Open Bug 392184 Opened 18 years ago Updated 6 years ago

Users should be allowed to delete their own account

Categories

(Bugzilla :: User Accounts, enhancement, P3)

Product:
Bugzilla
Component:
User Accounts
Type:
enhancement

Tracking

()

People

(Reporter: u119030, Unassigned)

References

(Blocks 1 open bug)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6 Build Identifier: I wanted to delete my bugzilla account (since I happen to have two) but did not find an option to do that! Quite strange. Reproducible: Always Steps to Reproduce: 1. Log in to bugzilla. 2. Browse profile / look for account management features. 3. Look for account deletion. Actual Results: Should be possible, really! Expected Results: Nothing found.
You must have the allowuserdeletion parameter turned on before deleting a user account. Anyway, this is a support question and we have mailing lists for that, see http://www.bugzilla.org/support/.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
Or rather WFM.
Resolution: INVALID → WORKSFORME
So how would that parameter be set? And how does a user get a clue that it exists in the first place? Come on, this is no excuse for a missing basic feature. And do you really want the support to be bothered with every account deletion request? I don't think this is a support issue. Considering the huge number of web service accounts that one is forced to have nowadays, account deletion really is a basic feature that should be available by obvious means, not needing research in FAQs, mailing lists or anywhere.
Status: RESOLVED → UNCONFIRMED
Resolution: WORKSFORME → ---
Do not reopen this bug. This is a support question, and we don't accept support questions on b.m.o. Documentation is here to help you administrate your Bugzilla installation. You obviously didn't read it: http://www.bugzilla.org/docs/3.0/html/useradmin.html
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago18 years ago
Resolution: --- → WORKSFORME
deleting accounts is not a basic feature. nor is it even a good idea. it causes serious dataloss. generally, users should not be able to delete accounts. the feature does exist, but it's not something users should know about. there's a script in contrib/ which is what you should use instead: http://mxr-test.landfill.bugzilla.org/bugzilla/source/contrib/merge-users.pl
Status: RESOLVED → VERIFIED
OK, I'm not going to reopen the bug again, but it's not a support question, there may have been a misunderstanding: I am not claiming this bug as an administrator but as a user (of your own bugzilla.mozilla.org installation, actually, where I inadvertently created two accounts). So both links mentioned in the previous comments are not applicable. And while it may not be a good idea for an administrator to delete an account, it has to be in the authority of users to delete their own account. Not offering this feature (which is a basic feature from the user perspective) is a major design deficiency.
Resolution: WORKSFORME → INCOMPLETE
(In reply to comment #6) > it has to be in the authority of users to delete their own account. > Not offering this feature (which is a basic feature from the user perspective) > is a major design deficiency. It's not that simple. If a user reported a bug, commented in a bug or attached a patch, etc..., his ID is recorded in the DB. If you were deleting this user account, either the ID would point to an inexistent user account (which won't work due to referential integrity problems in the DB) or... we would have to delete all his activity, including bugs he reported?? Even if a user leaves, it's still good to know who did what rather than reassigning everything to some ghost.
I absolutely agree that bug reports and comments of a deleted user should remain available. Implementation problems are not relevant for a design consideration (this is a usability aspect). I would actually also leave the user name available for reference. But what if a mail address just doesn't exist anymore? Merging accounts (i.e. as a user feature!) might solve most of the issue, still assuming eternal life of users, though.
Fwiw, I think we could do with a link on userprefs.cgi?tab=account to delete one's own account. This link must not be displayed (and the deletion must not work, if hand-crafting the link) if the account is associated with anything besides profile and profile_activity.
Summary: bugzilla account cannot be deleted → Users should be allowed to delete their own account
Severity: major → enhancement
Hardware: Other → All
Okay, I would agree with that as a feature. Sorry, it was unclear that you were not an administrator. :-)
Status: VERIFIED → UNCONFIRMED
Priority: -- → P3
Resolution: INCOMPLETE → ---
Status: UNCONFIRMED → NEW
Ever confirmed: true
I just created this bug at gnome http://bugzilla.gnome.org/show_bug.cgi?id=503323 which perfectly matches this! And, prompted by the same user experience. The advice there was "go upstream", so here I am. The experience over at gnome is rather more acute as gnome's bug-buddy actually takes a users default account from evolution and creates a gnome.bugzilla account with that user's default email address - no sign-up and verification process!!! Given the ephemeral nature of the email addresses recommended for use in bugzilla (see "Create a new Bugzilla account" page here: https://bugzilla.mozilla.org/createaccount.cgi) integrity issues around maintaining users seems a little ephemeral itself. Making the script at comment #4 available somehow to users as Thomas Wolff suggests (comment #8) would surely resolve all the implementation problems against deleting accounts - if someone really wanted to disappear, they could create an account (and email) for that purpose. This may seem a little too ghost like, but the need for a special bugzilla identity recommended on the new account page comes pretty close to this anyway. I hope this enhancement takes on some momentum. Like Thomas (comment #6) this seems like a major design deficiency.
Talking about this problem with bkor on IRC, we came to the conclusion that if the user account cannot be safely deleted due to comments made by the user, or due to bugs he reported or attachments he added, the "Deleted" button in userprefs.cgi should rather 1) disable all emails for this account, 2) remove all his privs (in case the email address is recycled and used by someone else in the future), 3) mark this account as disabled (to prevent any abuse of this account). This would be pretty trivial to implement.
Expanding on above: In case of 2), the user should be warned beforehand that the users bugs and comments will still be visible after the account is deleted. An user sometimes expects all his data on the site to be gone after the account is deleted. However, that won't be the case. So the user should be warned in case #2 is done (disabling of the account instead of a real deletion).
Let me repeat my suggestion of comment #8: Offer an option to merge two accounts into one. (E.g. if someone used to have a workplace account and a personal one and now prefers to have only one, like me.) This would probably make things easier and avoid some of your integrity concerns. Effectively, when you change your email address and the system notices it's already taken, it should offer to enter login data of that address to prove you are that accounts owner, too (maybe also entering full name).
Ditto Thomas Comment #14 It really doesn't seem that complicated...
This bug is really annoying. I created a new account for one project's Bugzilla before noticing that I actually had already registered to it several years earlier. Now the new&wrong account prevents me from correcting the email address in that older account (with several bugs). For that problem either deleting the wrong account (as it doesn't have any comments or bugs) or merging it with another one would both be acceptable end-user solutions.
(In reply to comment #16) > comments or bugs) or merging it with another one would both be acceptable Ask the admin to merge your accounts. He can do that already.
(In reply to comment #17) > (In reply to comment #16) > > comments or bugs) or merging it with another one would both be acceptable > > Ask the admin to merge your accounts. He can do that already. Yes, but the admin's probably got better things to do and wont be bothered, in my case they haven't...
I have a similar situation. I don't care if my two accounts are merged or one is deleted. Is there a way to contact the admin for bugzilla.mozilla.org? I haven't been able to find a way to do that.
Long time, no action - still NEW after 5 years... Bump PS Re Comment 17, if the option already exists for admin - why can't that simply be exposed for user?
(In reply to Morgan Read from comment #20) > PS Re Comment 17, if the option already exists for admin - why can't that > simply be exposed for user? The current admin option is a script: contrib/merge_users.pl. In order to expose this to users, somebody (maybe you?) would need to o port the script into Bugzilla's object model o create a GUI o find out (together with core devs) which safety and security checks are necessary, and implement them So it's not really trivial. I'm looking forward to patches, and I'm willing to support ideas and conceptual design.
(In reply to deletemyakkountplease from comment #30) Please stop spamming everybody! When you created your Bugzilla account, you have been warned that your email address would be visible to logged in users. So stop whining, else you will be banned!
I joined this bug because I experienced this bug at gnome bugzilla, here: https://bugzilla.gnome.org/show_bug.cgi?id=503323 That was was in response to having gnome's Bug Buddy, as it was then, create an account on gnome bugzilla with my personal email address and WITHOUT any permission being asked of me or given by me - straight from my desktop with my personal email address! So, I gave no permission for that and I was not warned that my address would be visible or any of the other things that might be sighted without having taken proper consideration of the very real privacy issues involved here. This is a serious security and privacy issue which it is very disappointing to see the free software community take such a derisory and off-hand attitude about. Bugzilla is an amazingly effective community collaboration tool, but that effectiveness is seriously undermined when users privacy concerns are not addressed by those administering the tool. So, in contradiction to the assertions at Comment 34 which are not true - at least in my case - perhaps deletemyakkountplease has a serious point to make. It's unfortunate that it is not possible to know because it has been censored - a strange reaction from the free software community to open debate.
Actually, this is where I experienced the bug: https://bugzilla.gnome.org/show_bug.cgi?id=501700
Hmm, my recent comments have prompted a perusal of my bug box - perhaps those deleted comments should stay deleted. Censorship has it's place after all.
Long time, no action - still NEW after 9 years... Bump
Flags: needinfo?(default-qa)
Flags: needinfo?(default-qa)
@ElevenReds: Please read bug 392184#c21. Writing "bump" comments without any questions or provided patches does not help anybody but just creates notification noise. Thanks.
Blocks: 1459489

