Initially, a User has no rights in MinistryPlatform.
The only application they can use is the Portal and their rights on the Portal is limited to activities related to their personal data. Heads of Household may be able to work with the data of other family members. Participant Type determines access to Church Directory.
For access to the Platform, a User must have a Security Role. The number of User records in your database does not impact your MinistryPlatform support fee. Only users with Security Roles impact your monthly support fee. To view which users have Security Roles, change your view on the Users page to Users with Security Roles.
If a User does not have access to the MinistryPlatform, the User will receive the following error when attempting to login to the platform: You are not authorized to access this application.
Alternatively, you can click Add to provide several Security Roles to a User.
Using the Inactivate Tool automatically removes Security Roles from the selected records. So if the person is actually no longer active at your church, you could use the Inactivate Tool to remove their Security Roles (and update lots of other things in the system too).
It is not recommended to delete Security Roles which came with MinistryPlatform. The ability to delete a Security Role (from the Security Roles page) is hidden from all users. Please contact Support for questions concerning deleting a Security Role.
This a more advanced option.
If a person leaves your staff, we encourage you to simply delete their Security Roles (see option #1 above). This is the simplest way to ensure they no longer have any rights in MinistryPlatform while allowing the User to continue to access things like their contribution statement on the Portal.
There is another way to transfer the User Record's attached data to another User. It has a few downsides, but it is surprisingly easy.
Now, every view, task, process or other record connected to that departing staff is now safely under the remaining staff member.
The downside: First, that this obscures some history by making it look like this remaining staff person was responsible for historical tasks of the departing user. Second, the departing staff person has to generate a new User account on the Portal if they have donor data they need to access, but that shouldn't matter. There are some potentially other, more minor downsides. Keep in mind that the departing staff's Donor, Participant and Contact records are left alone if you followed these steps.
The advantage: You have certainty that all data formerly associated with the previous user record has a new owner.
See Also: Security Roles and Page Permissions.