Emotions aside, isn’t it just sensible security policy to delete all permissions and invalidate all credentials of a terminated employee as soon as possible? Any other approach would be exceptional.