In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account .