of inactive/blocked users the Org Admin will have to change the account status to active, to be able to delete the account. However, the backend will have the capability to allow Org Admin to delete user accounts.

  • Incase of SSO user if the account is deleted, during the next sign-in, a new account will be created which will not have any historic information.

  • If a user who deletes his account has created a thread in the discussion forum, posted comments, after deletion, the name will be displayed as Deleted User

  • If a group admin/owner deletes his account, no action required if there is another group admin.If not, another user (random) can be assigned as the default group owner

  • Incase of a user having multiple profiles in one account, all the profiles will be deleted.

  • ECAR used for offline use will have the creator’s name in the index file, which may still exist after the creator(user) has deleted their account since we will not be re-publishing.

  • Any personally identifiable information (PII) present within content metadata properties or direct properties will be deleted. PII information stored in JSON format or any other files will not be handled (deleted).

...

  1. User logs in.

  2. User opens the menu (commonly referred to as the "burger menu").

  3. User navigates to the settings or profile section.

  4. User initiates the account deletion process by clicking/selecting the "Delete Account" button.

  5. User receives comprehensive information about the impact of deletion based on the user role and the steps they need to complete or consider before proceeding with the deletion (eg. download certificates). Along with this, the user will be informed on what data will be retained after deletion

    1. Users check off a checklist

      Code Block
       Personal Information: Your personal account information, including your profile and login details, your activity history, will be permanently deleted. This information cannot be recovered.
      * Certificates: For certificate verification purposes, only your name will be stored.
      * Access Loss: You will lose access to all features and services associated with this account, and any subscriptions or memberships may be terminated.
      * Single Sign-On (SSO): If you use Single Sign-On (SSO) to sign in, be aware that a new account will be created the next time you sign in. This new account will not have any historical information.
      * Resource Retention: Even after your account is deleted, any contributions, content, or resources you have created within the portal will not be deleted. These will remain accessible to other users as part of the collective content.You will no longer have control or management rights over them.
      * Usage Reports: Usage reports will retain location data declared by you.
      * Make sure you have backed up any important data and have considered the consequences before confirming account deletion and downloaded your certificates.
    2. Users gain the ability to finalise the account deletion

    3. [Phase 2] Org Admin will be notified incase of transfer of user roles or resource ownership.

  6. User confirms their intention to delete the account.

  7. User validates the deletion request using an OTP (One-Time Password) via SMS & email.

  8. After successful validation, the user is automatically logged out of the platform.

...

Info

Approach 2 is Finalised

Approach 1:

Allow Creator Role / Program designer Role & Course Mentors to delete their account (apart from public users) and reallocate the content / resources owned by these deleted users.

User Flows for Different Platform Roles Before Deletion:

  1. Creator Role / Program designer Role:

    1. User will be informed that the assets created, transactional data (etc.,) will be retained and the ownership of content resources will be transferred. The Org admin will be notified in the feed and also via email.

      1. Org Admin will be able to assign the ownership to any other user with the required user role.

  2. Course Mentors :

    1. User will be informed that the assets created, transactional data (etc.,) will be retained and the ownership of resources will be transferred. The Org admin will be notified in the feed and also via email.

      1. Org Admin will be able to assign the ownership to any other user with the required user role.

  3. Org Admin (Program Managers in cokreat): If there is no other user in the Org Admin role, then the user must dissociate from the role before deletion, and transfer admin rights and assets/ resources.

    1. The Org admin will be able assign any other user with the Org admin role.

  4. Report Admin: If there is no other user in the Report Admin role and if there is at-least one Org admin, he/she will be notified

    1. Org Admin will be able to assign any other user with the required user role.

Platform Role-Specific Impact of Account Deletion:

Detailed impacts for each platform role upon account deletion:

  1. Creator Role / Program designer Role: No resource creation or editing; no access to resource/program data.

  2. Manager/Mentor: No management or mentorship; no access to program/resource data.

  3. Org Admin (Program Managers in cokreat): Loss of admin rights and PII data access.

  4. Report Admin: Will not be able to access or publish reports.

  5. Report Viewer: Will lose access to dashboards post-deletion.

  6. Reviewer: Will not be able to review, reject, or publish resources.

  7. Users Consuming Resources: Will lose access to certain features post-deletion; for eg, once the account is deleted, users will not be able to take any actions on the app except the ones that are available to the guest users.

