diff --git a/FAC/FAC_INI.SRC b/FAC/FAC_INI.SRC
index 9937228c..00f63163 100644
--- a/FAC/FAC_INI.SRC
+++ b/FAC/FAC_INI.SRC
@@ -2089,7 +2089,8 @@ INSERT INTO prs_perslid
              prs_perslid_otpsecret,
              prs_perslid_dienstverband,
              prs_perslid_ingangsdatum,
-             prs_perslid_opmerking
+             prs_perslid_opmerking,
+             prs_perslid_flags
             )
      VALUES ('PRS',
              (SELECT prs_srtperslid_key
@@ -2105,7 +2106,8 @@ INSERT INTO prs_perslid
              '1$30$6$0$' || RAWTOHEX(DBMS_RANDOM.string ('p', 20)), /* printable characters geeft zo'n 130 bits */
              100,
              SYSDATE,
-             'System account for Facilitor maintenance.'||CHR(13)||'For use by Facilitor support'
+             'System account for Facilitor maintenance.'||CHR(13)||'For use by Facilitor support',
+             32
  );
 
 -- Toevoegen gebruiker om HMAIL-API uit te voeren
@@ -2123,7 +2125,7 @@ INSERT INTO prs_perslid (prs_perslid_module,
           'API-user tbv. hMail-koppeling',
           '_HMAIL',
           DBMS_RANDOM.string ('a', 32),
-          4,
+          36,
           'System account for incoming email.'||CHR(13)||'For Facilitor internal use'
      FROM prs_perslid
     WHERE prs_perslid_oslogin = '_FACILITOR';
@@ -2143,7 +2145,7 @@ INSERT INTO prs_perslid (prs_perslid_module,
           'API-user tbv. Putorders-koppeling',
           '_PUTORDERS',
           DBMS_RANDOM.string ('a', 32),
-          4,
+          36,
           'System account for outgoing email.'||CHR(13)||'For Facilitor internal use'
      FROM prs_perslid
     WHERE prs_perslid_oslogin = '_FACILITOR';
diff --git a/PRS/PRS_TRI.SRC b/PRS/PRS_TRI.SRC
index baea1617..69798153 100644
--- a/PRS/PRS_TRI.SRC
+++ b/PRS/PRS_TRI.SRC
@@ -119,8 +119,15 @@ BEFORE INSERT OR UPDATE ON prs_perslid
 FOR EACH ROW
 BEGIN
     UPDATE_UPPER(prs_perslid_naam, prs_perslid_upper,prs_perslid);
-    UPDATE_UPPER(prs_perslid_oslogin, prs_perslid_oslogin,prs_perslid);
-    UPDATE_UPPER(prs_perslid_oslogin2, prs_perslid_oslogin2,prs_perslid);
+    IF (BITAND(:old.prs_perslid_flags,32) = 32 OR BITAND(:new.prs_perslid_flags,32) = 32)
+    THEN
+        -- Zet de waarde weer terug alsof er niets gewijzigd is.
+        :new.prs_perslid_oslogin := :old.prs_perslid_oslogin;
+        :new.prs_perslid_oslogin2 := :new.prs_perslid_oslogin2;
+    ELSE
+        UPDATE_UPPER(prs_perslid_oslogin, prs_perslid_oslogin,prs_perslid);
+        UPDATE_UPPER(prs_perslid_oslogin2, prs_perslid_oslogin2,prs_perslid);
+    END IF;
     UPDATE_AANMAAKDATUM(prs_perslid, prs_perslid_aanmaak);
     -- If this perslid belongs to the primary company of an xd-environment
     -- it gets a default apikey to get synced across the domains
@@ -143,8 +150,15 @@ BEGIN
              NULL;                                    -- persoon hoort niet bij de serviceorganisatie
        END;
     END IF;
-    IF :new.prs_perslid_verwijder IS NOT NULLDATUM AND :old.prs_perslid_verwijder IS NULLDATUM
+    IF (   :new.prs_perslid_verwijder IS NOT NULLDATUM
+       AND :old.prs_perslid_verwijder IS NULLDATUM
+       AND (  BITAND(:old.prs_perslid_flags,32) = 32
+           OR BITAND(:new.prs_perslid_flags,32) = 32
+           )
+       )
     THEN
+        :new.prs_perslid_verwijder := :old.prs_perslid_verwijder;
+    ELSE
         DECLARE
             dummy   VARCHAR2(1);
         BEGIN
@@ -234,32 +248,34 @@ BEGIN
             WHEN OTHERS THEN NULL;
         END;
         -- Wis alle authenticatiemogelijkheden
-       :new.prs_perslid_oslogin := '';
-       :new.prs_perslid_oslogin2 := '';
-       :new.prs_perslid_apikey := NULL;
-       -- And do what prs.setpassword(:new.prs_perslid_key, NULL) would do:
-       :new.prs_perslid_salt := NULL;
-       :new.prs_perslid_wachtwoord_hash := NULL;
-       :new.prs_perslid_wachtwoord_exp := NULL;
-       :new.prs_perslid_otpsecret := NULL;
-       -- Wis profiel (dat kan anders nooit opgeruimd worden)
-       :new.fac_profiel_key := NULL;
-      END IF;
+        :new.prs_perslid_oslogin := '';
+        :new.prs_perslid_oslogin2 := '';
+        :new.prs_perslid_apikey := NULL;
+        -- And do what prs.setpassword(:new.prs_perslid_key, NULL) would do:
+        :new.prs_perslid_salt := NULL;
+        :new.prs_perslid_wachtwoord_hash := NULL;
+        :new.prs_perslid_wachtwoord_exp := NULL;
+        :new.prs_perslid_otpsecret := NULL;
+        -- Wis profiel (dat kan anders nooit opgeruimd worden)
+        :new.fac_profiel_key := NULL;
+    END IF;
 
