Open openBackhaul opened 2 years ago
So could we say in summary? Information that relates to a personal user can be contained in:
System User of AdministrationAdminstration Would it be sufficient to have users for specific roles like in Unix: e.g. AA-Admin user instead of alattoch/theinze?
Software (comments), Software Configuration (Config File)
Testcases
Documentation
Test protocols
eMails
could be passed in the http header from the presentation layer (what is outside) but is not required/interpreted.
==>There is no role based UseManagement implemented in the MW SDN Architecture today and no concrete plans today to add this into the MW SDN Architecture. So the only possible DPA impact today would be a personalized user within AA. ==>I will verify what measures we have to regard.
If named user e.g. alattoch are used within AdministratorAdminstartion Data Protection Measures are needed. This process will be triggered now. The process will document MW SDN in an Telefonica GDPL-Register. Two major requirements are seen by the DPA Experts now.
I am trying to derive concrete change requirements from the above text. The only place I can find such is the 6/9/2023 comment.
>>If named user e.g. alattoch are used within AdministratorAdminstartion Data Protection Measures are needed.
Yes, users are planned to be identified.
>>1. Time triggered deletion of all log and Traces Data after 30 days.
This should not be a problem as the records are stored in ElastiSearch.
ElastiSearch search allows configuring a maximum age of the records.
>>2. Complete deletion of named user logs after leaving Telefonica. In a first step, this requires manual read/write activity on the application data file of the AA. (Changing the administrators is not supported via API, neither as services, nor as OaM configuration.) In principle, it would be possible to provide an API for centralized initiation of a deletion of an administrator. This would raise organizational questions, e.g. who will initiate the deletion and does his/her tool support REST.
>>3. "Schutzbedarfsanalyse" need to be updated to document named AdminUsers. This would be an activity outside the scope of the ApplicationPattern.
Overall, I cannot identify a concrete need for a change to the ApplicationPattern in its v2.0.2 release. Consequently, I would like to move this issue into the next release.
- If we get informed that a named User will leave, than we need to delete him at the same working day. This can be covered by an operational process and we would not need a technical methode here.
we need a discription how to do and than we will include this within the operational manual.
Collection of aspects that might be in conflict with official rules:
Aspects we do not need to look into, because have already been solved in past: