AnonymizationTask

Owned by Witold Wabik
Last updated: 16. Aug 2024
2 min read

Introduction

The purpose of the AnonymizationTask manage the anonymization process.

 

Value

 

Value

GUID

bf8bbfc01a8341b68e53e25141487a49

Scheduled by default

It is scheduled by default but to actually do something - it has to be enabled How-to configure Anonymization

Interval in seconds

60

Concurrent

Parameters

uint[] with CoreIdentity Ids

Anonymization Process

The anonymization process is the part of GDPR capability. After the Core Identity is deleted - system can delete the Personal Data that is in CoreIdentity+CoreIdentityAttributeValues and Identity+IdentityAttributeValue and in change entries.

The process involves a few tasks and is illustrated by timeline below:

ID

Action

Description

Core Identity Anon-State

Identity Anon-State

ID

Action

Description

Core Identity Anon-State

Identity Anon-State

 

-

There is some happy Core Identity

NotAnonymized (1)

NotAnonymized (1)

1

Delete Core Identity

Core Identity state changed to Deleted

AnonymizationNeeded (2)

AnonymizationNeeded (2)

2

AnonymizationTask runs

Core Identity + Core Identity Attribute Values are anonymized

Core Identity change entries are anonymized

HistoryAnonymized (5)

 

3

UpdateIdentityTask runs

Identity Attribute Values are anonymized

 

AnonymizationStarted (3) or HistoryAnonymizationNeeded (4)

3B

ProvisionIdentityChangesTask runs (fastracked)

Anonymized changes are provisioned to Target System

 

HistoryAnonymizationNeeded (4)

4

AnonymizationTask runs

Identity change entries are anonymized

Clear old_serialized_value in Identity Attribute Value

Anonymized (6)

Anonymized (6)

You can see what is the action taken by each step and also what is the Anonymization state that is set at the end of the step on Core Identity and Identity.

You can diagnose process looking at anonymization states of Core Identity and Identity. You will recognize which steps were run and which are still to be run.

Step 2 - AnonymizationTask runs (first time)

Core Identity is filterd by:

  • State - Deleted

  • Anonymization State - AnonymizationNeeded

  • No role/resource assignments are removed

    • find resource assignment that respect any of following conditions:

      • Ignore = true

      • AssignmentState is one of (Denied, Assigned)

    • find role assignment that respect any of following conditions:

      • Ignore = true

      • AssignmentState is one of (Denied, Assigned, PendingAssignment)

Changes that are done:

  • Clear readonly_email

  • Change Identities state to

    • PendingAnonymization is Identity is provisioned

    • HistoryAnonymizationNeeded otherwise

  • Core Identity Attribute value anonymization

    • Clear readonly_used_value

    • Set serialized_value to NULL

    • Set explicit_serialized_value to

      • SerializedAnonymizationDefault from Core Identity Type Attribute Mapping

      • default C# value if SerializedAnonymizationDefault does not exist

        • in case of drop down - first drop down item

  • History anonymization

    • Overwrite all entries for Module.DM.IdentityManagement.CoreIdentity with identifier of processed CoreIdentity with Anonymized with AnonymizationTask text

    • Core Identity Anonymization state changed to HistoryAnonymized

Step 3 - UpdateIdentityTask

Processes Identities in anonymization state AnonymizationNeeded. More in Update Identity Task

After processing Identity anonymization state is be changed to:

  • AnonymizationStarted - when there are changes to be provisioned (has_changed in Identity Attribute Values)

  • HistoryAnonymizationNeeded otherwise

Step 3B - ProvisionIdentityChangesTask runs

Provisiones Attribute Changes for Identity that is in anonymization state AnonymizationStarted.

After provisioning Identity anonymization state is changed to HistoryAnonymizationNeeded.

Step 4 - AnonymizationTask runs (second time)

Core Identity is filterd by:

  • State - Deleted

  • Anonymization State - HistoryAnonymized

For Identities in HistoryAnonymizationNeeded state:

  • Overwrite all entries for Module.DM.IdentityManagement.Identity with identifier of processed Identity with Anonymized with AnonymizationTask text

  • Clear old_serialized_value in Identity Attribute Value

  • Sets Identity anonymization state to Anonymized

For Core Identities

  • Set anonymization state to Anonymized if all Identities have Anonymized state too

 

Diagram

Maybe looking at the diagram will help to understand the timeline a bit better:

 

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.