An employee who has left the company is used as the user in one of our Access Tokens for integration. Would it break if we remove the access from his employee record? I guess so? If we just rename his Employee record with the new resource who needs the access, the new resource would have access to the integration role, right? Which would give him access to the stuff he shouldn't see. What is the best practice in this case? Ideally, we could have created a dummy employee for integration purposes but that's one license my boss could not leave unassigned to an actual user.

if the token is attached to a web-services only role, then the new employee wouldn't be able to see anything related to that role through the front end as they couldn't select it

Ohh got it. Thank you

Jon is correct; but, remember, if they have the token information, they can still access your system vie web services. Best practice for integrations is to never use an actual person as the employee. Always have a fake account that is not tied to any real person. As well, anytime someone leaves the company who knows the credentials, they should be changed (it's annoying but keeps you safe).

Thanks @Charles.Bastian. that's very helpful. How do we change the credentials? Do we create a new access token and reconnect?