Anonymization of objects

This feature enables anonymization of all or selected objects that fulfill specified criteria. It can be used to enforce the right to be forgotten as required by the EU General Data Protection Regulation (GDPR). It might be also used to anonymize sensitive data in customer databases before they are copied externally.

Anonymization can be done on request or scheduled to anonymize objects on the basis of attribute filters. For example, it is possible to anonymize all identities that have expired more than 5 years ago. The feature overwrites attributes both on the effective and the historical versions of the objects.

The following rules are followed:

• Optional attributes and extension attributes are set to null.
• Object references are preserved.
• Attributes for compliance purposes are preserved.
• Mandatory attributes are overwritten with an anonymization value, for example: “ANONYMIZED”.

However, the following exceptions exist:

• Attributes with a default mapping to a set property in Enterprise Server are left unchanged, for example, the Identity Status.
• For the Name and ShortName attributes, the ObjectID (or OISID for identities) is appended to the anonymization value. For example: “ANONYMIZED123”.

Performing anonymization

1. Go to Setup > Administration > Connectivity > Import Profiles.

2. Open the GDPR Anonymization profile page to use the predefined profile. You can edit it, if needed. Alternatively, click the New button to create your own profile of the Anonymization type.

3. In the Object attribute filters section of the page, click Add to create a new filter. Alternatively, click the predefined filter to edit it.

   

4. A dialog box will open. Click New to create the filter.

5. In the next dialog box, you will need to configure the profile. Type in the name and then select the object type (database table) to be anonymized. The following ODW object types will be available:

   • Account
   • Context
   • ContextAssignment
   • ContextOwner
   • Decision
   • Identity
   • IdentityOwner
   • Resource
   • ResourceAssignment
   • ResourceOwner
   • System
   • SystemOwner

6. Once you select a table, you will be able to edit the attribute filter as an SQL expression. Example of a filter:

   [IsRowLatest]=1 AND [RowExpirationTime] < DATEADD(year,-5,GETUTCDATE())

   info

   If there are any syntax errors in the SQL expression, they will be discovered and reported when the anonymization profile runs.

7. For each selected object, you can set up a threshold that cannot be exceeded for a given object. After the anonymization profile import is run, the result shows how many relevant objects have been found. If the number of objects exceeds the threshold, anonymization will not be performed, and an error message will be displayed, showing which object filter exceeded the threshold. The accepted threshold values are 1 to 2,147,483,647. If the value is left empty, the threshold will not be used.

   

8. Click OK to save and close the filter.

9. If needed, change the setting of the anonymization value to be used as placeholder text in the anonymized data. The default value is ANONYMIZED. To do this, go to Setup > Administration > More > Customer Settings, find the GDPR section and change the value of the GDPR anonymization value setting.

10. Go back to the Import profiles view. Select the GDPR anonymization profile and click Start import. When the import runs, the following actions are taken:

• Tables in the Staging database are truncated.
• The Master database is updated using a database transaction.
• The Data Warehouse database is updated using a database transaction and dimension data integrity checks are executed before committing.

info

Depending on the customer-specific configuration, various objects may contain personal identifiable information. Therefore, the customer must analyze which objects to anonymize and configure the object attribute filters accordingly. For example, if you have imported personal identifiable information into accounts, you need to configure an appropriate filter to anonymize the accounts, and not only identities.

Limitations

• Data in generic databases and CSV files will not be anonymized. Custom logic must ensure that those data stores only contain the latest snapshots from target system. However, if a system is removed in the Portal, the latest snapshot might need to be deleted manually from the generic databases or CSV files, otherwise it could be unintentionally preserved.

• Database and transaction log backups that contain personal identifiable information are not destroyed by the feature.

• Personal identifiable information that has been extracted from Omada Identity Data Warehouse and stored elsewhere cannot be anonymized using the feature.

Anonymized attributes details

The following sections present details of the anonymized objects and attributes.

