What's the difference between Suspend and Lockdown for a user?

Hi Michael,



The intended use case for suspending a user is performing a "soft delete"-- i.e. removing the user's ability to access the system, temporarily or not, while wanting to keep the user entity around. Since the delete operation can be performed with user credentials, if exposed in the right way through the app's interface, this could be a way for a user to remove himself from the system while still disallowing the creation of another user with the same username, or allowing a user that is part of an administrative group to do the same.



Lockdown, on the other hand, is a way to restrict access (say, when an employee has been fired) rather than to delete a user. It is a more restrictive operation, and can only be performed by the master secret. The biggest functional difference is that if you are using a library, your app will wipe all user data from both disk and memory upon learning that the user is locked down (note that some, but not all of our libraries currently support this functionality; the rest will follow soon. I would encourage you to follow your library's timeline at http://devcenter.kinvey.com/timeline in order to learn when support is added). More complete devcenter documentation will be added as the feature evolves and library support is improved.

Just as a followup to be clear:



* Delete user permanently destroys the user id and frees it up for reuse again by another/same user?

* Suspend soft deletes the user and since the user record stays, there is no way a new user can use the same user id. This can be initiated by the user himself eg. unregistering from the app. While the user id is not available for use by new users will the same user be allowed to reregister (un-suspend)?

* Lockdown is similar to suspend but triggered by the admin and causes a remote wipe of device data as well. The user id remains unavailable for use by same or new user?



Is there a user delete operation that destroys all associated data/files also with it?

Hi Pankaj,



1. Yes, "hard" deleting a user (http://devcenter.kinvey.com/rest/guides/users#APIVersion2) removes that user record from the database, freeing up their username/_id/etc.

2. Yes, suspending a user keeps the user record in the database but will not allow any access by that user. Whether or not the user itself can perform this action depends on how permissions are configured for your app (http://devcenter.kinvey.com/rest/guides/security#Gotchas). However, a suspended user can only be restored by using the master secret and making a request to the _restore endpoint (as described in http://devcenter.kinvey.com/rest/guides/users#APIVersion1).

3. Yes, lockdown can only be triggered using the master secret and, **if your library supports the feature**, also causes data to be wiped from the local device.

4. There is currently no cascading delete operation that also removes data related to the user. Cascading deletes can get very complex and are completely dependent on your app and use case (for example, do you always remove all data from all collections in which the owner is set to be deleted user? what if the data is shared?). If you need to remove related data when deleting a user, we recommend that you implement the functionality yourself through business logic.