user_expire
Security covered
This module allows an administrator to define a date on which to expire a specific user account or to define a period at a role level where inactive accounts will be locked.
You need this module if:
- A user (such as contractors or short-term employee) are only active for a set period of time until their Drupal account should be disabled
- You want to lock accounts if a user is inactive for a period of days, (e.g., 90 days for PCI Compliance)
- You want to give someone access to a site for a brief period to test it out and then revoke their access after a specific number of days
- This module is helpful to achieve compliance with PCI DSS requirement 8.1.4: Remove/disable inactive user accounts within 90 days
This module currently has automated tests for all of the key features. The code meets the Drupal coding standards. There is a stable release, so you can be confident that any security issues will be handled by the security advisory process.
Follow Drupal Documentation for unblocking a user manually.
Drupal 11 Users
Drupal 11 users who had previously updated to 8.x-1.2 should update to a 2.1.x version for full compatibility.
Upgrade guides
- User Expire Upgrade Guide for 8.x-1.x to 2.0.x or 2.1.x
- User Expire Upgrade Guide for 7.x-1.x version to a 2.1.x version.
Similar modules
- Role expire - for expiring (removing) a role from a user after a set period.