Details
-
Bug
-
Status: Draft (View Workflow)
-
P3
-
Resolution: Unresolved
-
24.0.0
-
None
-
CP: ready for planning, DevOps: Sprint 95
-
Core: Platform
Description
The current RMB implementation of metadata (createdDate, createdByUserId, updatedDate, updatedByUserId) resides in RestVerticle.java and the database triggers in metadata.ftl and has these capabilities:
Removing createdByUserId works (requires an UPDATE command for both created_by and jsonb->'metadata'->>'createdByUserId' though).
Removing updatedDate works.
Removing updatedByUserId works.
Removing only createdDate or removing both createdDate and createdByUserId doesn't work:
On each subsequent update updatedDate and updateByUserId are written to createdDate and createdByUserId.
In addition the metadata triggers are implemented in a complicated way using the two extra fields creation_date and created_by. These fields are not needed because the trigger automatically provides these values as OLD.createdDate and OLD.createdByUserId.
Suggested solution:
Rewrite the metadata triggers without the extra fields.
Make createdDate an optional field (currently: required by metadata.schema).
Allow to remove any of the 4 metadata fields.
createdDate and createdByUserId remain unset on subsequent updates after they have been deleted.
Explain how to anonymize/scrub the metadata fields in RMB's README.
Open question:
Currently anonymizing/scubbing metadata via the PUT endpoint does not work because RestVerticle overwrites the values.
Do we want to allow the PUT endpoint to remove some metadata field by allowing a null value in any of the four fields to indicate that the field value should be removed? If yes, should this require special privileges ("metadata.delete")?
TestRail: Results
Attachments
Issue Links
- relates to
-
RMB-125 no way to indicate a removal of the metadata trigger in the schema.json
-
- Closed
-
-
RMB-353 Metadata without user id
-
- Closed
-
-
RMB-373 Enable/disable logging date and user per tenant and table
-
- Open
-
-
UXPROD-288 GDPR User-centric Anonymisation
-
- Open
-