Optional and extension attributes

The following optional and extension attributes, listed per object, are set to null:

• Account object:

  • [UID]
  • [Domain]
  • [DisplayName]
  • [DistinguishedName]
  • [Path]
  • [Description]
  • [Status]
  • [StatusMask]
  • [ValidFrom]
  • [ValidTo]
  • [LastLogon]
  • [LastPasswordChange]
  • [ExtensionAttributesWithHistory]
  • [ExtensionAttributesWithoutHistory]
  • [ODW_Type]
  • [ODW_IdentityJoinReason]
  • [ODW_IdentityJoinSimilarity]
  • [ODW_IdentityJoinConfidence]
  • [ODW_IdentityJoinConfirmState]
  • [ODW_Approved]
  • [ODW_ApprovalSystem]
  • [ODW_ApprovalTime]
  • [ODW_ApprovalExpiration]
  • [ODW_ApprovalReason]
  • [ODW_Approver]
  • [ODW_OriginalApprover]

• Context object:

  • [SubType]
  • [ExtensionAttributesWithoutHistory]
  • [ODW_ExtensionAttributesWithHistory]

• Context assignment object:

  • [ValidFrom]
  • [ValidTo]
  • [IdentityUID]

• Context Owner object:

  • [OwnerUID]

• Decision object:

  • [ApproverUID]

• Identity object:

  • [Email]
  • [JobTitle]
  • [Country]
  • [Company]
  • [EmployeeID]
  • [Type]
  • [ExtensionAttributesWithoutHistory]
  • [ODW_ExtensionAttributesWithHistory]
  • [UID2]

• Identity Owner object:

  • [Type]
  • [IdentityUID]
  • [OwnerUID]

• Resource object:

  • [Domain]
  • [DisplayName]
  • [DistinguishedName]
  • [Path]
  • [Description]
  • [ODW_BusinessDescription]
  • [ExtensionAttributesWithoutHistory]
  • [ODW_Classification]
  • [ODW_ExtensionAttributesWithHistory]

• Resource owner object:

  • [Type]
  • [OwnerUID]

• System object:

  • [Description]
  • [ExtensionAttributesWithoutHistory]

• System owner object:

  • [Type]
  • [OwnerUID]

Object references

The following object references, listed per object, are preserved:

• Account:

  • [System_ComposedBusinessKey]

• Context:

  • [Parent_ComposedBusinessKey]

• Context assignment:

  • [Context_ComposedBusinessKey]
  • [IdentityOISID]

• Context owner:

  • [Context_ComposedBusinessKey]
  • [OwnerOISID]

• Decision:

  • [ApproverOISID]

• Identity owner:

  • [OwnerOISID]
  • [IdentityOISID]

• Resource:

  • [Type]
  • [System_ComposedBusinessKey]

• Resource owner:

  • [Resource_ComposedBusinessKey]
  • [OwnerOISID]

• System owner:

  • [System_ComposedBusinessKey]
  • [OwnerOISID]

Attributes for compliance purposes

The following attributes for compliance purposes, listed per object, are preserved:

• Account:

  • [ODW_ComplianceState]
  • [ODW_Reason]

• Decision:

  • [Time]
  • [ApproverRole]
  • [ExpirationTime]

• Identity:

  • [Status]
  • [ValidFrom]
  • [ValidTo]

• Resource assignment:

  • [ODW_ComplianceState]
  • [ODW_Reason]

Mandatory attributes

The following mandatory attributes, listed per object, are overwritten with an anonymization value:

• Identity:
  • [FirstName]
  • [LastName]

Name and ShortName attributes

For the following Name and ShortName attributes, listed per object, the ObjectID (or OISID for identities) is appended to the anonymization value.

• Account:

  • [Name]

• Context:

  • [Name]
  • [ShortName]

• Decision:

  • [ApproverName]

• Identity:

  • [UID]
  • [Name]

• Resource:

  • [ShortName]
  • [Name]

• System:

  • [ShortName]
  • [Name]