...
The process involves a few tasks and is illustrated by timeline below:
ID | Action | Description | Core Identity Anon-State | Identity Anon-State | ||
|---|---|---|---|---|---|---|
- | There is some happy Core Identity | NotAnonymized (1) | NotAnonymized (1) | |||
1 | Delete Core Identity | Core Identity state changed to Deleted Core Identity anonymization state changed to AnonymizationNeeded | AnonymizationNeeded (2) | AnonymizationNeeded (2) | ||
2 | AnonymizationTask runs | Core Identity + Core Identity Attribute Values are anonymized Core Identity change entries are anonymized | HistoryAnonymized (5) | |||
3 | UpdateIdentityTask runs | Identity Attribute Values are anonymized | AnonymizationStarted (3) or HistoryAnonymizationNeeded (4) | |||
3B | ProvisionIdentityChangesTask runs (fastracked) | Anonymized changes are provisioned to Target System | HistoryAnonymizationNeeded (4) | |||
4 | AnonymizationTask runs | Identity change entries are anonymized Anonymized changes are provisioned to Target System | HistoryAnonymizationNeeded(4) | AnonymizationTask runs Clear | Anonymized (6) | Anonymized (6) |
You can see what is the action taken by each step and also what is the Anonymization state that is set at the end of the step on Core Identity and Identity.
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
You can diagnose process looking at anonymization states of Core Identity and Identity. You will recognize which steps were run and which are still to be run. |
Step 2 - AnonymizationTask runs (first time)
Core Identity is filterd by:
State - Deleted
Anonymization State - AnonymizationNeeded
No role/resource assignments are removed
find resource assignment that respect any of following conditions:
Ignore = true
AssignmentState is one of (Denied, Assigned)
find role assignment that respect any of following conditions:
Ignore = true
AssignmentState is one of (Denied, Assigned, PendingAssignment)
Changes that are done:
Clear
readonly_emailChange Identities state to
PendingAnonymization is Identity is provisioned
HistoryAnonymizationNeeded otherwise
Core Identity Attribute value anonymization
Clear
readonly_used_valueSet
serialized_valueto NULLSet
explicit_serialized_valuetoSerializedAnonymizationDefaultfrom Core Identity Type Attribute Mappingdefault C# value if
SerializedAnonymizationDefaultdoes not existin case of drop down - first drop down item
History anonymization
Overwrite all entries for
Module.DM.IdentityManagement.CoreIdentitywithidentifierof processed CoreIdentity withAnonymized with AnonymizationTasktextCore Identity Anonymization state changed to HistoryAnonymized
Step 3 - UpdateIdentityTask
Processes Identities in anonymization state AnonymizationNeeded. More in Update Identity Task
After processing Identity anonymization state is be changed to:
AnonymizationStarted - when there are changes to be provisioned (
has_changedin Identity Attribute Values)HistoryAnonymizationNeeded otherwise
Step 3B - ProvisionIdentityChangesTask runs
Provisiones Attribute Changes for Identity that is in anonymization state AnonymizationStarted.
After provisioning Identity anonymization state is changed to HistoryAnonymizationNeeded.
Step 4 - AnonymizationTask runs (second time)
Core Identity is filterd by:
State - Deleted
Anonymization State - HistoryAnonymized
For Identities in HistoryAnonymizationNeeded state:
Overwrite all entries for
Module.DM.IdentityManagement.Identitywithidentifierof processed Identity withAnonymized with AnonymizationTasktextClear
old_serialized_valuein Identity Attribute ValueSets Identity anonymization state to Anonymized
For Core Identities
Set anonymization state to Anonymized if all Identities have Anonymized state too
Diagram
Maybe looking at the diagram will help to understand the timeline a bit better:
| Drawio | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|