Normally users who no longer have access to BO are deleted from with the Supervisor module.
However, we now have at least one user who’s access has been re-instated but when we try to set up this user in Supervisor. We get an error message that the user/group already exists.
Is there a way around this?
Fherry 
(BOB member since 2007-03-21)
Well, the “official” way to do it is to run a Scan/Repair/Compact on the Security domain, which will purge the old record. Then create the ID as a new user.
The unofficial was involves some repository hacking. Look up the ID in obj_m_actor. The value of m_actor_n_lat should be “1”, which indicates a deletion. Change that to 2. Get the m_actor_n_id value, and look it up in obj_m_actorlink.m_actl_n_actorid. Change the m_actl_n_lat values to 2.
joepeters 
(BOB member since 2002-08-29)
I actually tried the scan/repair/compact but I still get the error. Could this mean that there is a bigger issue?
Fherry (BOB member since 2007-03-21)
hmm. Did you check off “Allow deletion of sensitive records…” when you did the Scan/Repair/Compact? Check obj_m_actor anyway; if you want to go the purge-and-recreate route, then manually deleting the old record from obj_m_actor should force it to work.
joepeters (BOB member since 2002-08-29)
The last thing also is: Did you map your users with any AD?
No AD mapping before XI, Sebastien 
joepeters (BOB member since 2002-08-29)
It was possible in BO6.5 to map BO with AD …
uh, yeah. You’re right – I thought it supported SSO only, but LDAP mapping was supported too.
But even then, there would have to be a record in obj_m_actor, no?
joepeters (BOB member since 2002-08-29)
No that’s a strange behaviour …
Users are not stored within OBJ_M_ACTOR but impossible to “dupliate” a user.
I found only one customer using such stuff and never understood how it is working plus the BO support never really answered my questions …