Change (anonomise) user name

Installation & maintenance
1

Dear all, @juanf @cbarillari
(@khalil.rejiba )

we’re currently in discussion with our legal department and one of the remaining questions is how to deal with Art 17 GDPR, aka deletion of user details. At the moment, as far as I understand, admins can archive the user but the user is still there with the same name/user ID?

Is it possible to change the user credentials to some pseudonym, e.g. Ulrich Kerzel (RWHT my.email@instiution.de) beomes, say, Lord Vader (Imperium, vader@darkforce.universe).
As a work-around (we will have to answer the legal department something…) can we do this (if the need really arises) manually by stopping the openbis server, doing some sort of SQL magic and start it up again?

Many thanks in advance
best wishes
Uli

2

Dear Uli,

via UI this is not possible. You can of course change usernames in the database directly, but of course you loose traceability.

I can bring up the topic for internal discussion, if this is a requirement.

Best,

Caterina

3

This topic might also be important for us in the future (for the same reasons Uli mentioned).

4

Dear @cbarillari

many thanks for the quick reply.
I will double-check but I guess for now it’ll be good enough that we can take the system offline, change the DB manually, bring it back up.
I’m not sure there will be many instances but there are a number of legal aspects we need to cover…

the legal department points to paragraph 17.1 and 17.2 (“right to be forgotten”), we can push this down the line with paragraph 17.3 a few years from now but, in the end, it’ll be a legal requirement that we have “something”…
It’ll apply to the whole EU and since the Swiss equivalent is strongly influenced by the GDPR, something similar might arise on the Swiss side as well.
Changing the name to a pseudoyme seems to be ok, we don’t really want to erase all data.

many thanks again
Uli

5

Dear @kerzel,
you don’t need to have the system down. I assume user’s to be forgotten/anonymised are inactive. We deal with that “use case” regularly when we migrate from one authentication system to another, of from one user’s directory to another, and user’s are getting married even and they wish to have different name. It is not part of standard openBIS code but it is relatively easy to have additional scheduled task to rename inactive users to dictionary list of names or other type of pattern.
It can be openBIS custom plugin developed individually, by us, or simple cronjob with SQL query to do that.
More difficult part are log files, because being “forgotten” from log files is currently not easy task. User names are clearly logged in logs, and some organizations policy force to store logs for 5 year of even more, and being forgotten the user.name ever used that system would be very intensive task. That would need to change logging policy and disabling logging of user name upfront.

6

@artur.pedziwilk

great many thanks! That’s good to know.
Do you happen to have an SQL statement that you’re willing ot share?
We haven’t had a request so far, but would be good to have should the need arise
(and you’re always one “commit;” away from unintended consequences :slight_smile: )

many thank
Uli

7

Dear @kerzel,
I see three contexts where I could search for to identify if certain user is using or was using openBIS instance.

  1. Log files related to authentication, authorization, groups synchronization, or any other actions. Current release of openBIS does not include easy switch to disable logging of personal data. We are concerned about that and we will refactor our default settings for logs to make it easier.
  2. Data itself or naming conventions of project or experiments or descriptions. For example metadata of XLS files uploaded to openBIS contain people names.
  3. And finally user’s data needed for authentication and permissions what we focus on below examples.

I will use complete docker commands examples to show complete queries from where clean SQL could be taken.

User’s data are in “openbis_prod” database in table “persons”.

docker exec -i -u postgres openbis-db psql openbis_prod -c "select first_name,last_name,user_id,email from persons where is_active = 'true';"

When user is deactivated from openBIS it will change in database to “is_active = ‘false’”. So I could use a SQL query to update fields I want to anonymize. It could be:

docker exec -i -u postgres openbis-db psql openbis_prod -c "update persons set last_name = (substr(md5(random()::text), 0, 10)), first_name = (substr(md5(random()::text), 0, 10)) where is_active = 'false';"

The “(substr(md5(random()::text), 0, 10))” gives 10 characters of random string. Above update modify the “last_name” and “first_name”, so to have complete query I should add also “user_id” and “email”.

In case of requirement to anonymize the names of user’s space, in the table “persons” there is a “space_id” to identify which space should be analogically modified. The field to rename will be “code”.

Example update to change name of space with id “56”:

docker exec -i -u postgres openbis-db psql openbis_prod -c "update spaces set code = (substr(md5(random()::text), 0, 10)) where id = '56';"

All random strings in my example will result with something like

docker exec -i -u postgres openbis-db psql openbis_prod -c "select code from spaces where id = '56';"
   code
-----------
 897f31223
(1 row)
1 Like
8

Dear @artur.pedziwilk

great, thank you very much!

All the best
Ulrich