Fisheye and Crucible: Right of access by the data subject

はじめに

GDPR 第 15 条において、個人は自身に関連するどの個人データが処理されているか、およびその処理の正当性を把握する権利を有します。GDPR では、要求に応じ、この情報を個人に提供するするための正当な手順を踏む必要があります。製品内に保存されている個人データへのアクセス権を個人に提供する必要があるかどうか、およびその処理の妥当性はケースバイケースで異なり、判断を行う際には弁護士に意見を求めることをおすすめします。製品を通じて処理された個人データへのアクセス権を個人に提供する義務があると判断された場合、特定のアトラシアン製品でこれを行う方法について、以降の手順をご確認ください。

Version compatibility

All workarounds are compatible with Fisheye and Crucible 4.1 and later.

説明

The information on this page describes how and where personal data is processed within Fisheye and Crucible. 

Data storage

SQL database

Fisheye and Crucible uses HSQL, MS SQL, MySQL, Oracle or Postgres database.

Database location

You can find the database location in Administration > Database > URL. This location is stored in $FISHEYE_INST/config.xml file.

Personal data storage in SQL database

Table Column Personal data Editable by user? How to modify by admin How the personal data is used within the product
cru_base_star_model

cru_user_name

user name Yes. Go to User > Profile settings > Watches and remove all watches. Please follow the steps in Fisheye and Crucible: Right to erasure. User can watch items from Fisheye and Crucible, so they get informed about any updates.
cru_recently_visited cru_user_name user name いいえ User gets direct links to the items that were recently viewed by them.
cru_committer_user_mapping cru_committer_name user name Yes. Go to User > Profile settings > Author mapping > Delete. User is mapped with the author of revision from repository. Information about user will be displayed, instead of information obtained from repository.
cru_committer_user_mapping cru_user_name user name
cru_revision cru_author_name user name いいえ User is displayed as the revision author in Crucible review.
cru_user cru_user_name user name いいえ

Display information about user and identify their activity in the product. Email is also used to send messages about current activity.

cwd_application_alias

user_name

lower_user_name

user name いいえ

An ability to modify the data via Fisheye and Crucible UI depends on whether an internal or external user directory is used. In order to check which directories are being used, go to Administration > User Directories.

When the internal directory is used, you can edit user data via Administration > Users. Use Edit user, Delete user or ... > Rename actions.

Where an external directory is used, edit user data in that directory first, then perform a directory synchronisation. You can force a refresh via Administration > User Directories > Synchronize.

In order to update data that's not visible in the UI, follow the steps in Fisheye and Crucible: Right to erasure.

cwd_expirable_user_token user_name user name いいえ
cwd_expirable_user_token

email_address

email いいえ
cwd_membership

child_name

lower_child_name

user name いいえ
cwd_user

first_name

lower_first_name

first name

いいえ

cwd_user

last_name

lower_last_name

last name いいえ
cwd_user

display_name

lower_display_name

display name Yes/No. User > Profile settings
cwd_user

email_address

lower_email_address

email Yes/No. User > Profile settings
cwd_user

user_name

lower_user_name

user name いいえ


InfinityDB databases

Fisheye and Crucible persists indexed repository data in a proprietary InfinityDB database by BoilerBay. This is an EAV (Entity-Value-Attribute) store in proprietary format, accessible only via InfinityDB API (bundled with Fisheye and Crucible) code.

Database location

$FISHEYE_INST/var/cache/<repository name>/revcache/data.bin

Personal data storage in InfinityDB database

Entity type Personal data Editable by user? How to modify by admin How the personal data is used within the product
E102 (E_AUTHOR_TO_REVID) commit author いいえ

Fisheye mirrors information from source code repositories. Therefore, these repositories must be cleaned of personal data first, in order to remove them from Fisheye.

(warning) Re-importing and re-indexing repositories may be a costly and lengthy operation.

Code history may be treated as an audit log and be excluded from Article 17 of the GDPR.

Please read Fisheye and Crucible: Right to erasure for more details.

To provide the history of indexed repository.
E100 A4 (RevInfo.A_AUTHOR) commit author いいえ
E202 A3 (ChangeSetInfo.A_AUTHOR) commit author いいえ


Repository clones

Fisheye and Crucible clones some types of repositories (Git, Mercurial) for faster access and better indexing performance. 

Repository location

$FISHEYE_INST/var/cache/<repository-name>/clone

Personal data storage in repository clones

Entity type

Personal data

Editable by user?

How to modify by admin

How the personal data is used within the product
commit metadata

commit author, usually name, surname or nickname and author email

いいえ

The repository would have to be rewritten (to remove personal data) and re-cloned in Fisheye.

Please read Fisheye and Crucible: Right to erasure for more details.

To provide better performance. All information is also stored in the InfinityDB described above.

Lucene インデックス

Fisheye and Crucible uses a Lucene library to index repositories and code reviews for faster search operations.

Per-repository index location

$FISHEYE_INST/var/cache/<repository name>/idx1

$FISHEYE_INST/var/cache/<repository name>/idx2

Personal data storage in repository index

Entity type

Personal data

Editable by user?

