SV: PII data in DevTest Tables
search cancel

SV: PII data in DevTest Tables

book

Article ID: 271781

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

Regarding the IAM Database:

- When deleting a user, is all their PII in this database deleted as well (except PII in the Admin Events and Login Events)?

 

Regarding the Enterprise Dashboard Database:

- are there only usernames stored or are there other types of PII present as well?

- in which tables exactly are PII stored?

- is there another way of deleting PII than deleting manually inside the database?

 

Regarding MAR files:

- are PII present only in MAR files that are downloaded by users or are there PII in the MAR files stored on the application server as well? 

- can MAR-files present on the file system be deleted or will this have any impact on the application?

 

 

Environment

All supported DevTest releases.

Cause

N/A

Resolution

Regarding the IAM Database:

- When deleting a user, is all their PII in this database deleted as well (except PII in the Admin Events and Login Events)?

Answer: 
There is no PII data in this database except UserId.  

As per earlier case: If you've configured IAM User Federation to integrate with a third-party single sign-on application, or LDAP/LDAPS, IAM does not store user data in the IAM database. We rely on the third-party app to validate the credentials. So it's possible that the IAM database does not contain any user data. However, the Enterprise Dashboard reports and MAR files would still contain account information.


Regarding the Enterprise Dashboard Database:

- are there only usernames stored or are there other types of PII present as well?

Answer:
There is no PII data in this database except UserId.

- in which tables exactly are PII stored?

Answer:
ACCESS_EVENT_LOG - userid

- is there another way of deleting PII than deleting manually inside the database?

Answer:
No, not at this time.  This database stores audit data, so before running any deletes manually reports would have to be pulled.


Regarding MAR files:

- are PII present only in MAR files that are downloaded by users or are there PII in the MAR files stored on the application server as well? 

Answer:
username name that was used to create the MAR file, is stored in the MAR file.

- can MAR-files present on the file system be deleted or will this have any impact on the application?

Answer:
MAR files can be deleted, whether a test case or a virtual service from the application server.  


I am adding information regards the Registry Database:

Tables with username data:
ACL_AUDIT_LOG
ACL_USERS
HST_TEST_RUN
HST_SUITE_RUN

Even if the Username is deleted from IAM, the username will still show in the ACL tables for historical purposes except for HST_TEST_RUN and HST_SUITE_RUN, that data can be removed with our Report Cleaner tool.  The default for that is every 30 days.

The report cleaner will delete the metric data in the HST tables by default every 30 days.  You can change this to be a different time.  Please refer to this documentation link:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/devops/devtest-solutions/10-7/administering/database-administration/database-maintenance.html

Powered by Wolken Software