Deleting sensitive data from global configurations and components by scrubbing them
You can remove classified or sensitive data from, or scrub, global configurations and components, including their change event history. Scrub these items to recover from data spills and to remove information that is now confidential but wasn't before, or to delete classified or sensitive information that shouldn't be revealed to a wider audience. Information is permanently deleted from the components or configurations, and cannot be recovered.
Before you begin
- Ask a team member with JazzAdmin repository privileges to run the repotools-gc -dumpArtifacts command for all the project areas in the Global Configuration Management (GCM) application or a specific project area. This command writes the GCM components and configurations to the file system so that you can search for sensitive data. See the related task for details.
- You must be assigned the GCM Administrator role or have permission to scrub components or types of configurations (streams, baselines, and so on).
Important: The Scrub commands scrub only GCM components and configurations. To check for and remove sensitive data in other IBM® Engineering Lifecycle Management (ELM) applications, ask a user with JazzAdmin repository privileges or other ELM project area administrators to use the tools in those applications.
In the related topic about ELM security considerations, see the section about deleting sensitive data and its links to procedures for other ELM applications.
- When you scrub a component or configuration, data is deleted permanently from it and cannot be recovered. No copies of the deleted information are kept in the repository.
- Tags, however, are removed only from the artifacts you scrub, and are not permanently deleted from the repository.
- Database backups and GCM data outside the repository are not scrubbed. You must identify any
such locations and decide whether to delete the data.
For example, if your organization must ensure that no database backups contain sensitive data, you might decide to delete those backups. Then, after you scrub components or configurations in the project area, back up the database again. This approach helps ensure that sensitive data doesn't exist outside the repository, but limits the information you can restore.
- Some GCM tasks, such as exporting GCM type information, collect personal information (such as user names and URIs) for audit purposes. The information is not stored in a component or configuration, so scrubbing does not remove it. See the Exporting and Importing type definitions and stored personal information wiki for details about data that's collected, where to find it, and how to delete it.
About this task
|Item to Scrub||Entire Item||Change Events|
|Component||Choose this option if the component shows sensitive information now.
||Choose this option if the component does not show sensitive information now, but did
Change events for the component (but not its configurations) are deleted.
|Configuration (stream or baseline)||Choose this option if the configuration shows sensitive information now.
Important: Be sure to also scrub configurations derived from this one, such as baselines and streams created from those baselines. For example, if you create a baseline when the stream has sensitive data, the data is also copied to that baseline. Any streams that you create from that baseline also contain the data, and so on.
|Choose this option if the configuration does not show sensitive information now, but did
Change events are deleted and no longer shown in the history view.
Identify the components and configurations that contain sensitive data. Complete one of the
following steps, depending on the output that you receive from the user with JazzAdmin repository
privileges who runs the repotools-gc -dumpArtifacts command.
- If you receive a text file that contains the URLs of the components and configurations that contain sensitive data, go to step 2.
- If you receive the output of the dumpArtifacts command:
- Search the output for the sensitive data. Tip:
- Include encoded characters in your search: project area names might have encoded characters, for example, "Team1+Engine+Project", "Team1%60s+Engine+Project", and so on.
- Search recursively.
- In each file that contains the search string, find the URL of the component or configuration.
See the example. Tip: Consider copying the URLs into a text file to help you complete step 3 more quickly.
- Search the output for the sensitive data.
- Enable the Scrub commands. Click .
Scrub the items that contain sensitive data.
- For each component or configuration that contains sensitive data, copy its URL into a browser.
near the upper right corner of the page.
Tip: For configurations, you can also select the command from the Actions menu beside the configuration name in the tree. You can scrub a configuration at any level in the tree.
- Choose whether to scrub the entire item or only the change events. See the table to help you decide.
Verify that all sensitive data is removed.
If you find more items to scrub, repeat step 3.
- Ask a user with JazzAdmin repository privileges to run the repotools-gc -dumpArtifacts command again.
- Search the command output for sensitive data.
- Search the command output recursively for the string "Super Car". You
find the string in several files. Open those files and find the URLs of the items, as shown in these
- Consider creating a text file that contains the URLs of the items that contain the string "Super Car". This step makes it faster for you to open the items that you might scrub.
- For each item that contains sensitive data, copy its URL into a browser window and decide whether to scrub the item.
What to do next
- If you scrub entire components or configurations, consider renaming them from Scrubbed_random_string to something more meaningful.
- To reduce the clutter on the page and Administration menu, hide the scrub commands when you finish scrubbing items. Click .
- Ask a user with JazzAdmin repository privileges or other ELM project
area administrators to check for and remove sensitive data by using the tools in the other ELM
applications, including LQE and the
link index provider (LDX).
In the related topic about ELM security considerations, see the section about deleting sensitive data and its links to procedures for other ELM applications.Note: Other ELM applications might use terms such as purge, redact, permanently deleting or delete from repository to refer to deleting sensitive data.