# Tools

Tools

# Clear redundant roles

## Description

A high level profile can contain or grant application permissions. On the other side, application permissions can contain or grant low level permissions. All of them are referred generally as roles.

Some users could have been granted both high level profiles and application permissions or low level permissions.

In that case, low level roles can be removed from Soffid database, as they are inherited through role inheritance rules.

This tool identifies any low level roles granted to users at the same time that its owner high level role, and removes them.

## Screen overview

<iframe allowfullscreen="allowfullscreen" height="314" src="https://www.youtube.com/embed/HgmP473piWg?rel=0" width="560"></iframe>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/S7iMdohGjbiwKITa-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/S7iMdohGjbiwKITa-image.png)

## Related objects

- <span class="ILfuVd"><span class="hgKElc">[Users](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/users "Users") : users have effective roles from roles, grups or rules</span></span>
- [Roles](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/roles "Roles") : roles granted to a user

## Actions

#### Introduction

A brief description of this process.

<table border="1" id="bkmrk-query-allows-to-sear-0" style="width: 98.7654%;"><tbody><tr><td style="width: 13.7858%;">**Next**

</td><td style="width: 86.1612%;">Allows you to browse to the Filter roles step.

</td></tr></tbody></table>

#### Filter roles

Allows you to filter a subset of roles to apply the process.

<table border="1" id="bkmrk-undo-allows-you-to-r" style="width: 98.7654%;"><tbody><tr><td style="width: 13.7858%;">**Undo**

</td><td style="width: 86.1612%;">Allows you to return to the previous step without applying any changes.

</td></tr><tr><td style="width: 13.7858%;">**Next**

</td><td style="width: 86.1612%;">Once you search for the proper Roles, you can click the Next button to browse to the Preview result step.

</td></tr></tbody></table>

#### Preview result

Displays a list with the subset filtered of roles.

<table border="1" id="bkmrk-undo-allows-you-to-r-0" style="width: 98.7654%; height: 59.4034px;"><tbody><tr style="height: 29.7017px;"><td style="width: 13.7858%; height: 29.7017px;">**Undo**

</td><td style="width: 86.1612%; height: 29.7017px;">Allows you to return to the previous step without applying any changes.

</td></tr><tr style="height: 29.7017px;"><td style="width: 13.7858%; height: 29.7017px;">**Next**

</td><td style="width: 86.1612%; height: 29.7017px;">Allows you to run the Clear redundant roles process to the subset of roles &amp; accounts there are in the list.

</td></tr></tbody></table>

#### Finish

The changes has been executed.

# Disable inactive users

## Description

Probably there are some users that do not need access to any information system. Using this tool you will be able to identify them and act upon them.

The process is a two step process:

1. Filter out the universe of users to analyze.
2. Select the actions to perform on these users.

The available actions are the following:

- Send an email.
- Disable the user.
- Remove accounts from the target system.

It's usual to initially use this tool for only a subset of your users.  
For instance, you can send a message when the password is reaching the expiration date, disable the user when no login has been made in the last 90 days or completely remove its accounts when the identity has been disabled for 30 days.

## Screen overview

<iframe allowfullscreen="allowfullscreen" height="314" src="https://www.youtube.com/embed/Ji9zOa4zu4c?rel=0" width="560"></iframe>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/miyWkQUk19LdKvoo-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/miyWkQUk19LdKvoo-image.png)

## Related objects

- <span class="ILfuVd"><span class="hgKElc">[Users](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/users "Users") : users have effective roles from roles, grups or rules</span></span>
- [Roles](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/roles "Roles") : roles granted to a user

## Actions

#### Introduction

A brief description of this process.

<table border="1" id="bkmrk-query-allows-to-sear-0" style="width: 89.8765%;"><tbody><tr><td style="width: 14.0321%;">**Next**

</td><td style="width: 85.9106%;">Allows you to browse to the Filter roles step.

</td></tr></tbody></table>

#### Filter users

Allows you to filter a subset of users to apply the process.

<table border="1" id="bkmrk-undo-allows-you-to-r" style="width: 90.8333%;"><tbody><tr><td style="width: 8.65838%;">**Undo**

</td><td style="width: 91.3301%;">Allows you to return to the previous step without applying any changes.

</td></tr><tr><td style="width: 8.65838%;">**Next**

</td><td style="width: 91.3301%;">Once you search for the proper Users, you can click the Next button to browse to the Criteria result step.

