Closed cudeso closed 2 years ago
m-terlinde
commented
2 years ago One note from my side: it would be ideal to make this field optional on a per export basis. In most cases, you will not need track your analysts and to keep it optional helps to keep the GDPR compliance according to data minimisation.
cudeso
commented
2 years ago If you work with multiple analysts on one case it's not always directly known who adds a specific event. Maybe instead of the username add the userid (integer) for compliancy reasons?
whikernel
commented
2 years ago For now the timeline export is done locally in JS with the data available in the current view. The user name or user ID are not part of it.
The event table actually don't have a created_by field, there's only the last update information. Which means the only way to trace back who created the event is by looking at the activity history. That's a good point, we'll add this field 👍
As for the export, we can try to add another button Download with users identifier int he dropdown.
GDPR compliance is actually a good question since the plafeform registers all activities by default to keep an automatic follow up of the investigations...
m-terlinde
commented
2 years ago @whikernel I think GDPR compliance regarding user's action isn't so hard. We have a good reason to save the analyst's account in combination with the timeline entry. This ensures transparency through the incident and I agree with @cudeso, that this is essential.
I'd like the option only for the export, because I doubt, that 90 % of the use cases for the export need the user transparency. E. g. I don't want customers to trace the analysts, etc.
Is your feature request related to a problem? Please describe. The CSV export of the events in the timeline does not contain the user/analyst who added the event. The data can be found via the activity log but it would be great if this is also included in the export.
Describe the solution you'd like Add "username" to the CSV export in event timeline