Which tables used by the plugin TROCK Timetracking Overview And Logging can contain personal data ?
Issue #44
closed
Hi,
We are currently working on anonymizing our data stored in Jira.
We would like to know the completeness of the tables used by the plugin TROCK Timetracking Overview And Logging that may contain personal data.
Kind regards,
Roman.
Comments (3)
-
repo owner
-
repo owner
- changed status to closed
-
reporter
Hi Johannes,
Thank you for your quick and explicit answer.
We will take your feedback into consideration in our GDPR work.
Kind regards,
Roman.
- Log in to comment
Hi Roman,
TROCK creates a user-setting at login of a user. The data are the user-key, report type (Week, Month, Custom), start- and end-date, and the configured filter.
The user-key is the user-name (the "login-name") if the user was created in Jira-versions before 8.4, and is of format JIRAUSER12345 if the user was created in Jira-versions starting with 8.4.
Database
TROCK stores the user-settings in the database-table AO_A18366_USERCONFIG. You can find table-names of add-ons in the List of Jira Server AO table names and vendors.
REST API
TROCK has the REST-API where a user with System-Admin permission can get all user's settings.
Anonymization extension points not implemented
TROCK has not implemented the anonymization extension points described in Dev docs: Anonymizing users. I don't know if I will do this because only users with system-admin permission or database-access can read user's TROCK data. So the possibility of misuse is low.
Bulk-anonymization
If you are interested in anonymizing users in buik, check out my script anonymize_jira_users. I have anonymized hundreds of users so far in production, which would be quite annoying doing this user by user in the UI. But check this in a staging-instance before.
Hope this helps,
kind regards, Johannes