</td></tr></tbody></table>

#### Criteria

The criteria to triggers the action can be:

- Days since last login
- Days since password expiration

Allows you to establish the action to perform on these users.

- Send an email message
- Disable the user
- Remove accounts from target system

<table border="1" id="bkmrk-undo-allows-you-to-r-0" style="width: 90.8333%;"><tbody><tr><td style="width: 9.18262%;">**Undo**

</td><td style="width: 90.8058%;">Allows you to return to the previous step without applying any changes.

</td></tr><tr><td style="width: 9.18262%;">**Next**

</td><td style="width: 90.8058%;">Once you search for the proper Users, you can click the Next button to browse to the Criteria result step.

</td></tr></tbody></table>

#### Preview result

Displays a list with the subset filtered of users and the action to apply.

<table border="1" id="bkmrk-undo-allows-you-to-r-1" style="width: 89.8765%;"><tbody><tr><td style="width: 9.68007%;">**Undo**

</td><td style="width: 90.3135%;">Allows you to return to the previous step without applying any changes.

</td></tr><tr><td style="width: 9.68007%;">**Next**

</td><td style="width: 90.3135%;">Allows you to run the process to the subset of users there are in the list.

</td></tr></tbody></table>

#### Finish

The changes has been executed.

# Disable inactive accounts

## Description

Probably there are some accounts that are no longer used. Using this tool you will be able to identify them and act upon them.

The process is a two step process:

1. Filter out the universe of accounts to analyze.
2. Select the actions to perform on that accounts.

The available actions are the following:

- Send an email.
- Disable the user.
- Remove accounts from the target system.

It's usual to initially use this tool for only a subset of your accounts.  
For instance, you can send a message when the password is reaching the expiration date, disable the account when no login has been made in the last 90 days or completely remove it when the account has been disabled for 30 days

## Screen overview

<iframe allowfullscreen="allowfullscreen" height="314" src="https://www.youtube.com/embed/9cfkIM8bfBs?rel=0" width="560"></iframe>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/kmJokNyZkvrtnGXn-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/kmJokNyZkvrtnGXn-image.png)

## Related objects

- <span class="ILfuVd"><span class="hgKElc">[Users](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/users "Users") : users have effective roles from roles, grups or rules</span></span>
- [Roles](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/roles "Roles") : roles granted to a user

## Actions

#### Introduction

A brief description of this process.

<table border="1" id="bkmrk-query-allows-to-sear-0" style="width: 89.8765%;"><tbody><tr><td style="width: 9.29554%;">**Next**

</td><td style="width: 90.7428%;">Allows you to browse to the Filter roles step.

</td></tr></tbody></table>

#### Filter accounts

Allows you to filter a subset of accounts to apply the process

<table border="1" id="bkmrk-undo-allows-you-to-r" style="width: 93.6905%;"><tbody><tr><td style="width: 10.5566%;">**Undo**

</td><td style="width: 89.4332%;">Allows you to return to the previous step without applying any changes.

</td></tr><tr><td style="width: 10.5566%;">**Next**

</td><td style="width: 89.4332%;">Once you search for the proper Accounts, you can click the Next button to browse to the Criteria result step.

</td></tr></tbody></table>

#### Criteria

The criteria to triggers the action can be:

- Days since last login
- Days since password expiration

Allows you to establish the action to perform on these users.

- Send an email message
- Disable the user
- Remove accounts from target system

<table border="1" id="bkmrk-undo-allows-you-to-r-0" style="width: 93.6905%;"><tbody><tr><td style="width: 11.5733%;">**Undo**

</td><td style="width: 88.4166%;">Allows you to return to the previous step without applying any changes.

</td></tr><tr><td style="width: 11.5733%;">**Next**

</td><td style="width: 88.4166%;">Once you search for the proper Accounts, you can click the Next button to browse to the Criteria result step.

</td></tr></tbody></table>

#### Preview result

Displays a list with the subset filtered of accounts.

<table border="1" id="bkmrk-undo-allows-you-to-r-1" style="width: 89.8765%;"><tbody><tr><td style="width: 12.198%;">**Undo**

</td><td style="width: 87.7956%;">Allows you to return to the previous step without applying any changes.

</td></tr><tr><td style="width: 12.198%;">**Next**

</td><td style="width: 87.7956%;">Allows you to run the process to the subset of accounts there are in the list.

</td></tr></tbody></table>

#### Finish

The changes has been executed.