Prevent Enterprise Users from deleting own account on GitLab.com

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

In GitLab, a user has the option to delete their own account by going to Settings > Account. When this occurs, the user account is removed from the DB and has all their issues/MRs assigned to Ghost User. This might be problematic for instances with policies in place that require an auditable history for users. Once a user is deleted, there's no way of assigning certain Ghost User activity to a certain removed user.

Proposal

• This is an Enterprise Users feature, for GitLab.com only
• Introduce a setting to prevent users from being able to delete their own account.
• This does not need to be at an individual user level, and can be at a higher level.
• Enterprise Group Owners should be able to delete the user's account

What does success look like, and how can we measure that?

• Users should no longer be able to delete their own account.
• Instance administrators can still delete those accounts. (Since this is a GitLab.com only feature, this would require involving Support as well as all the requisite authenticity verification processes).
• Perhaps not tackled in this issue but the approach for this issue needs to be compatible with these requirements:
  • Enterprise Group Owners can delete their Provisioned Users.
  • Provisioned Users cannot delete their own accounts.

Links / references

OP from @nischay.rathor

Currently users can delete own account from account in profile sections (https://company-xyq.com/profile/account). This action also removes any personal projects. Currently we have no configuration setting to prevent it. In our organisation we want to prevent users from deleting own accounts.