What happens to Audit records when a user is deleted or disabled?

When a user is deleted or disabled, the audit records associated with that user remain unchanged and can still be accessed and searched. This is essential for maintaining an accurate historical record of user activities and actions within the system. Keeping these records intact ensures that administrators can perform audits and investigations even after the user’s account is no longer active. The integrity of audit logs is crucial for compliance, security, and accountability purposes.

The permanence of these records allows organizations to have a comprehensive view of user behavior, which can be critical in scenarios involving security breaches, policy violations, or any situations where understanding past actions is necessary for troubleshooting or legal considerations.