Hi,

I've been reading up on system users / system user access token setup and have a question on it before we move to that type of setup for our automation with our business manager account for Facebook Business/Ads that our organization uses. Currently we're not using this setup. Current setup is access through page access token, but we'd like to move away from it and use a more proper system user especially if it's behavior is improved. The high level question is does system user loose access if admin user that created system user Is removed from the system (the Facebook Business Manager Account and associated Facebook Developers App)?

Details: let's say an admin user (user A) in Facebook business manager account and its associated Facebook developers application creates the system user (a system user, user B. user B is a system user with no Facebook login). In system user (user b), a non expiring token is created. If Admin user (user a) is removed from Facebook business manager account does system user (user B) lose access? User B is a system user defined by https://developers.facebook.com/docs/marketing-api/system-users/overview and here https://developers.facebook.com/docs/marketing-api/system-users/install-apps-and-generate-tokens / https://developers.facebook.com/docs/facebook-login/guides/access-tokens/. User B is NOT the one being removed from the Facebook business manager account for the organization / the app under the Facebook business manager account it's installed on/registered to. User A is being removed in this scenario. User A (admin user) is removed because the employee left the company or even another scenario where accidently that user was removed from the manager account. However User B is used for critical automation ( a system user used for automation between the organization's Facebook Business manager account and offline systems in the organization) where losing access is not acceptable when User A leaves.

Currently to get around this scenario we're using a page access unexpiring token and that token was created by an "admin user" that is a facebook login/account that is a "service account" for the business. I.e., it's a facebook account hooked to an organizational email distro which a critical group of people have access to that facebook account login (not one person to avoid the scenario of an employee leaving) AND they also have access to the MFA token (for that facebook "service account"). This has worked pretty good over the years but recently that "service account" was removed accidently from the organizations Facebook business manager account (organization was doing some cleanup of users in our business manager account and accidently removed the "service account" user from the business manager account). When that happened, the unexpiring page access token lost access as its user that created that token had accidently lost access. We've since recovered but yeah still vulnerable there. So we're looking at ways to improve this so our automation doesn't lose access and have been considering this system user token access method. But if the system user also loses access if said admin user that created system user is removed from system, it doesn't really provide us any additional benefit to move over.

We're not finding a definitive answer here in the facebook docs so hoping someone in the community can confirm. We don't want to move over if it provides no benefit and are too busy with other priorities to test this at the moment. Figured this is something the community would know for sure about!

Thanks for your time!