If you have a good database design, this shouldn't be an issue at all:

account_id:

  • generated (randomly) on user creation
  • used to identify a user
  • used as a reference in bugs, comments etc.

users:

  • inhibit an account_id
  • authorization data: email, password
  • profile information (including username/displayname)

UI: I want to display a bug and here I found an account_id. So let's ask the users module to get a displayname!
Users module: Oh, I didn't find a user with that ID. I will just give you back the anonymous profile.

As you can see, it shouldn't be a problem at all to delete a user!
If the current design doesn't have these features, you should make big efforts to change it latest in the next major release!
(I know this would require a lot of database updating. In order to reduce offline time, one could create intermediate versions which support both old and new user IDs. This way, data could be updated in the background while having the site operational.)

You should be aware that you risk high fines for all administrators/projects by not complying to GDPR! I have already seen some projects migrating to other platforms which offer this basic feature!
So put this at high priority and then I am sure that you can soon present a good solution which makes your users happy :)

I haven't read over the full text of this bug, but as it stands this bugzilla install (BMO) which is the next version of upstream bugzilla supports self-disabling and anonymization of accounts. We still do have occasionally manual things to do -- just as editing the text comments, and there are sometimes names in the bug history. The later part is being fixed in another bug shortly.

In addition, BMO (and thus the next version of bugzilla) supports automatically forgetting people after a configurable absence, which is above and beyond anything that is required.

You need to log in before you can comment on or make changes to this bug.