To delete workforce users and data, you must initiate a delete request with auser resource ID that is formatted as follows:

principal://iam.googleapis.com/locations/LOCATION/workforcePools/WORKFORCE_POOL_ID/subject/SUBJECT_ID

The stages in the data-deletion pipeline are as follows:

Stage-1: Soft-deletion state: After you initiate a delete request, theusers and data are immediately marked for deletion and enter a 30-day soft-deletion state. In that state, the data can be deleted at anytime. After it isdeleted, it cannot be accessed unless it is first recovered. You canusuallyrecover data that is in this state.

Stage-2: Purged state: Users and data that remain deleted longer than 30days are in the purged state, meaning they are permanently deleted and cannot berecovered. After thedata enters the purged state, the user identifier can be reused and assigned toanother user. This is because the identifier is processed as a new entity inIdentity and Access Management (IAM).

Required permissions

This section details the IAM roles or permissions required toperform delete and undelete operations.

The permissions are as follows:

• iam.googleapis.com/workforcePoolSubjects.delete
• iam.googleapis.com/workforcePoolSubjects.undelete

These permissions are included in the Workforce Pool Admin role(roles/iam.workforcePoolAdmin).

Delete users and data

To delete users and data, do the following:

gcloudiamworkforce-poolssubjectsdelete\SUBJECT_ID\--workforce-pool=WORKFORCE_POOL_ID\--location=global

Undelete users and data

During the soft-deletion or pre-purge deletion phase, you can undo auser deletion.

To undelete a user, do the following:

gcloudiamworkforce-poolssubjectsundeleteSUBJECT_ID\--workforce-pool=WORKFORCE_POOL_ID\--location=global