Hi Nishant, disabling the operator is the best method to achieve what I understand you're looking for. The deleting of an operator record should be done only as a last resort as operator records are associated with assignments and work items. Once deleted, you no longer have details of that operator and break data integrity rules/guidelines.
To disable an operator from being able to login, you can do the following internal to PRPC/Pega7:
1. Update the operator record and reset/change their password (regardless if external authentication is used).
2. Update the operator to use an Access Group which has roles to deny access to your applications. Basically, setting a user to PegaRULES:Guest role which should have no Application Specific RuleSets in the Application used by the Access Group.
3. Set the name of the Access Group to something like "Terminated or Disabled". Something that meats the purpose of your request to deny access and easy to identify later.
4. If needed, and not required for additional security change their WorkGroup & WorkBasket access to a Terminated/Disabled WorkGroup "NAME". Then remove all WorkBaskets from their profile.
5. Uncheck the box that allows the user to receive/process work items. Since the user is not allowed to log in, then they have no reason to access work items.
That should take care of the users access to the system. Any attempt of logging in will result in a Security Violation / Access Denied message. This process works very well as I've instituted it here at Pega for environments I manage.