-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[GDPR] As a Che user, I want to have a possibility to delete all the data related to my account #17541
Comments
Technically solve this issue not hard we can call KeyClock REST API on |
@vparfonov can't we simply retrieve the secret during the che server startup (for the internal keycloak I mean). Basically we need to retrieve the |
Can we cover this task as documentation? Explaining for admin what to do. I think Che server should not be responsible for deleting users from keycloak. They are already too much coupled. CC @l0rd |
@skabashnyuk we can document it, but we do need to automate this process - single API call removes all the user-related data |
@l0rd What do you think? Looks like we need your point of view here. |
@vparfonov I believe Mario already provided his POV in the doc related issue - #17500 (comment) |
Are we really sure we want to complicate Che with something that is IMHO a disputable solution? IMHO the IDM server is in the large percentage of cases used by more than just Che, in which case this functionality makes no sense. Wouldn't it be easier to have a separate script/microservice dedicated to this rather than complicate Che server with something that only a (IMHO) small minority of users will appreciate? |
If the Che server creates a new user in Keycloak the Che server API should provide an option to delete every bit related to that user from Keycloak. |
I also would like to notice that using |
This issue about removing user data As a Che user |
Probably for Toolchain will be enough just disable user in Keycloak, in this case user can't login anymore and don't need to remove any data. WDYT @alexeykazakov ? |
Unfortunately it won't be enough.
|
@alexeykazakov can you disable user instead of removing it from keycaloak? |
If I don't delete the user from KC then I can't even login to Che after re-creating the OpenShift user. |
It seems we have more data associated with user which have to be deleted as well. |
@gazarenkov you don't need to worry about that. All associated with user entities would be automatically removed during user removal. |
thanks, I probably misunderstand of what we previously discussed (specifically related to workspaces). Good to know! |
Is your task related to a problem? Please describe.
As a Che user, I want to have the possibility to delete all the data related to my account. Currently,
curl -X DELETE
http(s)://{che-host}/api/user/{id}` API only deletes a user from the db, but not from keycloak.Describe the solution you'd like
In order to be GDPR compliant https://www.eclipse.org/che/docs/che-7/removing-user-data/#gdpr
curl -X DELETE
http(s)://{che-host}/api/user/{id}`` should not only delete user from db, but also delete it from the keycloakDescribe alternatives you've considered
N/A
Additional context
in the next iteration, we could also consider removal all the k8s namespaces associated with the user (not part of this task - initially clenup of db + keycloak is enough)
The text was updated successfully, but these errors were encountered: