Permanently deleting users from a Galaxy instance

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Permanently deleting users from a Galaxy instance

Peter Briggs
Hello

I'm wondering if there is an option to permanently delete a user account from a Galaxy instance, for example to comply with GDPR (for those of us running public Galaxy instances).

The admin interface provides "delete" and "purge" options for user accounts, but neither of these seems to permanently remove an account - the deleted accounts are still visible and can be undeleted (at least, in Galaxy 17.09). It's also unclear to me what "purge" does in this case - I wasn't able to find any documentation on these user management options.

As I understand it, under GDPR a person can request to have all their personal data removed from a database, but neither of the above options would be sufficient to leave the database compliant with GDPR in this case (as at the very least the email address - which I understand constitutes personal information in this context - would remain in the database).

Is there any way within Galaxy to truly permanently remove a user account?

Thanks in advance for any advice on this,

Best wishes

Peter

--
Peter Briggs [hidden email]
Bioinformatics Core Facility University of Manchester
B.1083 Michael Smith Bldg Tel: (0161) 2751482

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/
Reply | Threaded
Open this post in threaded view
|

Re: Permanently deleting users from a Galaxy instance

E. Rasche
Hi Peter,

On 2018-06-11, Peter Briggs wrote:
> Hello
>
> I'm wondering if there is an option to permanently delete a user account from a Galaxy instance, for example to comply with GDPR (for those of us running public Galaxy instances).

I implemented the `beta_gdpr_mode` in Galaxy 18.05. Please find the pull
request here: https://github.com/galaxyproject/galaxy/pull/6069
In case you are interested how this functionality was implemented

And it is documented in the release notes here:
https://docs.galaxyproject.org/en/release_18.05/releases/18.05_announce.html#highlights

And in the admin documentation here:
https://docs.galaxyproject.org/en/master/admin/special_topics/gdpr_compliance.html
(but that documentation needs to be updated.)

> The admin interface provides "delete" and "purge" options for user accounts, but neither of these seems to permanently remove an account - the deleted accounts are still visible and can be undeleted (at least, in Galaxy 17.09). It's also unclear to me what "purge" does in this case - I wasn't able to find any documentation on these user management options.

I believe it's the same distinction made with histories

- deleted = "cleanup in some time"
- purged = "fine to cleanup now"

> As I understand it, under GDPR a person can request to have all their personal data removed from a database, but neither of the above options would be sufficient to leave the database compliant with GDPR in this case (as at the very least the email address - which I understand constitutes personal information in this context - would remain in the database).

Yes, our current opinion is that only the email address +
username + any addresses on file must be wiped.

This feature is available to you when you turn on this mode.

> Is there any way within Galaxy to truly permanently remove a user account?
>
> Thanks in advance for any advice on this,
>
> Best wishes
>
> Peter
>
> --
> Peter Briggs [hidden email]
> Bioinformatics Core Facility University of Manchester
> B.1083 Michael Smith Bldg Tel: (0161) 2751482
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>   https://lists.galaxyproject.org/
>
> To search Galaxy mailing lists use the unified search at:
>   http://galaxyproject.org/search/
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/
Reply | Threaded
Open this post in threaded view
|

Re: Permanently deleting users from a Galaxy instance

Peter Briggs
Hello Eric

Thanks for the fulsome reply - that looks awesome!

Looks like an upgrade to 18.05 is needed for our servers.

Thanks for your efforts on this,

Best wishes

Peter

--
Peter Briggs [hidden email]
Bioinformatics Core Facility University of Manchester
B.1083 Michael Smith Bldg Tel: (0161) 2751482


________________________________________
From: [hidden email] [[hidden email]]
Sent: Monday, June 11, 2018 10:20 AM
To: Peter Briggs
Cc: [hidden email]
Subject: Re: [galaxy-dev] Permanently deleting users from a Galaxy instance

Hi Peter,

On 2018-06-11, Peter Briggs wrote:
> Hello
>
> I'm wondering if there is an option to permanently delete a user account from a Galaxy instance, for example to comply with GDPR (for those of us running public Galaxy instances).

I implemented the `beta_gdpr_mode` in Galaxy 18.05. Please find the pull
request here: https://github.com/galaxyproject/galaxy/pull/6069
In case you are interested how this functionality was implemented

And it is documented in the release notes here:
https://docs.galaxyproject.org/en/release_18.05/releases/18.05_announce.html#highlights

And in the admin documentation here:
https://docs.galaxyproject.org/en/master/admin/special_topics/gdpr_compliance.html
(but that documentation needs to be updated.)

> The admin interface provides "delete" and "purge" options for user accounts, but neither of these seems to permanently remove an account - the deleted accounts are still visible and can be undeleted (at least, in Galaxy 17.09). It's also unclear to me what "purge" does in this case - I wasn't able to find any documentation on these user management options.

I believe it's the same distinction made with histories

- deleted = "cleanup in some time"
- purged = "fine to cleanup now"

> As I understand it, under GDPR a person can request to have all their personal data removed from a database, but neither of the above options would be sufficient to leave the database compliant with GDPR in this case (as at the very least the email address - which I understand constitutes personal information in this context - would remain in the database).

Yes, our current opinion is that only the email address +
username + any addresses on file must be wiped.

This feature is available to you when you turn on this mode.

> Is there any way within Galaxy to truly permanently remove a user account?
>
> Thanks in advance for any advice on this,
>
> Best wishes
>
> Peter
>
> --
> Peter Briggs [hidden email]
> Bioinformatics Core Facility University of Manchester
> B.1083 Michael Smith Bldg Tel: (0161) 2751482
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>   https://lists.galaxyproject.org/
>
> To search Galaxy mailing lists use the unified search at:
>   http://galaxyproject.org/search/
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/