User login is not guaranteed against reuse
The user login should be individual for each user and not reusable. This means that the system shall provide assurance that a login is not reused even if the original user is no longer a valid user on the system. If the system does not guarantee against reuse, a new user, who has the same login, can inherit the previous user rights. There may also be questions in the event of fraud, if it was committed by the recent user or by the invalid user that managed to access the system.
The system shall never physically remove the register for an user. If the user is no longer valid in the system, it should be marked as not valid, in a logical removal. Even if the user is no longer valid due to resignation, retirement or even death. Having the physical record of the user and the proper primary key settings, the system can guarantee that the user login is individual and not reusable.