Hello Eric
Thanks for the fulsome reply - that looks awesome!
Looks like an upgrade to 18.05 is needed for our servers.
Thanks for your efforts on this,
Best wishes
Peter
--
Peter Briggs peter.briggs(a)manchester.ac.uk
Bioinformatics Core Facility University of Manchester
B.1083 Michael Smith Bldg Tel: (0161) 2751482
________________________________________
From: hxr(a)hx42.org [hxr(a)hx42.org]
Sent: Monday, June 11, 2018 10:20 AM
To: Peter Briggs
Cc: galaxy-dev(a)lists.galaxyproject.org
Subject: Re: [galaxy-dev] Permanently deleting users from a Galaxy instance
Hi Peter,
On 2018-06-11, Peter Briggs wrote:
Hello
I'm wondering if there is an option to permanently delete a user account from a
Galaxy instance, for example to comply with GDPR (for those of us running public Galaxy
instances).
I implemented the `beta_gdpr_mode` in Galaxy 18.05. Please find the pull
request here:
https://github.com/galaxyproject/galaxy/pull/6069
In case you are interested how this functionality was implemented
And it is documented in the release notes here:
https://docs.galaxyproject.org/en/release_18.05/releases/18.05_announce.h...
And in the admin documentation here:
https://docs.galaxyproject.org/en/master/admin/special_topics/gdpr_compli...
(but that documentation needs to be updated.)
The admin interface provides "delete" and "purge"
options for user accounts, but neither of these seems to permanently remove an account -
the deleted accounts are still visible and can be undeleted (at least, in Galaxy 17.09).
It's also unclear to me what "purge" does in this case - I wasn't able
to find any documentation on these user management options.
I believe it's the same distinction made with histories
- deleted = "cleanup in some time"
- purged = "fine to cleanup now"
As I understand it, under GDPR a person can request to have all their
personal data removed from a database, but neither of the above options would be
sufficient to leave the database compliant with GDPR in this case (as at the very least
the email address - which I understand constitutes personal information in this context -
would remain in the database).
Yes, our current opinion is that only the email address +
username + any addresses on file must be wiped.
This feature is available to you when you turn on this mode.
Is there any way within Galaxy to truly permanently remove a user
account?
Thanks in advance for any advice on this,
Best wishes
Peter
--
Peter Briggs peter.briggs(a)manchester.ac.uk
Bioinformatics Core Facility University of Manchester
B.1083 Michael Smith Bldg Tel: (0161) 2751482
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/