Deleting sensitive data

Edit online

You can remove classified or sensitive data from, or scrub, global configurations and components (including their change event history), and also delete user-defined queries that contain sensitive information.

Scrub or delete the items to recover from data spills and to remove information that is now confidential but wasn't before, or to delete classified or sensitive information that is not to be revealed to a wider audience. Information is permanently deleted from the components, configurations, or user-defined queries, and cannot be recovered.

Before you begin

Ask a team member with JazzAdmin repository privileges to run the repotools-gc -dumpArtifacts command for all the project areas in the Global Configuration Management application or a specific project area. This command writes the Global Configuration Management components, configurations, and user-defined queries to the file system so that you can search for sensitive data. See the related task for details.
You must be assigned the Global Configuration Management Administrator role or have specific permissions to scrub components or types of configurations (such as streams, baselines), or to delete user-defined queries.

Remember:

Important: The Scrub commands scrub only Global Configuration Management components and configurations. To check for and remove sensitive data in other IBM® Engineering Lifecycle Management applications, ask a user with JazzAdmin repository privileges or other Engineering Lifecycle Management project area administrators to use the tools in those applications.
In the related topic about Engineering Lifecycle Management security considerations, see the section about deleting sensitive data and its links to procedures for other Engineering Lifecycle Management applications.
When you scrub a component or configuration, or delete a user-defined query, data is deleted permanently from it and cannot be recovered. No copies of the deleted information are kept in the repository.
However, tags are removed only from the artifacts you scrub, and are not permanently deleted from the repository.
Database backups and Global Configuration Management data outside the repository are not scrubbed. You must identify any such locations and decide whether to delete the data.
For example, if your organization must ensure that no database backups contain sensitive data, you might decide to delete those backups. Then, after you scrub components or configurations, or delete user-defined queries in the project area, back up the database again. This approach helps ensure that sensitive data doesn't exist outside the repository, but limits the information that you can restore.
Some Global Configuration Management tasks, such as exporting Global Configuration Management type information, collect personal information (such as usernames and URIs) for audit purposes. The information is not stored in a component, configuration, or user-defined query, so scrubbing does not remove it. See the Exporting and Importing type definitions and stored personal information wiki for details about data that is collected, where to find it, and how to delete it.

About this task

For scrubbing global configurations and components, use the following table to help you decide whether to scrub an entire item or only its history (change events).

Item to Scrub	Entire Item	Change Events
Component	Choose this option if the component shows sensitive information now. The following items are deleted: Change events for the component Attributes Links Tags are removed only from the component you scrub. If a tag is applied to other components, you can still find it in locations such as the tag tree. Remember, tags are not permanently deleted from the repository. Configurations of the component are not scrubbed. If a configuration contains sensitive data, it is still shown in the History view as part of the configuration's change events. Remember to scrub configurations that contain sensitive data. The system renames the component to Scrubbed_`random_string`. You can rename it to suit your project needs.	Choose this option if the component does not show sensitive information now, but did previously. Change events for the component (but not its configurations) are deleted.
Configuration (stream or baseline)	Choose this option if the configuration shows sensitive information now. Change events are deleted and no longer shown in the history view. The following information is also deleted: Attributes Links Tags are removed only from the configuration you scrub. If the tag is applied to other configurations, you can still find it in locations such as the tag tree. Remember, tags are not permanently deleted from the repository. Nested global configurations and configurations from other Engineering Lifecycle Management applications are removed. The system renames the configuration to Scrubbed_`random_string`. You can rename it to suit your project needs. Important: Be sure to also scrub derived configurations, such as baselines and streams created from those baselines. For example, if you create a baseline when the stream has sensitive data, the data is also copied to that baseline. Any streams that you create from that baseline also contain the data.	Choose this option if the configuration does not show sensitive information now, but did previously. Change events are deleted and no longer shown in the history view.

For user-defined queries that contain sensitive data, choose one of the following options:

Delete the entire query.
Edit the query, if it's your own or a shared query, to remove sensitive information.

Procedure

Identify the components, configurations, and user-defined queries that contain sensitive data. Complete one of the following steps, depending on the output that you receive from the user with JazzAdmin repository privileges who runs the repotools-gc -dumpArtifacts command.
- If you receive a text file that has the URLs of the components, configurations, and user-defined queries that contain sensitive data, go to step 2.
- If you receive the output of the dumpArtifacts command:
  1. Search the output for the sensitive data.
    Tip:
    - Include encoded characters in your search: project area names might have encoded characters, for example, "Team1+Engine+Project", "Team1%60s+Engine+Project", and other characters.
    - Search recursively.
  2. In each file that contains the search string, find the URL of the component, configuration, or user-defined query. See the example.
    Tip: Consider copying the URLs into a text file to help you complete step 3 more quickly.
Enable the Scrub commands. Click Administration > Show Scrub Actions.
Scrub the items that contain sensitive data.
1. For each component, configuration, or user-defined query that contains sensitive data, copy its URL into a browser.
2. For components and configurations, click Scrub near the upper right of the page. To choose whether to scrub the entire item or only the change events, see the table to help you decide.
  
  Tip: For configurations, you can also select the command from the Actions menu on the left of configuration name in the tree. You can scrub a configuration at any level in the tree.
  
  For user-defined queries, click Delete on the upper right of the page.
Optional: Verify that all sensitive data is removed.
1. Ask a user with JazzAdmin repository privileges to run the repotools-gc -dumpArtifacts command again.
2. Search the command output for sensitive data.
If you find more items to scrub, repeat step 3.

Results

When the scrub finishes, tracked resource sets (TRS) update the GC resources data source in Lifecycle Query Engine. The Global Configuration Management application and Lifecycle Query Engine then contain the same scrubbed information. No further steps are required to scrub Global Configuration Management data in Lifecycle Query Engine.

Example

Your organization is working on a new car named "Super Car", which is now considered a secret name. Components, configurations, and any user-defined queries that mention this name must be scrubbed so that all the sensitive data is deleted. After a JazzAdmin user runs the dumpArtifacts command:

Search the command output recursively for the string "Super Car". You find the string in several files. Open those files and find the URLs of the items, as shown in these examples.
Consider creating a text file that contains the URLs of the items that contain the string "Super Car". This step makes it faster for you to open the items that you might scrub.
For each item that contains sensitive data, copy its URL into a browser window and decide whether to scrub the item.

What to do next

If you scrub entire components or configurations, consider renaming them from Scrubbed_random_string to something more meaningful.
To reduce the clutter on the page and administration menu, hide the scrub commands when you finish scrubbing items. Click Administration > Hide Scrub Actions.

Remove sensitive data in other Engineering Lifecycle Management applications:

Ask a user with JazzAdmin repository privileges or other Engineering Lifecycle Management project area administrators to check for and remove sensitive data by using the tools in the other Engineering Lifecycle Management applications, including Lifecycle Query Engine and the Link Index Provider.
In the related topic about Engineering Lifecycle Management security considerations, see the section about deleting sensitive data and its links to procedures for other Engineering Lifecycle Management applications.

Note: Other Engineering Lifecycle Management applications might use terms such as purge, redact, permanently deleting or delete from repository to refer to deleting sensitive data.