-      IF    fac.getsetting ('login_use_email') = 0 AND
-              (   :new.prs_perslid_oslogin  IS NULL AND :old.prs_perslid_oslogin  IS NOT NULL
-               OR :new.prs_perslid_oslogin2 IS NULL AND :old.prs_perslid_oslogin2 IS NOT NULL
-               OR NVL(:new.prs_perslid_wachtwoord_hash, 'X') <> NVL(:old.prs_perslid_wachtwoord_hash, 'X'))
-         OR fac.getsetting ('login_use_email') = 1 AND
-              :new.prs_perslid_email IS NULL AND :old.prs_perslid_email IS NOT NULL
-      THEN -- Merk op: anno 5.3.2 wordt een persoon die *nu* is ingelogd hier niet
-           --          automatisch door uitgelogd
-         :new.prs_perslid_credentials_datum := SYSDATE;
-         DELETE FROM fac_session
-               WHERE prs_perslid_key = :new.prs_perslid_key;
-         DELETE FROM aut_client_perslid
-               WHERE prs_perslid_key = :old.prs_perslid_key;
-      END IF;
+    IF     fac.getsetting ('login_use_email') = 0
+       AND (  :new.prs_perslid_oslogin  IS NULL AND :old.prs_perslid_oslogin  IS NOT NULL
+           OR :new.prs_perslid_oslogin2 IS NULL AND :old.prs_perslid_oslogin2 IS NOT NULL
+           OR NVL(:new.prs_perslid_wachtwoord_hash, 'X') <> NVL(:old.prs_perslid_wachtwoord_hash, 'X')
+           )
+       OR      fac.getsetting ('login_use_email') = 1
+           AND :new.prs_perslid_email IS NULL
+           AND :old.prs_perslid_email IS NOT NULL
+    THEN -- Merk op: anno 5.3.2 wordt een persoon die *nu* is ingelogd hier niet
+         --          automatisch door uitgelogd
+        :new.prs_perslid_credentials_datum := SYSDATE;
+        DELETE FROM fac_session
+              WHERE prs_perslid_key = :new.prs_perslid_key;
+        DELETE FROM aut_client_perslid
+              WHERE prs_perslid_key = :old.prs_perslid_key;
+    END IF;
 
 END;
 /
@@ -296,6 +312,10 @@ CREATE_TRIGGER(prs_t_prs_perslid_B_D)
 BEFORE DELETE ON prs_perslid
 FOR EACH ROW
 BEGIN
+    IF (BITAND(:old.prs_perslid_flags,32) = 32 OR BITAND(:new.prs_perslid_flags,32) = 32)
+    THEN
+        raise_application_error(-20000, 'Delete not allowed');
+    END IF;
 	DELETE FROM prs_kenmerklink KL WHERE KL.prs_link_key=:old.prs_perslid_key  AND KL.prs_kenmerklink_niveau='P';
 END;
 /
diff --git a/_UP/DB37to38.src b/_UP/DB37to38.src
index 1cfbf050..7789efb8 100644
--- a/_UP/DB37to38.src
+++ b/_UP/DB37to38.src
@@ -58,7 +58,10 @@ ALTER TABLE fac_menu ADD fac_menu_message
 ALTER TABLE fac_menu ADD fac_menu_color VARCHAR2 (60 CHAR);
 --ALTER TABLE mld_stdmelding ADD mld_stdmelding_color VARCHAR2 (60 CHAR);
 
-
+/////////////////////////////////////////////////////////////////////////////////////////// FCLT#59433
+UPDATE prs_perslid
+   SET prs_perslid_flags = prs_perslid_flags + 32
+ WHERE prs_perslid_oslogin IN ('_FACILITOR','_HMAIL','_PUTORDERS');
 
 /////////////////////////////////////////////////////////////////////////////////////////// XXXX#nnnnn