Shows any users with permissions that aren’t part of permission groups. These can be added during upgrades (if the Profiles > Staff Client > Permissions: Use Polaris-defined new permission defaults setting is set to ‘Yes’), or may linger for different reasons. We cleaned these up a few years ago, but I see some re-activated users have some that we didn’t adjust, so it’s useful to check on every now and again.
Great script for a permissions issue that can leave you scratching your head when something goes sideways.
One small thing we do in regard to:
We wipe all user permissions from accounts that have been disabled more than 90 days ago to reduce the chances of some historic permission’s weirdness getting carried into the present. Either by reactivating or using the disabled account as the basis for copying in new accounts.
Removing them seems like a good strategy. I personally like keeping the permissions for reference, though I see a lot of arguments for removing them. Thankfully these permission issues aren’t a big challenge for us here, even if we may need to do a bit of clean-up soon…