Finding sensitive data and data spills

Edit online

To find data spills or sensitive data in global configurations, components, and user-defined queries, run the repotools-gc dumpArtifacts command and then search its output. If the sensitive data must be deleted, you can then scrub or delete the items.

Before you begin

Important: This command writes only global components, configurations, and user-defined queries into the server file system. Ask a JazzAdmin user or other IBM® Engineering Lifecycle Management project area administrators to check for and remove sensitive data in other Engineering Lifecycle Management applications.

This command adds significant load to the server and can take a long time to run.
You can also run this command to see the dump jobs that were initiated since the last server restart.

Procedure

Ask a user with JazzAdmin repository privileges to run the dumpArtifacts command. This command dumps the global configurations, components, and user-defined queries of all the Global Configuration Management (GCM) project areas into a directory on the server. To dump those items for only one project area, include the projectArea parameter.
```
repotools-gc -dumpArtifacts adminUserId=userId adminPassword=password dumpDirectory=dumpDirectory [projectArea=projectAreaName]
```
For more information, see the related topic about this command.

The system creates a folder for each project area and subfolders for the project area's components, configurations, user-defined queries, and if they exist, attributes, data types, and link types. Examine the output in the subfolders to discover the URLs of the items. See the examples.
Find the data to delete.
- If you don't know which data is sensitive: For each project area, give the command output to a team member to search. Your task is now complete, and you can skip the rest of the steps.
- If you know which data is sensitive and needs to be deleted:
  1. Use file system search tools, such as grep, to find occurrences of the sensitive text.
    Tip:
    - Include encoded characters in your search: project area names might have encoded characters, for example, "Team1+Engine+Project", "Team1%60s+Engine+Project", and other characters.
    - Search recursively.
  2. In each file that contains the search string, find the URL of the component, configuration, or user-defined query, which is typically the top-level URL where you found the string. See the examples.
    Tip: Consider copying the URLs into a text file.
  3. Give the text file that contains the URLs to a team member assigned the GCM Administrator role, who then decides which items to scrub.

Example

Your organization is working on a new car named "Super Car", which is now considered a secret name. Components, configurations, and any user-defined queries that mention this name must be scrubbed so that all the sensitive data is deleted.

Ask a user with JazzAdmin repository privileges to run the dumpArtifacts command.
Search the command output recursively for the string "Super Car". You find the string in several files. Open those files and find the URLs of the items, as shown in these examples.
Consider creating a text file that contains the URLs of the items that contain the string "Super Car". With the URLs in one file, it's convenient to open many components, configurations, and queries.

What to do next

To remove sensitive data from global components, configurations, and user-defined-queries:

Copy each identified URL into a browser. This action requires the GCM Administrator role.
If the sensitive data must be deleted, scrub or delete the item. For more information about the Scrub commands and to see what is deleted, see the related task.

Ask a JazzAdmin user or other Engineering Lifecycle Management project area administrators to check for and remove sensitive data in the other Engineering Lifecycle Management applications. In the related topic about Engineering Lifecycle Management security considerations, see the section about deleting sensitive data and its links to procedures for other Engineering Lifecycle Management applications.