User Lifecycle Management

Automatic User Deletion for Moodle



Niels Gandraß

mail Niels.Gandrass@haw-hamburg.de
globe https://gandrass.de



Annual Conference of the Moodle an Hochschulen e.V.

Rosenheim Technical University of Applied Sciences

2026-03-03

Motivation

Why and when do we even want to get rid of users and other content?


gavel  Legal construction  Technical apartment  Organizational

Legal requirements

Let's get trough the boring stuff first ... (1/3)


contract  Art. 5 GDPR
1. Personal data shall be: [...]
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

keyboard_arrow_down

We need to remove old user records and other personally
identifiable information (PII) from our systems
without undue delay

I'm not a lawyer
Consult your DPO!

Legal requirements

Let's get trough the boring stuff first ... (2/3)


contract  Art. 19 GDPR
The controller shall communicate any rectification or erasure of personal data [...] to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

keyboard_arrow_down

Students deleted from the university IDM must be deleted
from Moodle without undue delay

I'm not a lawyer
Consult your DPO!

Legal requirements

Let's get trough the boring stuff first ... (3/3)


contract  Art. 17 GDPR
1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay [if] one of the following grounds applies:
(a) the personal data are no longer necessary [...] for which they were collected;
(b) the data subject withdraws consent [...] and where there is no other legal ground for the processing;

keyboard_arrow_down

Students can't simply request the deletion of exam data or grades.
Deletion can't be a fully automated self-service.

I'm not a lawyer
Consult your DPO!

You survived the boring part!


In case you missed the confetti at the MoodleMoot DACH 2025 DevCamp

Technical & Organizational aspects

home_storage  Your moodledata/ folder is only getting bigger
chevron_right All uploaded files and submissions are kept for active users
database  Your Moodle database grew to a decent size while containing mostly unused data
more_time  Certain tasks or database queries take ages to complete
chevron_right Some housekeeping tasks still scale largely with the amount of total user data
database_search  Having less data to sift through leaves more time for the interesting tasks
person_search  Avoiding name collisions when searching for users
chevron_right Enrolling the correct "John Smith" out of 30 ones can be error-prone
layers_clear  Phasing out old content (e.g., question types or activities)
chevron_right Some plugins can only be uninstalled once all usages / instances are deleted

Our Current
User Lifecycle(s)

How users get on and off our Moodle platforms

Different platforms, different user lifecycles

We run a number of Moodle platforms with diverging user management


University Moodles
  • Used solely by our students
  • Primary auth method is SSO
  • One account per university member
  • Semester-based user creation
    
Public Moodle
  • Open to the public
  • Local accounts and multiple SSOs
  • Anonymous temporary accounts
  • Constant user fluctuation

University Moodle

The simple and straight forward case

Public Moodle

The "slightly" more complicated case ...

Key takeaways


  1. It's only simple until it isn't
  2. User life cycles can be multi-staged
  3. Different user groups may require different life cycles
  4. External systems / events can dictate the flow
  5. There is no simple "one size fits all" solution

Moodle Plugin Showcase:
Automatic User Deletion

What is already possible today!

Key features


settings_account_box  Automatically deleting inactive user accounts
unsubscribe  Sending warning emails to users before deletion
security  GDPR-compliant deletion of user accounts
science  Dry-run mode for testing the configuration
monitoring  Statistics of inactivity warnings and deletions
construction  Highly configurable (time thresholds, email templates, ...)

Moodle Plugin:
Automatic User Deletion

User selection criteria

How users can be identified to receive a warning or being deleted


web_traffic  Last access to Moodle site timer  Inactivity days after warning mail
passkey  Authentication method approval_delegation  Role assignment
shield_person  Site-admin status block  Account suspension status

Dry-run

Statistics

GDPR-compliant user deletion

Removing the remaining personally identifiable information (PII) after Moodle "deleted" a user


deleted0
usernamejohndoe
password<Password Hash>
emailjd@foo.com
firstnameJohn
lastnameDoe
institutionAwesome Uni
idnumber123456789
descriptionMy secret is 1234
phone1+00 123456789
addressNorth Pole 1
lastip10.0.0.42
picture
Moodle user table for active user 		arrow_right_alt
Delete
user
deleted1
usernamejd@foo.com.1772113756
password<Password Hash>
email<MD5 Hash>
firstnameJohn
lastnameDoe
institutionAwesome Uni
idnumberempty
descriptionMy secret is 1234
phone1+00 123456789
addressNorth Pole 1
lastip10.0.0.42
picturebroken_image
Moodle user table for deleted user 		arrow_right_alt
Remove
PII
deleted1
usernameDELETED-USER-1
passwordempty
emailDELETED-USER-1@localhost
firstnameDELETED
lastnameDELETED
institutionempty
idnumberempty
descriptionempty
phone1empty
addressempty
lastipempty
picturebroken_image
Moodle user table after PII removal

Sources

The automatic user deletion plugin is available on GitHub
and via the Moodle Plugin directory!


https://moodle.org/plugins/tool_userautodelete
https://github.com/ngandrass/moodle-tool_userautodelete

Deficiencies and Future Needs

Yeah, we got a working plugin! Not tell me what is the catch?

Current limitations

A list of what we think is still missing

place_item  Only a single predefined workflow can be used
chevron_right Can be customized to allow ~2.5 different scenarios
identity_platform  External systems / events must flag users by suspending them
mail_asterisk  No support for variables in mail templates
category_search  Missing support for advanced filters based on user fields
domain  Custom (institution specific) checks or actions can not be included
extension  Integration with other plugins (e.g., mod_attendance) not possible

Upcoming Major Update
of the Moodle Plugin

By this point you probably can already guess what's coming ...

The workflow approach

Existing predefined steps will be replaced by freely configurable workflows,
similar to what is known from the Course Life Cycle Plugin

more_horiz
More workflows
more_horiz
More workflows

Filters and actions are extensible sub-plugins

User filters and actions are lightweight and can be easily added according to institutional needs


Filters Actions
web_traffic  Last access timer  Time delay
passkey  Auth method approval_delegation  Role assignment
block  Suspension state
wand_stars  ...
mail  Send Mail account_circle_off  Suspend
account_circle  Unsuspend delete  Delete
security  Anonymize
wand_stars  ...

Upgrading


deployed_code_update


Existing v1.x.x installations will be upgraded to v2.x.x in-place

All settings will be converted to a new workflow
with respective actions and filters

Timeframe


calendar_clock


The new version is expected to be released in Summer 2026

Watch the GitHub project or install the Moodle plugin now
to get notified once the new release is out!

Sources

The automatic user deletion plugin is available on GitHub
and via the Moodle Plugin directory!


https://moodle.org/plugins/tool_userautodelete
https://github.com/ngandrass/moodle-tool_userautodelete

Q&A Session

Now it's time for your questions and feature requests!

You can find all slides of this talk at
globe https://gandrass.de