Revoking or Reducing User Permissions

From time to time, it is necessary to review the list of authorized users who can edit your site, as well as their permission levels. The best practice is to revoke permissions as soon as a user leaves your department or business unit. Since that is not always feasible, it is recommended to review your list of authorized users on a quarterly basis. This guide gives step-by-step instructions for removing permissions.
Go to your Manage User Permissions PageOnce you log into your site, you can navigate to your Manage Users page two different ways:
.1Go to Shortcuts → Site Actions → Manage User Permissions
.2Visit [yoursitename].stanford.edu/admin/users (e.g.  english.stanford.edu/admin/users )
This will take you to a page with a list of everyone who has user permissions on your website, as well as to which role(s) each person is assigned.
﻿
Add a caption...
﻿
Review Your ListDepending on how many users appear on your list you may want to use filters. This may not be necessary for shorter lists, as you will be able to quickly scroll through the list for names that should no longer appear. 
﻿
For longer lists, filter by user role. First, select a role from the drop down menu labeled "Roles." Next, search for users by permission type, one at a time: 
Site Manager
Contributor
Author
Intranet Viewer
Select a role type from the drop down and push the "Filter" button to see all users with that permission type.
﻿
Add a caption...
﻿
Update PermissionsThere are two ways to update permissions for your users: individually and via bulk action for multiple users.
﻿
Updating Permissions IndividuallyTo remove permissions from just one user, click on the "Edit" button on the same line as their name. 
﻿
Add a caption...
This will bring you to a page with a variety of "Roles" options. 
﻿
Add a caption...
If the user simply needs their permissions scaled back, uncheck the boxes that correspond to the permissions they no longer need and keep the boxes checked for the ones they do. For example, if a user no longer needs to edit content on your site but still needs to access your site's intranet, you will uncheck the boxes for Site Manager, Contributor, and/or Author, but keep the box checked for Intranet Viewer.
﻿
If the user has left your unit altogether, you can uncheck all of the boxes. If you wish, you may also Block the user. Blocking a user is achieved by simply clicking the Status radio button for "Blocked."
﻿
Add a caption...
Once you have made all of your changes, click the "Save" button.
﻿
Warning: The "Cancel Account" ButtonDo NOT ever use this option!
Perhaps you noticed a red link next to the Save button called "Cancel Account." While this button looks like a quick way to remove user permissions, it's actually a terrible method for doing so. In addition to removing a user's permissions, canceling a user's account also deletes all content they created on your site. For instance, if the user created the pages that outline your degree programs, canceling their account will also delete your website's degree program pages. 
﻿
Add a caption...
﻿
Updating Permissions for Multiple Users at OnceThere may be times where you need to remove permissions from multiple users. To save time, this can be done in bulk. 
﻿
First, select the users who need to have the same permission type removed. For example, if you have three users with Author permissions that should be revoked, click the checkmark next to all three user names. 
﻿
Add a caption...
Next, click the dropdown menu named "Action" and select the appropriate choice: "Remove the ____ role from the selected user(s)." 
﻿
Add a caption...
Click the button "Apply to Selected Items."
﻿
Add a caption...
Repeat this process as necessary to remove all permission types from users who need their permissions reduced. Once you have completed your changes, be sure to click the "Save" button!
Warning: The "Cancel Account" Bulk Action OptionDo NOT ever use this option!
The bulk action dropdown list contains an option to there is an option to "Cancel the selected user account(s)." Once again, this is an option that should NEVER be used because canceling a user's account also deletes all content they created on your site. For instance, if the user created the pages that outline your degree programs, canceling their account will also delete your website's degree program pages. 
﻿
Add a caption...
﻿
Handling Users You Don't RecognizeYour list of users likely includes the names of people you don't recognize. Some of these may be Stanford students or staff who are not in your department. Others are users with no last name, Lindsay and Howard. All of these users are harmless and can remain on your list.
﻿
Lindsay and HowardYou may notice users with no last name: Lindsay and/or Howard. Lindsay and Howard are the names of dummy accounts added to most sites and used for testing by the team of developers. 
Please do NOT remove these users for any reason! 
﻿
Add a caption...
﻿
Unknown Other UsersYour list may or may also include other names you don't recognize. On occasion, users will click the "SUNet Login" button on the bottom of the page. These might be students enrolled in your program, students considering applying to your program, or staff in other departments who ended up on your page. 
﻿
The act of clicking the "SUNet Login" button creates a user profile on your site for that person. However, it is important to note that simply logging in does NOT grant anyone any additional permissions or authority; it just allows them to appear on your list. You can choose to bump up their permissions to "Author" or "Intranet Viewer" or any other permission you deem necessary, but in most instances you can simply ignore it.
﻿
Add a caption...
﻿