Hi community members,
Our team want to take a data xml copy from environment A and import it in environment B. Due to compliance reason, in environment B, we would like to remove/replace data for all text fields (including comments) and number fields, as well as all History records. For text/number fields, we don't mind if only the sensitive data (for example, PII data) get replaced/removed, or the entire text/number data get replaced/removed.
In order to make this happen, what would be the best way if we don't use a 3rd party plugin other than ScriptRunner? I know we can use “Automation for Jira” to clean/replace the data for fields, but when the number of issues is large, it gives a warning sign. Also, similar to ScriptRunner scripts, it may take significant amount of time to process. We have about 2 million issues in the instance. Also, I know we can user ScriptRunner scripts to cleanup the History for a specific issue (see the most recent comment here: https://jira.atlassian.com/browse/JRASERVER-69002), but if we want to cleanup the change history for all issues in the instance, does "run SQL query to clean up the records in the "changegroup" and "changeitem" tables in the database" the best way to make it happen?
Based on this Atlassian article, we can anonymizing Jira data via Jira Anonymizer, but it will also anonymize the project descriptions, and descriptions for most elements (notification schemes, permission schemes, resolutions). We don't want those to be anonymized, we only want data in issues to be anonymized.
If it needs a different plugin, is there anything to recommend? Would "PII Protector for Jira" or "Data Protection and Security Toolkit for Jira (DLP)" be good for our case? We need the anonymization to be reflected in the database, not only on the surface of the UI. Also, there are some process we need to follow before we are allowed to install any new plugins in our testing environment, so we can't really quickly test this out.
Thanks!
Lynn
@Lynn Liu Please note that the Data Anonimizer provided by Atlassian is actually open source!
See: https://confluence.atlassian.com/adminjiraserver/anonymising-jira-application-data-938847706.html
If you download the ZIP, you can find that the anonymization itself is nothing else, but an XSLT transformation on the backup file (which is essentially an XML). In the "anon.stx" file you can see what attributes of what elements will be changed by the transformation.
See the first lines of these two transformatiomations:
<stx:template match="Action/@body | MailServer/@username | */@password | */@description | Issue/@environment | Issue/@summary | NotificationInstance/@email | ChangeItem/@newstring | ChangeItem/@oldstring | FileAttachment/@filename | NotificationScheme/@name | PermissionScheme/@name | Resolution/@name | CustomFieldValue/@textvalue | Project/@url | Worklog/@body">
<stx:attribute name="{local-name(.)}"><stx:value-of select="replace(., '[\S]+?', 'x')"/></stx:attribute>
</stx:template>
<stx:template match="Action/body/text() | */description/text() | Issue/environment/text() | Issue/summary/text() | NotificationInstance/email/text() | ChangeItem/newstring/text() | ChangeItem/oldstring/text() | FileAttachment/filename/text() | NotificationScheme/*/text() | PermissionScheme/*/text() | Resolution/*/text() | CustomFieldValue/textvalue/text() | Worklog/body/text()">
<stx:value-of select="replace(., '[\S]+?', 'x')"/>
</stx:template>
You can absolutely modify these, therefore change what data will be replaced with "x" characters. Should not be very complicated, either.
HI. @Lynn Liu
Welcome to the community. I haven't an out of the box solution natively in Jira. I would suggest the same to try out the add-ons. Usually add-ons provide a 30 day trial.
IF you can go through your internal process and be permitted to install the plugin, then should test it out. You want to make sure it applies to all your use case. I couldn't see a reason why not since this is about making your data secure. All the best!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.