Deleting sensitive data from global configurations and components by scrubbing them

You can remove classified or sensitive data from, or scrub, global configurations and components, including their change event history. Scrub these items to recover from data spills and to remove information that is now confidential but wasn't before, or to delete classified or sensitive information that shouldn't be revealed to a wider audience. Information is permanently deleted from the components or configurations, and cannot be recovered.

Before you begin

  • Ask a team member with JazzAdmin repository privileges to run the repotools-gc -dumpArtifacts command for all the project areas in the Global Configuration Management (GCM) application or a specific project area. This command writes the GCM components and configurations to the file system so that you can search for sensitive data. See the related task for details.
  • You must be assigned the GCM Administrator role or have permission to scrub components or types of configurations (streams, baselines, and so on).
Remember:
  • Important: The Scrub commands scrub only GCM components and configurations. To check for and remove sensitive data in other IBM® Engineering Lifecycle Management (ELM) applications, ask a user with JazzAdmin repository privileges or other ELM project area administrators to use the tools in those applications.

    In the related topic about ELM security considerations, see the section about deleting sensitive data and its links to procedures for other ELM applications.

  • When you scrub a component or configuration, data is deleted permanently from it and cannot be recovered. No copies of the deleted information are kept in the repository.
  • Tags, however, are removed only from the artifacts you scrub, and are not permanently deleted from the repository.
  • Database backups and GCM data outside the repository are not scrubbed. You must identify any such locations and decide whether to delete the data.

    For example, if your organization must ensure that no database backups contain sensitive data, you might decide to delete those backups. Then, after you scrub components or configurations in the project area, back up the database again. This approach helps ensure that sensitive data doesn't exist outside the repository, but limits the information you can restore.

  • Some GCM tasks, such as exporting GCM type information, collect personal information (such as user names and URIs) for audit purposes. The information is not stored in a component or configuration, so scrubbing does not remove it. See the Exporting and Importing type definitions and stored personal information wiki for details about data that's collected, where to find it, and how to delete it.

About this task

Use the following table to help you decide whether to scrub an entire item or only its history (change events).
Item to Scrub Entire Item Change Events
Component Choose this option if the component shows sensitive information now.
  • The following items are deleted:
    • Change events for the component
    • Attributes
    • Links
  • Tags are removed only from the component you scrub. If a tag is applied to other components, you can still find it in locations such as the tag tree. Remember, tags are not permanently deleted from the repository.
  • Configurations of the component are not scrubbed. If a configuration contains sensitive data, it is still exposed in the History view as part of the configuration's change events. Remember to scrub configurations that contain sensitive data.
  • The system renames the component to Scrubbed_random_string. You can rename it to suit your project needs.
Choose this option if the component does not show sensitive information now, but did previously.

Change events for the component (but not its configurations) are deleted.

Configuration (stream or baseline) Choose this option if the configuration shows sensitive information now.
  • Change events are deleted and no longer shown in the history view.
  • The following information is also deleted:
    • Attributes
    • Links
  • Tags are removed only from the configuration you scrub. If the tag is applied to other configurations, you can still find it in locations such as the tag tree. Remember, tags are not permanently deleted from the repository.
  • Nested global configurations and configurations from other ELM applications are removed.
  • The system renames the configuration to Scrubbed_random_string. You can rename it to suit your project needs.
Important: Be sure to also scrub configurations derived from this one, such as baselines and streams created from those baselines. For example, if you create a baseline when the stream has sensitive data, the data is also copied to that baseline. Any streams that you create from that baseline also contain the data, and so on.
Choose this option if the configuration does not show sensitive information now, but did previously.

Change events are deleted and no longer shown in the history view.

Procedure

  1. Identify the components and configurations that contain sensitive data. Complete one of the following steps, depending on the output that you receive from the user with JazzAdmin repository privileges who runs the repotools-gc -dumpArtifacts command.
    • If you receive a text file that contains the URLs of the components and configurations that contain sensitive data, go to step 2.
    • If you receive the output of the dumpArtifacts command:
      1. Search the output for the sensitive data.
        Tip:
        • Include encoded characters in your search: project area names might have encoded characters, for example, "Team1+Engine+Project", "Team1%60s+Engine+Project", and so on.
        • Search recursively.
      2. In each file that contains the search string, find the URL of the component or configuration. See the example.
        Tip: Consider copying the URLs into a text file to help you complete step 3 more quickly.
  2. Enable the Scrub commands. Click Administration Administration gear icon > Show Scrub Actions.
  3. Scrub the items that contain sensitive data.
    1. For each component or configuration that contains sensitive data, copy its URL into a browser.
    2. Click Scrub Scrub icon near the upper right corner of the page.
      Tip: For configurations, you can also select the command from the Actions menu beside the configuration name in the tree. You can scrub a configuration at any level in the tree.
    3. Choose whether to scrub the entire item or only the change events. See the table to help you decide.
  4. Optional: Verify that all sensitive data is removed.
    1. Ask a user with JazzAdmin repository privileges to run the repotools-gc -dumpArtifacts command again.
    2. Search the command output for sensitive data.
    If you find more items to scrub, repeat step 3.

Results

When the scrub finishes, tracked resource sets (TRS) update the GC resources data source in Lifecycle Query Engine (LQE). The GCM application and LQE then contain the same scrubbed information. No further steps are required to scrub GCM data in LQE.

Example

Your organization is working on a new car named "Super Car", which is now considered a secret name. Components and configurations that mention this name must be scrubbed so that all the sensitive data is deleted. After a JazzAdmin user runs the dumpArtifacts command:
  1. Search the command output recursively for the string "Super Car". You find the string in several files. Open those files and find the URLs of the items, as shown in these examples.
    Code fragment that identifies the URL of the component that contains the sensitive data
    Code fragment that identifies the URL of the configuration that contains the sensitive data
  2. Consider creating a text file that contains the URLs of the items that contain the string "Super Car". This step makes it faster for you to open the items that you might scrub.
  3. For each item that contains sensitive data, copy its URL into a browser window and decide whether to scrub the item.

What to do next

  • If you scrub entire components or configurations, consider renaming them from Scrubbed_random_string to something more meaningful.
  • To reduce the clutter on the page and Administration menu, hide the scrub commands when you finish scrubbing items. Click Administration Image shows the Administration gear icon > Hide Scrub Actions.
Remove sensitive data in other ELM applications:
  • Ask a user with JazzAdmin repository privileges or other ELM project area administrators to check for and remove sensitive data by using the tools in the other ELM applications, including LQE and the link index provider (LDX).

    In the related topic about ELM security considerations, see the section about deleting sensitive data and its links to procedures for other ELM applications.

    Note: Other ELM applications might use terms such as purge, redact, permanently deleting or delete from repository to refer to deleting sensitive data.

video icon Video

Jazz.net channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community

Jazz.net
Jazz.net forums
Jazz.net library

support icon Support

IBM Support Community
Deployment wiki