Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bring credential delete in line with new GDPR interpretation #802

Closed
taylordowns2000 opened this issue Apr 20, 2023 · 3 comments
Closed

Bring credential delete in line with new GDPR interpretation #802

taylordowns2000 opened this issue Apr 20, 2023 · 3 comments
Assignees
@elias-ba

Comments

@taylordowns2000
Copy link
Member

taylordowns2000 commented Apr 20, 2023
edited
Loading

When a user requests to deletes a credential:

  • project_credentials are deleted (audit trail event)
  • any jobs using that credential are set_null (audit trail event)
  • runs with that credential_id DO NOTHING and should block the deletion of the credential until they are removed.

Full deletion planning doc here.
@taylordowns2000
Copy link
Member Author

@elias-ba , could #1072 be related to this? (if so, maybe the way to solve that bug is to implement this ticket?)

@taylordowns2000 taylordowns2000 mentioned this issue Sep 5, 2023
Closed
2 tasks
@elias-ba elias-ba self-assigned this Sep 5, 2023
@taylordowns2000
Copy link
Member Author

taylordowns2000 commented Sep 6, 2023
edited
Loading

@elias-ba , i've just had a look through the delete rules from the planning doc

1. For legal reasons, we have to prioritize PROJECT DATA above USER DATA			
2. 	So if the OWNER of a project wants to delete project data		
3. 		And the SUPERUSER (the person in charge of the whole installation) allows it
4. 		THEN IT GETS PURGED. (after N days, based on the installation setting. or never, if set to 0 for legal reasons.)			
5. 	But if the OWNER of a USER RECORD (i.e., a user) wants to erase their own user record and all their related activity		
6. 		THEY MAY NOT BE ABLE TO, UNTIL.....	
7. 			ANY ASSOCIATED PROJECT DATA (invocation_reason, run.credential_id)
8. 		SCHEDULED DELETION DATE PASSES	
9. 			The delete for that USER fails, and we try again tomorrow.
10. 		LATER	
11. 			Maybe the runs have expired and been cleaned
12. 			Maybe the superuser has deleted that activity
13. 			Maybe the project and all assocaited activity has been deleted.
14. 			And if so, then the delete succeeds.
15. 			If not.... we try again tomorrow.
16. 		WHILE IT IS CAUGHT IN LIMBO...
17. 			Logins are not allowed

So I think your current testing is all good. If the super says yes, this project can be deleted then all associated activity gets cascaded.

@elias-ba
Copy link
Contributor

elias-ba commented Sep 6, 2023

@elias-ba , i've just had a look through the delete rules from the planning doc

1. For legal reasons, we have to prioritize PROJECT DATA above USER DATA			
2. 	So if the OWNER of a project wants to delete project data		
3. 		And the SUPERUSER (the person in charge of the whole installation) allows it
4. 		THEN IT GETS PURGED. (after N days, based on the installation setting. or never, if set to 0 for legal reasons.)			
5. 	But if the OWNER of a USER RECORD (i.e., a user) wants to erase their own user record and all their related activity		
6. 		THEY MAY NOT BE ABLE TO, UNTIL.....	
7. 			ANY ASSOCIATED PROJECT DATA (invocation_reason, run.credential_id)
8. 		SCHEDULED DELETION DATE PASSES	
9. 			The delete for that USER fails, and we try again tomorrow.
10. 		LATER	
11. 			Maybe the runs have expired and been cleaned
12. 			Maybe the superuser has deleted that activity
13. 			Maybe the project and all assocaited activity has been deleted.
14. 			And if so, then the delete succeeds.
15. 			If not.... we try again tomorrow.
16. 		WHILE IT IS CAUGHT IN LIMBO...
17. 			Logins are not allowed

So I think your current testing is all good. If the super says yes, this project can be deleted then all associated activity gets cascaded.

Awesome @taylordowns2000 thanks for the clarity.

@elias-ba elias-ba mentioned this issue Sep 6, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elias-ba elias-ba

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mtuchi @taylordowns2000 @elias-ba