I’m not sure if there is a clear indication of this (at least I haven’t seen it documented yet). It appears it will depend on what type of User Entity that you are looking at.
But from the Users menu, you can activate and deactivate a user profile which would prevent that user from authenticating and being authorized. Web Access on the other hand is authorization to use the Web UI / API in case all you wanted them leverage is a Robot
For example when I look at my User list for a particular user that I know hasn’t logged in some time (8+ Months) and is still an active domain user. I see a Robot Record that is marked Inactive (which might have been due to changes made when we migrated from 2019 to 2020) which I cannot activate or deactivate, nor delete.
Previously (earlier than 2019.10) Domain User/Group integration was an import only feature, so it was helpful to be able to deactivate certain users that you know have left the company or changes roles.
The other piece which I cannot confirm at the moment, when we had some team members leave the organization and the accounts became disabled in Active Directory, I cannot recall if they automatically switched to Inactive in 2020 when the cache refreshed or if they remained Active in Orchestrator, in either case they were setup with Windows Auth and/or SAML so once they were disabled in AD they wouldn’t have been able to authenticate anyways. (I have since removed those those users from Orchestrator to free up licenses).
I remember in old documentation 2018/2019 About Users / Managing Users documentation mentioned Activating / Deactivating Users as a action, but it didn’t describe the feature at all.