Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Introduction

The purpose of the AnonymizationTask manage the anonymization process.

 

Value

GUID

bf8bbfc01a8341b68e53e25141487a49

Scheduled by default

(tick)

It is scheduled by default but to actually do something - it has to be enabled How-to configure Anonymization

Interval in seconds

60

Concurrent

(tick)

Parameters

uint[] with CoreIdentity Ids

Anonymization Process

The anonymization process is the part of GDPR capability. After the Core Identity is deleted - system can delete the Personal Data that is in CoreIdentity+CoreIdentityAttributeValues and Identity+IdentityAttributeValue and in change entries.

The process involves a few tasks and is illustrated by timeline below:

ID

Action

Description

Core Identity Anon-State

Identity Anon-State

-

There is some happy Core Identity

NotAnonymized (1)

NotAnonymized (1)

1

Delete Core Identity

Core Identity state changed to Deleted

AnonymizationNeeded (2)

AnonymizationNeeded (2)

2

AnonymizationTask runs

Core Identity + Core Identity Attribute Values are anonymized

Core Identity change entries are anonymized

HistoryAnonymized (5)

3

UpdateIdentityTask runs

Identity Attribute Values are anonymized

AnonymizationStarted (3) or HistoryAnonymizationNeeded (4)

3B

ProvisionIdentityChangesTask runs (fastracked)

Anonymized changes are provisioned to Target System

HistoryAnonymizationNeeded (4)

4

AnonymizationTask runs

Identity change entries are anonymized

Clear old_serialized_value in Identity Attribute Value

Anonymized (6)

Anonymized (6)

You can see what is the action taken by each step and also what is the Anonymization state that is set at the end of the step on Core Identity and Identity.

You can diagnose process looking at anonymization states of Core Identity and Identity. You will recognize which steps were run and which are still to be run.

Step 2 - AnonymizationTask runs (first time)

Core Identity is filterd by:

  • State - Deleted

  • Anonymization State - AnonymizationNeeded

  • No role/resource assignments are removed

    • find resource assignment that respect any of following conditions:

      • Ignore = true

      • AssignmentState is one of (Denied, Assigned)

    • find role assignment that respect any of following conditions:

      • Ignore = true

      • AssignmentState is one of (Denied, Assigned, PendingAssignment)

Changes that are done:

  • Clear readonly_email

  • Change Identities state to

    • PendingAnonymization is Identity is provisioned

    • HistoryAnonymizationNeeded otherwise

  • Core Identity Attribute value anonymization

    • Clear readonly_used_value

    • Set serialized_value to NULL

    • Set explicit_serialized_value to

      • SerializedAnonymizationDefault from Core Identity Type Attribute Mapping

      • default C# value if SerializedAnonymizationDefault does not exist

        • in case of drop down - first drop down item

  • History anonymization

    • Overwrite all entries for Module.DM.IdentityManagement.CoreIdentity with identifier of processed CoreIdentity with Anonymized with AnonymizationTask text

    • Core Identity Anonymization state changed to HistoryAnonymized

  • No labels

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.