I just checked a PRPC722 system : there is an checkbox on the Security Tab 'Disable Operator'.
If you check this and save the Operator Record and then try logging in as the Operator you will be prevented from logging in with a message of "Your account has been disabled, contact your system administrator':
I did a 'view XML' of the Operator Record before and after making the change - and can see that this PRPC Property holds the value you are after:
In any enterprise system we don't touch the user id's in Pega. Since the authentication will be performed will help of any identity management system like LDAP, the id will be deactivated there.
May I know what's the use case, if you don't want any new work to be assigned to user than there are multiple ways to do that. if you don't want them to login, I feel create a table with all deactivated id's and at login check if id belong there, if yes, take them to error page and if not let them login.
You can use the 'Operator is available to receive work' checkbox in 'Work' tab of operator ID form. This check box affects the routing activities but does not affect the user's ability to log in. If you uncheck this checkbox it will prevent to add assignments to user's WL.
Also you can create a 'Deactivated' access role/group and revoke all the permissions (for that access role/group) and customized a harness to show the deactivated message to the user, User will not have access to anything and will be able to see the deactivated message .