Security

I have set Cluster-Wide Parameters to cleanup expired guest account to 1 day, also registered user to expire at 23.59 of each day.

 

I have noticed that guest created via Guest Self-Registration Portal after the guest account expired; they are removed upon next day 00:00.

 

However, Guests account created through REST API (including using in-built API Explorer), when the Guest account expires; it is not deleted even after a few days.

 

I have also tried [Patch] the API created guest account fields to be similar to Self-Registration Portal creation variables/input however it is still the same.

 

Was wondering if they are stored in a different part of the database or if there is a configuration which I have missed out on this disparity treatment between the different approach of guest account creation.

What is the value of the do_expire attribute in the guest accounts? This parameter decides if an account will be deleted or not

have tested setting do_expire to both 3 & 4, account with either values also does not delete when created via API and remain at Expired state

Can you paste the full create payload?