app/stories/admin/ADM-002-user-suspension.md

Suspend and Delete Users

ID: ADM-002 Priority: High Status: Planned

User Story

As a platform administrator, I want to suspend and delete user accounts so that I can handle policy violations, security incidents, and account removal requests.

Acceptance Criteria

• Admin can search for users by email, name, or ID
• Admin can suspend a user account with reason
• Suspended users cannot log in
• Suspended users' active sessions are invalidated
• Admin can unsuspend accounts
• Admin can permanently delete suspended accounts
• Deletion removes all user data (GDPR compliance)
• Audit log for all suspension/deletion actions

Technical Notes

• suspendUser and deleteSuspendedUser endpoints exist
• Need admin UI for user management
• Consider soft delete with retention period
• Handle organization ownership before deletion
• Email notification to user on suspension

Related TODOs

• Partial implementation in UserManager