Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Data Masking in Jira DC

Lynn Liu August 30, 2024

Hi community members,

Our team want to take a data xml copy from environment A and import it in environment B. Due to compliance reason, in environment B, we would like to remove/replace data for all text fields (including comments) and number fields, as well as all History records. For text/number fields, we don't mind if only the sensitive data (for example, PII data) get replaced/removed, or the entire text/number data get replaced/removed.

In order to make this happen, what would be the best way if we don't use a 3rd party plugin other than ScriptRunner? I know we can use “Automation for Jira” to clean/replace the data for fields, but when the number of issues is large, it gives a warning sign. Also, similar to ScriptRunner scripts, it may take significant amount of time to process. We have about 2 million issues in the instance. Also, I know we can user ScriptRunner scripts to cleanup the History for a specific issue (see the most recent comment here: https://jira.atlassian.com/browse/JRASERVER-69002), but if we want to cleanup the change history for all issues in the instance, does "run SQL query to clean up the records in the "changegroup" and "changeitem" tables in the database" the best way to make it happen?

Based on this Atlassian article, we can anonymizing Jira data via Jira Anonymizer, but it will also anonymize the project descriptions, and descriptions for most elements (notification schemes, permission schemes, resolutions). We don't want those to be anonymized, we only want data in issues to be anonymized.

If it needs a different plugin, is there anything to recommend? Would "PII Protector for Jira" or "Data Protection and Security Toolkit for Jira (DLP)" be good for our case? We need the anonymization to be reflected in the database, not only on the surface of the UI. Also, there are some process we need to follow before we are allowed to install any new plugins in our testing environment, so we can't really quickly test this out.

Thanks!
Lynn

2 answers

2 accepted

0 votes
Answer accepted
Aron Gombas _Midori_
Community Champion
September 2, 2024

@Lynn Liu Please note that the Data Anonimizer provided by Atlassian is actually open source!

See: https://confluence.atlassian.com/adminjiraserver/anonymising-jira-application-data-938847706.html

If you download the ZIP, you can find that the anonymization itself is nothing else, but an XSLT transformation on the backup file (which is essentially an XML). In the "anon.stx" file you can see what attributes of what elements will be changed by the transformation.

See the first lines of these two transformatiomations:

<stx:template match="Action/@body | MailServer/@username | */@password | */@description | Issue/@environment | Issue/@summary | NotificationInstance/@email | ChangeItem/@newstring | ChangeItem/@oldstring | FileAttachment/@filename | NotificationScheme/@name | PermissionScheme/@name | Resolution/@name | CustomFieldValue/@textvalue | Project/@url | Worklog/@body">
<stx:attribute name="{local-name(.)}"><stx:value-of select="replace(., '[\S]+?', 'x')"/></stx:attribute>
</stx:template>

<stx:template match="Action/body/text() | */description/text() | Issue/environment/text() | Issue/summary/text() | NotificationInstance/email/text() | ChangeItem/newstring/text() | ChangeItem/oldstring/text() | FileAttachment/filename/text() | NotificationScheme/*/text() | PermissionScheme/*/text() | Resolution/*/text() | CustomFieldValue/textvalue/text() | Worklog/body/text()">
<stx:value-of select="replace(., '[\S]+?', 'x')"/>
</stx:template>

 You can absolutely modify these, therefore change what data will be replaced with "x" characters. Should not be very complicated, either.

Lynn Liu September 3, 2024

Thank you Aron!!!

Like Aron Gombas _Midori_ likes this
0 votes
Answer accepted
Benjamin
Community Champion
August 30, 2024

HI. @Lynn Liu 

 

Welcome to the community. I haven't an out of the box solution natively in Jira. I would suggest the same to try out the add-ons. Usually add-ons provide a 30 day trial.

 

IF you can go through your internal process and be permitted to install the plugin, then should test it out. You want to make sure it applies to all your use case. I couldn't see a reason why not since this is about making your data secure. All the best!

Lynn Liu September 3, 2024

Thank you Benjamin!!!

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events