How to modify by admin

How the personal data is used within the product
commit metadata

commit author, usually name, surname or nickname and author email

いいえ

The repository would have to be rewritten (to remove personal data), re-cloned and fully re-indexed in Fisheye.

Please read Fisheye and Crucible: Right to erasure for more details.

To search content related to the user.

Global cross-repository index

場所

$FISHEYE_INST/cache/globalfe

Personal data storage in global cross-repository index

Entity type

Personal data

Editable by user?

How to modify by admin

How the personal data is used within the product
commit metadata

commit author, usually name, surname or nickname and author email

いいえ

The repository would have to be rewritten (to remove personal data), re-cloned and fully reindexed in Fisheye. See Fisheye and Crucible: Right to erasure for more details.

To search content related to the user.

Global Crucible index

場所

$FISHEYE_INST/cache/cruidx

Personal data storage in global Crucible index

Entity type Personal data Editable by user? How to modify by admin How the personal data is used within the product

ReviewItem

user name of: review author, creator, moderator, reviewers, participants

いいえ

Please follows the steps in Fisheye and Crucible: Right to erasure.

To search content related to the user.

CommentItem

user name of comment author いいえ

StateChangeItem

user name of state change author いいえ

CompletionItem

user name of completion author いいえ

ReviewerJoinItem

user name of join author/reviewer いいえ

ユーザーディレクトリ

Fisheye and Crucible allows user management in an internal user directory and/or to connect to an external directory, such as Crowd, Jira, LDAP or Microsoft Active Directory. 

Location and content

Personal Data is kept in cwd_* tables, see SQL database section for more details.

ファイル システム

Personal data storage in file system

Entity type

場所

Personal data

Editable by user?

How to modify by admin

How the personal data is used within the product
Avatar file $FISHEYE_INST/var/data/avatars user photo Yes. Navigate to Profile settings > Profile and email > Profile picture. Please read Fisheye and Crucible: Right to erasure for more details. To help identify the user in the application.
アプリケーション ログ $FISHEYE_INST/var/logs user name いいえ Delete log files. To provide the history of server activity.
File attached to a code review

$FISHEYE_INST/var/data/uploads

unknown いいえ

Users can attach files to code reviews with any content.

Review and delete those files containing personal data.

Part of Crucible functionality to create reviews.
Backup files $FISHEYE_INST/backup those described in previous sections いいえ

There is no way of editing backup files to remove personal data from them.

We recommend defining a policy for storing backups. Please read Fisheye and Crucible: Right to erasure for more details.

To restore historical data.


Data import

Fisheye and Crucible imports data that may include personal data, from a number of sources:

Data use

Fisheye and Crucible use personal data, in order to provide functionality like:

  • presenting an author of a given change in the source code repository in various contexts: 
    • repository browser
    • repository commit history
    • search dialogs
    • repository reports
    • file history
    • file blame
  • user collaboration while performing a code review, for example:
    • being an author, moderator or reviewer
    • commenting on the review
    • tracking of time spent on a code review
  • executing actions on behalf of users, for example:
    • transitioning Jira issues via smart commits
    • creating Crucible code reviews via smart commits
  • showing people's statistics, such as:
    • number of commits in given repository
    • number of lines added / removed
  • presenting user profile (a photo, display name, email, user's activity)

Data export

Fisheye and Crucible allows you to export data (including personal data) in a number of ways:

制限事項

Fisheye and Crucible allows user management through external services (for example, Crowd, Jira, LDAP or Microsoft Active Directory). Personal data can also be obtained from the indexed repositories. You'll need to make any edits or deletions of personal data within the external system. 

Steps to delete personal data are covered in Fisheye and Crucible: Right to erasure.

その他の注意事項

お使いの製品バージョンに応じた制約がある可能性があります

上記に関連する GDPR 回避策は、本製品の最新バージョン用に最適化されていることにご注意ください。製品のレガシー バージョンを実行している場合、回避策の効果は限定的である可能性があります。この記事で案内されている回避策を最適化するには、最新の製品バージョンにアップグレードすることを検討してください。

サードパーティ製アドオンは、独自のデータベース テーブルまたはファイルシステム内に個人データを保存する可能性があります。

GDPR コンプライアンスへの取り組みに関する上記の記事は、アトラシアンのサーバーおよびデータセンター製品内に保存されている個人データのみを対象としています。サーバーまたはデータセンター環境にサードパーティ製アドオンをインストールしている場合、お客様のサーバーまたはデータセンター環境でアクセス、転送、または処理する可能性がある個人データと GDPR コンプライアンスへの取り組みについて、サードパーティのアドオン プロバイダにお問い合わせください。

サーバーまたはデータ センターのお客様の場合、アトラシアンはお客様が製品内で保存するように選択した個人データへのアクセス、保管、または処理は行いません。アトラシアンが処理する個人データの詳細については、プライバシー ポリシーを参照してください。

最終更新日 2018 年 11 月 19 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.