Revoking or Reducing User Permissions

From time to time, it is necessary to review the list of authorized users who can edit your site, as well as their permission levels. The best practice is to revoke permissions as soon as a user leaves your department or business unit. Since that is not always feasible, it is recommended to review your list of authorized users on a quarterly basis. This guide gives step-by-step instructions for removing permissions.
Go to your Manage User Permissions PageOnce you log into your site, you can navigate to your Manage Users page two different ways:
Go to Shortcuts → Site Actions → Manage User Permissions
Visit [yoursitename].stanford.edu/admin/users (e.g.  english.stanford.edu/admin/users )
This will take you to a page with a list of everyone who has user permissions on your website, as well as to which role(s) each person is assigned.
﻿
Screenshot of the Manage Users page. The first and third columns from the left are outlined to show the user name and role, respectively, of each authorized user on your site.Screenshot of the Manage Users page. The first and third columns from the left are outlined to show the user name and role, respectively, of each authorized user on your site.
Review Your ListDepending on how many users appear on your list you may want to use filters. This may not be necessary for shorter lists, as you will be able to quickly scroll through the list for names that should no longer appear. 
For longer lists, filter by user role. First, select a role from the drop down menu labeled "Roles." Next, search for users by permission type, one at a time: 
Site Manager
Contributor
Author
Intranet Viewer
Select a role type from the drop down and push the "Filter" button to see all users with that permission type.
﻿
Screenshot of the filter options. "Role" is the 4th option from the left.Screenshot of the filter options. "Role" is the 4th option from the left.
Update PermissionsThere are two ways to update permissions for your users: individually and via bulk action for multiple users.
Updating Permissions IndividuallyTo remove permissions from just one user, click on the "Edit" button on the same line as their name. 
﻿
Screenshot of the "Manage Permissions" page. The "edit" button is located on the far right of the page, one button per person line.Screenshot of the "Manage Permissions" page. The "edit" button is located on the far right of the page, one button per person line.
This will bring you to a page with a variety of "Roles" options. 
﻿
Screenshot of the permission options. You can check multiple boxes.Screenshot of the permission options. You can check multiple boxes.
If the user simply needs their permissions scaled back, uncheck the boxes that correspond to the permissions they no longer need, and keep the boxes checked for the ones they do. For example, if a user no longer needs to edit content on your site but still needs to access your site's intranet, you will uncheck the boxes for Site Manager, Contributor, and/or Author, but keep the box checked for Intranet Viewer.
If the user has left your unit altogether, you can uncheck all of the boxes. If you wish, you may also Block the user. Blocking a user is achieved by simply clicking the Status radio button for "Blocked."
﻿
Screenshot of the manage user permissions page. The "Status" box at the top is outlined to show the two options: Blocked or Active.Screenshot of the manage user permissions page. The "Status" box at the top is outlined to show the two options: Blocked or Active.
Once you have made all of your changes, click the "Save" button.
Warning: The "Cancel Account" ButtonDo NOT ever use this option!
Perhaps you noticed a red link next to the Save button called "Cancel Account." While this button looks like a quick way to remove user permissions, it's actually a terrible method for doing so. In addition to removing a user's permissions, canceling a user's account also deletes all content they created on your site. For instance, if the user created the pages that outline your degree programs, canceling their account will also delete your website's degree program pages. 
﻿
Screenshot of a user permissions page. At the very bottom are buttons to "Save," "Cancel Account," and "Cancel." The middle button, "Cancel Account," is Xed out to indicate this button should never be used.   Screenshot of a user permissions page. At the very bottom are buttons to "Save," "Cancel Account," and "Cancel." The middle button, "Cancel Account," is Xed out to indicate this button should never be used.   
Updating Permissions for Multiple Users at OnceThere may be times where you need to remove permissions from multiple users. To save time, this can be done in bulk. 
First, select the users who need to have the same permission type removed. For example, if you have three users with Author permissions that should be revoked, click the checkmark next to all three user names. 
﻿
Screenshot of the manage user permissions page. Multiple users have been selected, as indicated by checkmarks appearing to the left of each line item.Screenshot of the manage user permissions page. Multiple users have been selected, as indicated by checkmarks appearing to the left of each line item.
Next, click the dropdown menu named "Action" and select the appropriate choice: "Remove the ____ role from the selected user(s)." 
﻿
Screenshot displaying the dropdown menu choices that appear when multiple people are selected within the "Manage User Permissions" menu.Screenshot displaying the dropdown menu choices that appear when multiple people are selected within the "Manage User Permissions" menu.
Click the button "Apply to Selected Items."
﻿
Screenshot displaying the "apply to selected items" button to the right of the dropdown menu choices that appear when multiple people are selected within the "Manage User Permissions" menu.Screenshot displaying the "apply to selected items" button to the right of the dropdown menu choices that appear when multiple people are selected within the "Manage User Permissions" menu.
Repeat this process as necessary to remove all permission types from users who need their permissions reduced. Once you have completed your changes, be sure to click the "Save" button!
Handling Users You Don't RecognizeYour list of users likely includes the names of people you don't recognize. Some of these may be Stanford students or staff who are not in your department. Others are users with no last name, Lindsay and Howard. All of these users are harmless and can remain on your list.
Lindsay and HowardYou may notice users with no last name: Lindsay and/or Howard. Lindsay and Howard are the names of dummy accounts added to most sites and used for testing by the team of developers. 
Please do NOT remove these users for any reason! 
﻿
Screenshot of "Manage User Permissions" showing Lindsay and Howard.Screenshot of "Manage User Permissions" showing Lindsay and Howard.
Unknown Other UsersYour list may or may also include other names you don't recognize. On occasion, users will click the "SUNet Login" button on the bottom of the page. These might be students enrolled in your program, students considering applying to your program, or staff in other departments who ended up on your page. 
The act of clicking the "SUNet Login" button creates a user profile on your site for that person. However, it is important to note that simply logging in does NOT grant anyone any additional permissions or authority; it just allows them to appear on your list. You can choose to bump up their permissions to "Author" or "Intranet Viewer" or any other permission you deem necessary, but in most instances you can simply ignore it.
﻿
Screenshot of "Manage User Permissions" showing a list of people's names.Screenshot of "Manage User Permissions" showing a list of people's names.
﻿