user-manage clear-invalid-users schedule
Function
The user-manage clear-invalid-users schedule command enables the function of automatically clearing invalid users and sets the time for automatically clearing invalid users.
The undo user-manage clear-invalid-users schedule command disables the function of automatically clearing invalid users.
By default, the function of automatically clearing invalid user information is disabled.
Format
user-manage clear-invalid-users schedule { daily | weekly { Mon | Tue | Wed | Thu | Fri | Sat | Sun } } HH:MM
undo user-manage clear-invalid-users schedule
Parameters
| Parameter | Description | Value |
|---|---|---|
daily |
Indicates that invalid users are periodically cleared every day. |
– |
weekly { Mon | Tue | Wed | Thu | Fri | Sat | Sun } |
Indicates that invalid users are periodically cleared every week. |
– |
HH:MM |
Specifies the time for clearing invalid users. HH specifies the hour. mm specifies the minute. The 24-hour time system is used. |
HH ranges from 0 to 23; mm ranges from 0 to 59. |
Usage Guidelines
Invalid users, including users, user group, and security groups exist on the FW in the following situations:
- After users/user groups/security groups are imported from the server to the FW, some users/user groups/security groups are deleted from the server, and users/user groups/security groups are immediately imported to the FW or full synchronization succeeds. The deleted users/user groups/security groups on the FW become invalid.
- The security policy references the users/user groups/security groups that are queried online and imported from the server.
- Users/user groups/security groups are imported from the server, and the corresponding import policy is deleted from the server.
- Users/user groups/security groups are imported from the server, and the device restarts.
When the device automatically clears the following invalid users (including users, user groups, and security groups), it checks whether all import policies whose import types include users, user groups, and security groups are successfully imported. If all policies are successfully imported, The invalid users (including users, user groups, and security groups) are cleared.
- Users/user groups/security groups are imported from the server, and the corresponding import policy is deleted from the server.
- Users/user groups/security groups are imported from the server, and the device restarts.
After the command is run, the FW will automatically and periodically delete all invalid users. To manually delete some users, log in to the web UI of the device and choose to view invalid user information and delete specific users.
Invalid users will not be deleted in the following situations:
- The invalid users are online or referenced by a policy. After the users go offline or the policy that references the users is deleted, the users can be deleted.
- User groups, subgroups, or users in user groups are referenced by the policy, users in the user groups are online, or subgroups, users are not imported from the server. After the users go offline or the policy that references the users is deleted, the user groups/subgroups/users can be deleted.
- The users in the security groups are online. The security groups can be deleted if the users go offline.
- The security policy references the users/user groups/security groups that are queried online and imported from the server. Therefore, the users, user groups, and security groups are always invalid and cannot be deleted, which does not affect policy matching.
Example
# Enable the function of automatically clearing invalid users and configure the device to automatically clearing invalid users at 00:00 every Saturday.
<sysname> system-view [sysname] user-manage clear-invalid-users schedule weekly Sat 00:00 Warning: The system will clear invalid users, user groups, and security groups at scheduled time. Continue? [Y/N]:y