Finding sensitive data and data spills
To find data spills or sensitive data in global configurations, components, and
user-defined queries, run the
repotools-gc dumpArtifacts command and then search
its output. If the sensitive data must be deleted, you can then scrub or
delete the items.
Before you begin
- This command adds significant load to the server and can take a long time to run.
- You can also run this command to see the dump jobs that were initiated since the last server restart.
Ask a user with JazzAdmin repository privileges to run the
dumpArtifactscommand. This command dumps the global configurations, components, and user-defined queries of all the Global Configuration Management (GCM) project areas into a directory on the server. To dump those items for only one project area, include the
repotools-gc -dumpArtifacts adminUserId=userId adminPassword=password dumpDirectory=dumpDirectory [projectArea=projectAreaName]
For more information, see the related topic about this command.
The system creates a folder for each project area and subfolders for the project area's components, configurations, user-defined queries, and if they exist, attributes, data types, and link types. Examine the output in the subfolders to discover the URLs of the items. See the examples.
Find the data to delete.
- If you don't know which data is sensitive: For each project area, give the command output to a team member to search. Your task is now complete, and you can skip the rest of the steps.
- If you know which data is sensitive and needs to be deleted:
- Use file system search tools, such as grep, to find occurrences of the
- Include encoded characters in your search: project area names might have encoded characters, for example, "Team1+Engine+Project", "Team1%60s+Engine+Project", and other characters.
- Search recursively.
- In each file that contains the search string, find the URL of the component, configuration, or
user-defined query, which is typically the top-level URL where you found the string. See the
examples.Tip: Consider copying the URLs into a text file.
- Give the text file that contains the URLs to a team member assigned the GCM Administrator role, who then decides which items to scrub.
- Use file system search tools, such as grep, to find occurrences of the sensitive text.
- Ask a user with JazzAdmin repository privileges to run the
- Search the command output recursively for the string "Super Car". You
find the string in several files. Open those files and find the URLs of the items, as shown in these
- Consider creating a text file that contains the URLs of the items that contain the string "Super Car". With the URLs in one file, it's convenient to open many components, configurations, and queries.
What to do next
- Copy each identified URL into a browser. This action requires the GCM Administrator role.
- If the sensitive data must be deleted, scrub or delete the item. For more information about the Scrub commands and to see what is deleted, see the related task.
Ask a JazzAdmin user or other ELM project area administrators to check for and remove sensitive data in the other ELM applications. In the related topic about ELM security considerations, see the section about deleting sensitive data and its links to procedures for other ELM applications.