Currently users cannot be deleted from the measure tab. I would expect clients would require employees removed once they have left the organization, or changed roles. For larger organisations their GRC (Governance ,Risk and Compliance)standards would no doubt mandate this requirement. Within the corporate cyber, this is priority one. All prospective vendors, integrators, etc. will need to pass the acid test prior to any consideration. Especially, if they aligned to standards such as 27001, 31000,etc. Possibly, worth considering at some point.