Should there be an announcement or at least a ping of other group
managers just to make sure there are no objections? While unlikely,
I'm a little concerned that a rogue group manager could cause some
harm on their way out the door, for example.
I think a good solution for this would be needing +1s on the ticket from
group members before it can be deleted, with a few possible exceptions
of old groups with only 1 or 2 people in them.
We now have 5 requests to remove various no longer used groups.
I've enabled audit logging on our ipa01 instance, so we have audit logs
(and I intend to back them up and keep them forever). So we can tell
when a group was deleted by whom. We also have a db dump from fas2
before the switchover where we can look at who was in what group or what
So, I would like to propose:
* we will remove groups on request/ticket from a group manager.
* we will not seek out groups to remove, as them being there doesn't
really hurt anything.
Otherwise I think if we have the audit log then we should be free to
delete the groups as needed. It will likely be a rare request in future, the
new account system has triggered a spring clean I think.