Hello Eric Thanks for the fulsome reply - that looks awesome! Looks like an upgrade to 18.05 is needed for our servers. Thanks for your efforts on this, Best wishes Peter -- Peter Briggs peter.briggs@manchester.ac.uk Bioinformatics Core Facility University of Manchester B.1083 Michael Smith Bldg Tel: (0161) 2751482 ________________________________________ From: hxr@hx42.org [hxr@hx42.org] Sent: Monday, June 11, 2018 10:20 AM To: Peter Briggs Cc: galaxy-dev@lists.galaxyproject.org Subject: Re: [galaxy-dev] Permanently deleting users from a Galaxy instance Hi Peter, On 2018-06-11, Peter Briggs wrote:
Hello
I'm wondering if there is an option to permanently delete a user account from a Galaxy instance, for example to comply with GDPR (for those of us running public Galaxy instances).
I implemented the `beta_gdpr_mode` in Galaxy 18.05. Please find the pull request here: https://github.com/galaxyproject/galaxy/pull/6069 In case you are interested how this functionality was implemented And it is documented in the release notes here: https://docs.galaxyproject.org/en/release_18.05/releases/18.05_announce.html... And in the admin documentation here: https://docs.galaxyproject.org/en/master/admin/special_topics/gdpr_complianc... (but that documentation needs to be updated.)
The admin interface provides "delete" and "purge" options for user accounts, but neither of these seems to permanently remove an account - the deleted accounts are still visible and can be undeleted (at least, in Galaxy 17.09). It's also unclear to me what "purge" does in this case - I wasn't able to find any documentation on these user management options.
I believe it's the same distinction made with histories - deleted = "cleanup in some time" - purged = "fine to cleanup now"
As I understand it, under GDPR a person can request to have all their personal data removed from a database, but neither of the above options would be sufficient to leave the database compliant with GDPR in this case (as at the very least the email address - which I understand constitutes personal information in this context - would remain in the database).
Yes, our current opinion is that only the email address + username + any addresses on file must be wiped. This feature is available to you when you turn on this mode.
Is there any way within Galaxy to truly permanently remove a user account?
Thanks in advance for any advice on this,
Best wishes
Peter
-- Peter Briggs peter.briggs@manchester.ac.uk Bioinformatics Core Facility University of Manchester B.1083 Michael Smith Bldg Tel: (0161) 2751482
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/