Fisheye and Crucible: Right of access by the data subject
はじめに
GDPR 第 15 条において、個人は自身に関連するどの個人データが処理されているか、およびその処理の正当性を把握する権利を有します。GDPR では、要求に応じ、この情報を個人に提供するするための正当な手順を踏む必要があります。製品内に保存されている個人データへのアクセス権を個人に提供する必要があるかどうか、およびその処理の妥当性はケースバイケースで異なり、判断を行う際には弁護士に意見を求めることをおすすめします。製品を通じて処理された個人データへのアクセス権を個人に提供する義務があると判断された場合、特定のアトラシアン製品でこれを行う方法について、以降の手順をご確認ください。
バージョンの互換性
All workarounds are compatible with Fisheye and Crucible 4.1 and later.
説明
The information on this page describes how and where personal data is processed within Fisheye and Crucible.
データ ストレージ
SQL database
Fisheye and Crucible uses HSQL, MS SQL, MySQL, Oracle or Postgres database.
Database location
You can find the database location in Administration > Database > URL. This location is stored in $FISHEYE_INST/config.xml file.
Personal data storage in SQL database
| 表 | 列 | Personal data | Editable by user? | How to modify by admin | How the personal data is used within the product |
|---|---|---|---|---|---|
| cru_base_star_model | cru_user_name | user name | Yes. Go to User > Profile settings > Watches and remove all watches. | Please follow the steps in Fisheye and Crucible: Right to erasure. | User can watch items from Fisheye and Crucible, so they get informed about any updates. |
| cru_recently_visited | cru_user_name | user name | いいえ | User gets direct links to the items that were recently viewed by them. | |
| cru_committer_user_mapping | cru_committer_name | user name | Yes. Go to User > Profile settings > Author mapping > Delete. | User is mapped with the author of revision from repository. Information about user will be displayed, instead of information obtained from repository. | |
| cru_committer_user_mapping | cru_user_name | user name | |||
| cru_revision | cru_author_name | user name | いいえ | User is displayed as the revision author in Crucible review. | |
| cru_user | cru_user_name | user name | いいえ | Display information about user and identify their activity in the product. Email is also used to send messages about current activity. | |
| cwd_application_alias | user_name lower_user_name | user name | いいえ | An ability to modify the data via Fisheye and Crucible UI depends on whether an internal or external user directory is used. In order to check which directories are being used, go to Administration > User Directories. When the internal directory is used, you can edit user data via Administration > Users. Use Edit user, Delete user or ... > Rename actions. Where an external directory is used, edit user data in that directory first, then perform a directory synchronisation. You can force a refresh via Administration > User Directories > Synchronize. In order to update data that's not visible in the UI, follow the steps in Fisheye and Crucible: Right to erasure. | |
| cwd_expirable_user_token | user_name | user name | いいえ | ||
| cwd_expirable_user_token | email_address | いいえ | |||
| cwd_membership | child_name lower_child_name | user name | いいえ | ||
| cwd_user | first_name lower_first_name | first name | いいえ | ||
| cwd_user | last_name lower_last_name | last name | いいえ | ||
| cwd_user | display_name lower_display_name | display name | Yes/No. User > Profile settings | ||
| cwd_user | email_address lower_email_address | Yes/No. User > Profile settings | |||
| cwd_user | user_name lower_user_name | user name | いいえ |
InfinityDB databases
Fisheye and Crucible persists indexed repository data in a proprietary InfinityDB database by BoilerBay. This is an EAV (Entity-Value-Attribute) store in proprietary format, accessible only via InfinityDB API (bundled with Fisheye and Crucible) code.
Database location
$FISHEYE_INST/var/cache/<repository name>/revcache/data.bin
Personal data storage in InfinityDB database
| Entity type | Personal data | Editable by user? | How to modify by admin | How the personal data is used within the product |
|---|---|---|---|---|
| E102 (E_AUTHOR_TO_REVID) | commit author | いいえ | Fisheye mirrors information from source code repositories. Therefore, these repositories must be cleaned of personal data first, in order to remove them from Fisheye.
Code history may be treated as an audit log and be excluded from Article 17 of the GDPR. Please read Fisheye and Crucible: Right to erasure for more details. | To provide the history of indexed repository. |
| E100 A4 (RevInfo.A_AUTHOR) | commit author | いいえ | ||
| E202 A3 (ChangeSetInfo.A_AUTHOR) | commit author | いいえ |
Re-importing and re-indexing repositories may be a costly and lengthy operation.Repository clones
Fisheye and Crucible clones some types of repositories (Git, Mercurial) for faster access and better indexing performance.
Repository location
$FISHEYE_INST/var/cache/<repository-name>/clone
Personal data storage in repository clones
Entity type | Personal data | Editable by user? | How to modify by admin | How the personal data is used within the product |
|---|---|---|---|---|
| commit metadata | commit author, usually name, surname or nickname and author email | いいえ | The repository would have to be rewritten (to remove personal data) and re-cloned in Fisheye. Please read Fisheye and Crucible: Right to erasure for more details. | To provide better performance. All information is also stored in the InfinityDB described above. |
Lucene インデックス
Fisheye and Crucible uses a Lucene library to index repositories and code reviews for faster search operations.