Admin User Flow:

All the Org Admin(s) for that particular organisation will be notified (user feed & email) regarding the account deletion along with their respective user roles and list of resources to be re-allocated.

  1. All the Org Admins will receive an email notifying the deletion of the user account along with their user roles and

    1. The instruction to re-assign ownership of assets, previously owned by the deleted user (if any).

  2. The Org Admin will receive a notification in the SunbirdEd portal/App with the same message.

  3. Upon opening the notification, the user will be redirected to a page where the assets to be re-assigned are listed.

  4. The org admin can multi-select the resources to be re-assigned.

  5. Select the action to be performed from the kebab menu (more actions menu)

  6. Based on the selection, the admin can assign it to a selected user.

    1. Admin selects 'Assign / transfer ownership'

      1. A pop-up is displayed with and he/she will be able to search for users in required roles and assign ownership. (also filter based on the user roles from a drop-down)

      2. The assigned user needs to have the corresponding role assigned to them, this will be validated For eg, if the resource is assigned to a user, the user should have either creator or course mentor role.

        1. If not, an alert will be shown mentioning the same and the admin will have to find another user with the permission or assign the required user role to the user

        2. If not, the transfer of ownership will be successful

  7. The admin will be shown the confirmation of ownership transfer

Deletion Event

The event will be triggered upon deletion of a user and will generate a list of suggested

  • For each of the role assigned to the deleted users, list of 5 suggested users should be generated

  • 5 random users can be selected from each user role

Approach 2:

Creator / Program designer Role & Course Mentors will not be allowed to delete their account directly. Upon clicking on `Delete Account`, they will notified about their unique role and the restriction on account deletion. And also informing them to contact support.

...

  1. User logs in.

  2. User navigates to the settings or profile section.

  3. User initiates the account deletion process by clicking/selecting the "Delete Account" button.

  4. The user is provided with information about their assigned user roles and the necessity to disassociate from these roles to gain permission for account deletion.

    1. The user sees a pop-up on the restriction on account deletion.
      Attaching the suggested message here

      1. Creator / Mentor / Program Designer / Program Manager / Report Viewer (any special user except org admin)
        As a result of your unique permissions, the ability to delete your account is currently restricted. If you wish to proceed with the account deletion process, we kindly request that you contact your support team to request disassociation from any special user roles and the transfer of ownership of any resources owned by you.

        1. Automation of triggering an email request for the same should be optional. If this is enabled,

          1. The pop will have a button to Email Support to initiate a request to revoke access.

            1. The user confirms the email trigger using a One-Time Password (OTP) sent via SMS and email

              Email Support.png

          2. Upon confirmation, an email preview will be displayed to the user which the user can edit, and upon confirming which, the email is sent to the support team, indicating the deletion request.

          3. Email will have the list of assets owned by the user ?

      2. Org Admin / Report Admin
        As the sole Organization / Report admin within the organization, you will not have the ability to delete your account. Kindly get in touch with our support team for further assistance.

        1. Automation of triggering an email request for the same should be optional. If this is enabled,

          1. The pop will have a button to Email Support to initiate a request to revoke access.

            1. User validates the triggering of email using an OTP (One-Time Password) via SMS & email.

          2. An email is sent to the support team, indicating the deletion request.

      3. The support will perform the necessary activities (disassociation from special roles, transfer of ownership) and inform the user.

  5. The user will now be a public user and will go through the standard deletion flow.

Admin User Flow:

  1. Org admin will be informed of the request for user account deletion..

  2. The Org Admin will utilise a designated standalone script to transfer the user's resources to another user (identified by their user ID).

  3. After completing the resource transfer, the Org Admin will remove any special user roles assigned to the user via the portal/app.

  4. A confirmation email will then be sent by the Org Admin to the user, giving the confirmation to proceed with the deletion process.

Script for Transfer of ownership of assets

...

  • The user to which the resources are transferred to, will belong the user group who has the permission to take over the ownership.

Descoped

Role change User Flow:

  1. If a user role which has permission to create assets creator is removed from the particular user role,

    1. If the user owns assets.

      1. Content Creator & book Creator- Notify the Org Admin, to transfer the ownership to another user who has the permission / role.

Disclaimer

  • Live questions will have the PIA displayed if the assets owned by the deleted users are not republished. The admin is notified on this and informed that he/she should publish the assets again after transferring the ownership to another user.