Unable to delete users in MAA with no tasks or samples, or patterns seen in GUI


Article ID: 168750


Updated On:


Malware Analysis Software - MA


When a MAA user has samples, resources, or patterns associated with its account, the user cannot be deleted.

A notification of this rule is returned when such a user is requested for deletion from the CLI:

[email protected]:~$ curl -s localhost/rapi/system/users
  "api_version": 6,
  "exec_time": 0.0035,
  "request": "GET /system/users",
  "results": [
      "ui_creds_last_authenticated": "2015-08-25T16:10:07",
      "ui_creds_role": "administrator",
      "ui_creds_uid": 3,
      "users_date_added": null,
      "users_email": "[email protected]",
      "users_label": "Administrator",
      "users_state": 0,
      "users_uid": 3,
      "users_username": "admin"
      "ui_creds_last_authenticated": "2015-08-25T16:09:15",
      "ui_creds_role": "analyst",
      "ui_creds_uid": 4,
      "users_date_added": "2015-08-25T16:08:49",
      "users_email": "[email protected]",
      "users_label": "delete test",
      "users_state": 0,
      "users_uid": 4,
      "users_username": "deltest"
  "results_count": 2,
  "server_time": "2015-08-25T16:13:33.419683"

[email protected]:~$ curl -X DELETE localhost/rapi/system/users/4
<html><title>409: Conflict</title><body><pre>HTTP 409: Conflict (Cannot delete a user that owns existing samples, resources, or patterns)</pre></body></html>



Samples, resources, and patterns must be associated with a known MAA user. MAA will reference on the backend and see users still connected from previously ran tasks, samples, and patterns.



All samples/resources/patterns owned by the user must be deleted first. Then the user may be deleted.


use the CLI command to Force delete the user.

curl -k -X DELETE https://localhost/rapi/system/users/5?force_delete=1

Where the number highlighted in red above, is the user ID found in the GUI next to the user in question

This will keep the User listed to all the Samples, Resources, and Task Patterns but should logically remove the backend connection to them.