Per-repository index location
$FISHEYE_INST/var/cache/<repository name>/idx1
$FISHEYE_INST/var/cache/<repository name>/idx2
Personal data storage in repository index
Entity type | Personal data | Editable by user? | How to modify by admin | How the personal data is used within the product |
|---|---|---|---|---|
| commit metadata | commit author, usually name, surname or nickname and author email | いいえ | The repository would have to be rewritten (to remove personal data), re-cloned and fully re-indexed in Fisheye. Please read Fisheye and Crucible: Right to erasure for more details. | To search content related to the user. |
Global cross-repository index
場所
$FISHEYE_INST/cache/globalfe
Personal data storage in global cross-repository index
Entity type | Personal data | Editable by user? | How to modify by admin | How the personal data is used within the product |
|---|---|---|---|---|
| commit metadata | commit author, usually name, surname or nickname and author email | いいえ | The repository would have to be rewritten (to remove personal data), re-cloned and fully reindexed in Fisheye. See Fisheye and Crucible: Right to erasure for more details. | To search content related to the user. |
Global Crucible index
場所
$FISHEYE_INST/cache/cruidx
Personal data storage in global Crucible index
| Entity type | Personal data | Editable by user? | How to modify by admin | How the personal data is used within the product |
|---|---|---|---|---|
ReviewItem | user name of: review author, creator, moderator, reviewers, participants | いいえ | Please follows the steps in Fisheye and Crucible: Right to erasure. | To search content related to the user. |
CommentItem | user name of comment author | いいえ | ||
StateChangeItem | user name of state change author | いいえ | ||
CompletionItem | user name of completion author | いいえ | ||
ReviewerJoinItem | user name of join author/reviewer | いいえ |
ユーザーディレクトリ
Fisheye and Crucible allows user management in an internal user directory and/or to connect to an external directory, such as Crowd, Jira, LDAP or Microsoft Active Directory.
Location and content
Personal Data is kept in cwd_* tables, see SQL database section for more details.
ファイル システム
Personal data storage in file system
Entity type | 場所 | Personal data | Editable by user? | How to modify by admin | How the personal data is used within the product |
|---|---|---|---|---|---|
| Avatar file | $FISHEYE_INST/var/data/avatars | user photo | Yes. Navigate to Profile settings > Profile and email > Profile picture. | Please read Fisheye and Crucible: Right to erasure for more details. | To help identify the user in the application. |
| アプリケーション ログ | $FISHEYE_INST/var/logs | user name | いいえ | Delete log files. | To provide the history of server activity. |
| File attached to a code review | $FISHEYE_INST/var/data/uploads | unknown | いいえ | Users can attach files to code reviews with any content. Review and delete those files containing personal data. | Part of Crucible functionality to create reviews. |
| Backup files | $FISHEYE_INST/backup | those described in previous sections | いいえ | There is no way of editing backup files to remove personal data from them. We recommend defining a policy for storing backups. Please read Fisheye and Crucible: Right to erasure for more details. | To restore historical data. |
Data import
Fisheye and Crucible imports data that may include personal data, from a number of sources:
Data use
Fisheye and Crucible use personal data, in order to provide functionality like:
- presenting an author of a given change in the source code repository in various contexts:
- repository browser
- repository commit history
- search dialogs
- repository reports
- file history
- file blame
- user collaboration while performing a code review, for example:
- being an author, moderator or reviewer
- commenting on the review
- tracking of time spent on a code review
- executing actions on behalf of users, for example:
- transitioning Jira issues via smart commits
- creating Crucible code reviews via smart commits
- showing people's statistics, such as:
- number of commits in given repository
- number of lines added / removed
- presenting user profile (a photo, display name, email, user's activity)
Data export
Fisheye and Crucible allows you to export data (including personal data) in a number of ways:
- repository web hooks
- smart commits
- application links
- Java API
- REST API
- RSS Feeds
- repository activity
- user activity
- project activity
制限事項
Fisheye and Crucible allows user management through external services (for example, Crowd, Jira, LDAP or Microsoft Active Directory). Personal data can also be obtained from the indexed repositories. You'll need to make any edits or deletions of personal data within the external system.
Steps to delete personal data are covered in Fisheye and Crucible: Right to erasure.
その他の注意事項
お使いの製品バージョンに応じた制約がある可能性があります
上記に関連する GDPR 回避策は、本製品の最新バージョン用に最適化されていることにご注意ください。製品のレガシー バージョンを実行している場合、回避策の効果は限定的である可能性があります。この記事で案内されている回避策を最適化するには、最新の製品バージョンにアップグレードすることを検討してください。
サードパーティ製アドオンは、独自のデータベース テーブルまたはファイルシステム内に個人データを保存する可能性があります。
GDPR コンプライアンスへの取り組みに関する上記の記事は、アトラシアンのサーバーおよびデータセンター製品内に保存されている個人データのみを対象としています。サーバーまたはデータセンター環境にサードパーティ製アドオンをインストールしている場合、お客様のサーバーまたはデータセンター環境でアクセス、転送、または処理する可能性がある個人データと GDPR コンプライアンスへの取り組みについて、サードパーティのアドオン プロバイダにお問い合わせください。
サーバーまたはデータ センターのお客様の場合、アトラシアンはお客様が製品内で保存するように選択した個人データへのアクセス、保管、または処理は行いません。アトラシアンが処理する個人データの詳細については、プライバシー ポリシーを参照してください。