While it is possible to do with COS, there are so many different ways to achieve it.

Most easiest and preferable way, is to write some code on server side, and call it from batch script.

To work with users, you can use class Security.Users.

Also you can look at %Installer manifest, which has some functionality about security.

Terminal scripts, can help to automate some things. And how to run it.

And even you can read this article, about COS and Linux. It is quite simple, but as an example.

Your clarification does not help actually. But any way, deleting any object, leave just ID on a link, and again, everything here depends on your application. In most cases it could cause for some different issues, when application have not expected deleted object. And I would recommend to use some flag like "isDeleted", which can help to hide such objects in most of places, and still have an access to the content of this object, to show if it would be needed. Completely delete object recommended only in case when no any other objects has links to this one. 

    set url="http://www.intersys.com/main.csp?a=b&QUERY=abc&QUERY=xyz"
    Do ##class(%Net.URLParser).Parse(url, .aComponents)
    
    set query=$lfs($get(aComponents("query")),"&")
    for i=1:1:$ll(query) {
        set $lb(name,value)=$lfs($lg(query,i),"=")
        set index=$order(data(name,""),-1)+1
        set data(name,index)=$g(value)
        set data(name,index,"O")=i
    }
    zwrite data

 

data("QUERY",1)="abc"
data("QUERY",1,"O")=2
data("QUERY",2)="xyz"
data("QUERY",2,"O")=3
data("a",1)="b"
data("a",1,"O")=1